How we handle your data.

EffectiveMay 16, 2026 Last updatedMay 16, 2026

The short version

We collect what we need to run LiveEPK and nothing else. We don't sell your data. Payments are handled by Stripe; we never see your card number. Your EPK content belongs to you. If you want your account and data deleted, email us and we'll do it.

Who this is from

LiveEPK is a trade name of a Texas sole proprietorship operated by Jerod Johnson. In this policy, "we" means LiveEPK and "you" means the person using the service.

You can reach us at [email protected] for any privacy question.

What we collect

We collect three categories of data:

Account information

Email address when you sign up.
Password as a salted hash (we never see your plaintext password) or a Google account identifier if you sign in with Google.
Display name and any profile info you add.

EPK content you create

Everything you put into your EPK: bio text, photos, audio and video links, tour dates, press quotes, contact information, downloadable files, and so on. We host this so it can be served from your subdomain.
Asset library contents (Standard tier): photos, audio files, video links, press quotes, and contacts you've uploaded for reuse across your EPK and emails.
Email composer drafts (Standard tier): emails you've composed using the email tool. We store these so you can edit and reuse them. We do not send emails on your behalf; you send them yourself through your own email account.

Usage and technical data

Standard server logs: IP address, browser type, pages visited, timestamps. Kept for a limited time for security and debugging.
Analytics: aggregate usage data via Google Analytics, used to understand which features get used and where the marketing site converts. You can opt out by using a browser extension or do-not-track setting.
Cookies and similar: we set a small number of cookies for authentication (keeping you signed in) and analytics. We do not use advertising or cross-site tracking cookies.

Payment data

Billing handled entirely by Stripe. When you subscribe to Basic or Standard, you enter your card details directly into Stripe's checkout page. Stripe stores your card; we don't. We receive only metadata from Stripe: your subscription status, plan tier, billing email, and the last four digits of your card for display in your account.
Stripe's own privacy policy applies to anything you submit to their checkout: stripe.com/privacy.

Why we collect it

Every piece of data above maps to a specific reason:

To run the service. We can't host your EPK at a subdomain without knowing which content goes where.
To bill you. Stripe needs payment information to charge you; we need to know your tier to give you the right features.
To support you. If you write to us, we need your email to write back.
To keep things working and secure. Server logs catch bugs and abuse.
To improve the product. Analytics tells us which templates and features get used.

We don't use your data for behavioral advertising, profile-building, or sale to third parties. We don't train any AI models on your EPK content.

Who we share it with

We share the minimum data needed with a small set of service providers, each bound by their own privacy commitments:

Stripe (payment processing) . payment details, billing email.
Supabase (database and authentication hosting) . your account data and EPK content.
Our hosting and DNS providers . the data needed to serve your subdomain.
Google Analytics . anonymized usage data.
Email delivery services we use for transactional email (e.g. welcome emails, password resets, billing notices) . your email address and the contents of those messages.

We will disclose information if required by valid legal process (subpoena, court order) or if necessary to protect the safety of users or the public. We do not sell your information to anyone.

Publicly visible information

Your EPK is, by design, intended to be public. Anything you put into a published EPK is visible to anyone who has the URL. This includes your bio, photos, contact info, links, and any other content you've added.

If you don't want something to be public, don't publish it. The Free tier keeps your EPK in private preview mode . it is not indexed and is not accessible without your preview URL.

How long we keep it

Account and EPK content: for as long as your account is active. If you cancel your subscription, your subdomain stays held for 90 days (Standard) or 365 days (Basic), then is released. Your account and content remain in our database until you ask us to delete them.
Payment records: we retain billing records (transaction history, invoices) as required by U.S. tax law, typically up to seven years.
Server logs: typically retained for up to 90 days, then rotated.
Analytics data: per Google Analytics retention settings, typically 14 months in aggregate form.

Your rights

Regardless of where you live, you can ask us to:

Access the personal data we have about you.
Correct anything that's wrong.
Delete your account and the content tied to it. We'll honor this even if it means breaking links to your EPK . your EPK URL will go offline and the content will be removed from our database (some backup retention may apply briefly for technical reasons).
Export your EPK content in a portable format.
Opt out of non-essential analytics.

To exercise any of these, write to [email protected] from the email address tied to your account. We aim to respond within 30 days.

If you're in the European Union or United Kingdom

You have the rights above under the GDPR and UK GDPR, and you may also lodge a complaint with your local data protection authority. The legal bases we rely on are: performance of a contract (running the service for you), legitimate interests (basic analytics and security), and consent (where you give it, e.g. optional cookies). We do not transfer data outside the U.S. except as part of the standard operation of our service providers (Stripe, Supabase, Google), each of which has its own cross-border transfer safeguards.

If you're in California

You have rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what we collect and the right to deletion described above. We do not "sell" or "share" personal information as those terms are defined under California law.

Children

LiveEPK is for working musicians and is not directed at children under 13. We don't knowingly collect personal information from anyone under 13. If you're a parent or guardian and believe your child has signed up, write to us and we'll delete the account.

Security

We take reasonable measures to protect your data: passwords are hashed, payments go through Stripe over TLS, our database is hosted with industry-standard protections. No system is perfectly secure; if a breach affects your data, we'll notify you as soon as we reasonably can, consistent with applicable law.

Changes to this policy

If we update this policy in a way that materially changes how we handle your data, we'll update the "Last updated" date at the top and, where appropriate, notify you by email or through the dashboard. Continuing to use LiveEPK after a change means you accept the updated policy.

Questions

Any privacy question goes to [email protected]. We read these ourselves and reply.