Legal

Privacy Policy

Transparency matters to us. This Privacy Policy outlines the data we collect, how we use it, and the choices you have when you interact with Naturl Audio.

PRIVACY POLICY

Naturl Audio, Inc. - PRIVACY POLICY November 2025

Naturl Audio, Inc. (Delaware, USA; HQ Austin, Texas). Contact: [email protected]

1. Scope & Roles

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our websites, storefronts, and software (the “Services”). It also describes your rights and choices under applicable privacy laws.

Relation to our EULA: Our EULA permits license activation/validation checks and describes optional analytics. This policy provides the privacy detail behind those features.

2. Categories of Information We Collect

  1. Account & transaction data — name, email, billing/shipping address, purchase history, license(s), rent‑to‑own (RTO) status, and limited payment details (tokenized/last 4; full payment data handled by our payment processor). Purpose: checkout, fraud prevention, support, and tax/records. Sources: you; our payment/ecommerce provider(s).
  2. License activation & device data — license/account identifiers, device/OS identifiers, IP‑derived region, and version/build metadata. Purpose: activation, periodic license validation, and misuse detection per EULA §5.1. Legal basis: performance of a contract; legitimate interests (anti‑fraud). Frequency: periodic server calls.
  3. Usage & diagnostics — crash logs, performance events, error codes; optional product analytics (feature usage). Analytics are disabled by default in jurisdictions requiring consent. Purpose: stability and product improvement. Legal basis: consent where required; otherwise legitimate interests.
  4. Site/device data — IP address, country/region, browser/OS, pages viewed, referrers, cookie identifiers; and (optionally) analytics/advertising identifiers if you consent (EU/UK) or don’t opt out (certain U.S. states). Purpose: site security, performance, analytics, and marketing.
  5. Support & communications — messages, attachments (including any audio you voluntarily send us), troubleshooting data. Purpose: assist you; deter abuse; train support staff (not AI model training). Legal basis: contract/legitimate interests.
  6. Marketing preferences — newsletter opt‑ins and campaign engagement. Legal basis: consent (EU/UK) or legitimate interests with opt‑out.

3. Purposes & Legal Bases

  • Provide the Services (checkout, licensing, RTO, updates, support) — Contract.
  • Operate & secure (fraud prevention, license compliance, abuse detection, service integrity) — Legitimate interests.
  • Improve (debug, quality, features; analytics optional) — Consent where required; otherwise legitimate interests.
  • Market (newsletters/discounts; targeted ads where permitted) — Consent in EU/UK; legitimate interests with opt‑out elsewhere.
  • Comply with law (tax, accounting, regulatory) — Legal obligation.
  • Defend rights (security, IP enforcement) — Legitimate interests.

4. Cookies & Similar Technologies

Types: essential (login, cart, checkout, license portal), analytics, and advertising pixels.

Consent: in the EU/UK, we set only essential cookies until you provide opt‑in consent for non‑essential cookies via Cookie Settings.

Do Not Track (DNT): industry handling is inconsistent; we rely on your explicit cookie choices.

Global Privacy Control (GPC): if your browser sends a GPC signal, we treat it as a request to opt‑out of “sale”/“sharing”/targeted advertising where applicable.

5. Targeted Advertising (U.S. State Laws)

We do not sell your personal information for money. Where our use of advertising or analytics partners might be deemed “sharing” or “targeted advertising,” you can opt out at any time and we honor Global Privacy Control (GPC). We provide a “Do Not Sell or Share My Personal Information” link in the site footer.

6. Disclosures to Others

We disclose personal information to: (i) service providers/processors (ecommerce/payment, license hosting, cloud, email delivery, crash/diagnostics, customer support); (ii) fraud & security partners; (iii) legal/compliance (lawful requests, tax); and (iv) in corporate transactions (merger/acquisition). We require processors to protect your information and use it only under our instructions.

7. International Transfers

We host and process data in the U.S. (and possibly other countries through our providers). For EEA/UK data, we rely on EU Standard Contractual Clauses (SCCs) and, where applicable, the UK Addendum/IDTA and other lawful transfer tools.

8. Retention

  • Account/order records: order life + up to 7 years (tax/records).
  • License activation data: active license life + up to 1–2 years (anti‑fraud/audit).
  • Crash logs/diagnostics: 90–180 days (unless longer needed for an unresolved issue).
  • Marketing lists: until you unsubscribe or withdraw consent (then we keep a minimal suppression record).
  • Support tickets: 3–5 years (knowledge base/defense).

We may extend retention if required by law or to establish/defend legal claims.

9. Your Rights & Choices

EU/EEA/UK (GDPR/UK GDPR): access, rectification, erasure, portability, restriction, objection (including to profiling for direct marketing), and withdrawal of consent. You may lodge a complaint with your supervisory authority. We provide updates necessary to keep digital content in conformity when legally required.

United States (state privacy laws): depending on your state (e.g., CA, CO, CT, VA, UT, OR, TX), you may have rights to know, access, correct, delete, portability, and opt‑out of sale/sharing/targeted advertising, and to limit certain uses of sensitive data. We honor GPC where recognized and provide an appeal process for denied requests.

Submit requests: [email protected]. We verify your request and respond within the applicable timeframe. Authorized agents may act where permitted.

10. Security

We use reasonable technical and organizational measures (encryption in transit, access controls, least‑privilege, network safeguards). No system is 100% secure; please use strong passwords and keep your OS/software up to date.

11. Automated Decision-Making

We do not engage in fully automated decision‑making that produces legal or similarly significant effects. Any anti‑fraud screening is limited and proportionate.

12. Emails, Newsletters & Marketing

You can unsubscribe at any time via the link in our emails or by contacting us. In the EU/UK we rely on consent; elsewhere we may rely on legitimate interests with an opt‑out.

13. Audio & Content You Send Us

If you voluntarily send audio/projects to support, we access them only to troubleshoot your request and delete them after resolution unless lawfully needed longer (e.g., to reproduce a crash).

14. Changes to this Policy

We will post updates here and, for material changes, provide reasonable notice. Continued use after the effective date constitutes acceptance of the updated policy.

15. Interaction with Our EULA

Activation/validation: periodic license validation (limited identifiers) to enforce entitlements, as disclosed in EULA §5.1. Legal bases: contract & legitimate interests.

Analytics: optional/opt‑in where required; separate from mandatory license validation (EULA §5.2).

Black‑box/server‑side: our EULA bars exposing plug‑in parameters to third parties; this policy clarifies we do not ingest your project audio by default.

16. Regional Addenda

EU/EEA & UK Consumer Digital Content: we will provide security/feature updates necessary to keep digital content in conformity during the period required by law. Your local courts remain available and your mandatory rights supersede conflicting terms.

Australia: nothing here excludes or limits rights you have under the Australian Consumer Law (ACL). Remedies are available for major failures.

How to Contact Us

Email: [email protected]