Privacy policy

Last updated: July 1, 2026


East Rock Entertainment LLC, doing business as East Rock Entertainment ("East Rock," "we," "us," or "our"), respects your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information when you visit eastrockent.com, shopeastrock.com, or another website or page that links to this Privacy Policy; purchase or use our products or services; apply for or participate in artist, distribution, publishing, label, or other professional services; communicate with us; or otherwise interact with us (collectively, the "Services").


Our Services include physical merchandise and print-on-demand products, CDs and other physical media, digital music and downloads, gift cards, subscriptions and recurring purchases, consultations, appointments, studio and creative services, music distribution and publishing administration, artist and label services (including "Record Label in a Box"), and related offerings that we may make available.


This Privacy Policy does not apply to a third party's website, platform, or service that has its own privacy notice. If you interact with East Rock in an employment or contractor capacity, a different notice may apply. A contract or service agreement may also contain additional privacy terms. If this Privacy Policy conflicts with our Terms of Service regarding how we collect, use, or disclose personal information, this Privacy Policy controls.


1. Quick Summary

  • We collect information needed to operate an ecommerce and music-services business, fulfill physical and digital orders, administer subscriptions, provide artist and label services, prevent fraud, communicate with you, and market our offerings.
  • Shopify hosts our store and processes information to provide and improve the shopping experience. Print, manufacturing, fulfillment, shipping, payment, digital-delivery, music-industry, and professional-service partners receive information when needed to perform their services.
  • We use cookies and similar technologies for store operation, analytics, personalization, and advertising. Some advertising disclosures may be considered a "sale," "sharing," or use for "targeted advertising" under certain U.S. state laws even though we do not sell personal information for money.
  • You may opt out of sale, sharing, or targeted advertising through our Privacy Choices page or a recognized opt-out preference signal such as Global Privacy Control.
  • You may contact legal@eastrockent.com to exercise privacy rights or ask a question.

2. Personal Information We Collect

"Personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an individual or household. It does not include information that is lawfully public, aggregated, or de-identified so that it cannot reasonably identify or be linked to an individual.


Depending on how you interact with us, we may collect the following categories:


  • Identifiers and contact information: name, username, customer or account ID, email address, telephone number, billing address, shipping address, IP address, online identifiers, and social-media handles.
  • Account and authentication information: account credentials, password or authentication information, preferences, settings, and saved items. Passwords are processed in protected form by the relevant platform provider.
  • Order, subscription, and commercial information: products and services viewed, searched for, added to a cart or wish list, purchased, downloaded, returned, exchanged, or canceled; subscription plan and status; gift-card activity; order history; product preferences; discount or eligibility status; and transaction records.
  • Payment and financial information: payment method, billing details, payment status, transaction identifiers, refunds, payout or royalty-payment details, and limited payment-card information. Complete payment-card numbers are generally collected and processed by Shopify and payment processors rather than stored by East Rock.
  • Device, network, and usage information: browser and device type, operating system, device identifiers, IP address, approximate location derived from IP address, referring URLs, pages or products viewed, links clicked, search activity, session activity, cart interactions, advertising interactions, and dates and times of access.
  • Communications and support information: emails, messages, form submissions, reviews, survey responses, customer-service records, call or appointment details, and information you provide when requesting support.
  • Professional, artist, and business information: legal and stage names, biography, business name and role, contact information, social and streaming profiles, website, audience and campaign information, professional history, service needs, project details, release plans, catalog and repertoire data, identifiers used in the music industry, rights ownership and administration information, agreements, credits, collaborator and payee information, royalty and sales information, and related due-diligence information.
  • Creative content and files: audio recordings, compositions, lyrics, artwork, photographs, videos, logos, project files, metadata, product-customization files, feedback, and other materials you submit or ask us to process. These materials may include your image, voice, likeness, or information about other people.
  • Public and social information: information from public artist profiles, public databases, social networks, streaming services, digital service providers, rights organizations, industry directories, press coverage, and information you have made public.
  • Sensitive information: where necessary for a requested service or required by law, we may process account credentials, government identifiers, tax information, financial-account or payout information, and information needed for identity, age, rights, anti-fraud, or legal verification. We do not seek to collect sensitive characteristics such as health information, precise geolocation, biometric identifiers used for unique identification, religious beliefs, racial or ethnic origin, or sexual orientation through ordinary retail activity. Creative content may incidentally reveal sensitive characteristics; we do not use such content to infer sensitive traits for advertising.
  • Inferences: preferences, likely interests, audience segments, and fraud or security indicators derived from the information described above.

Please do not send Social Security numbers, complete payment-card details, passwords for third-party accounts, health information, or other highly sensitive information unless we specifically request it through an authorized and appropriately protected channel for a legitimate purpose.


3. Sources of Personal Information

We may collect personal information:


  • Directly from you, including when you browse, create an account, place an order, subscribe, download a product, schedule an appointment, submit a form or file, apply for services, enter an agreement, communicate with us, or participate in a promotion.
  • Automatically, from your browser or device through cookies, pixels, tags, local storage, server logs, and similar technologies.
  • From Shopify and service providers, including payment, fraud-prevention, fulfillment, print-on-demand, manufacturing, shipping, digital-delivery, appointment, product-customization, email, customer-support, analytics, and advertising providers.
  • From business and music-industry partners, including artists, labels, managers, distributors, digital service providers, publishers, performing-rights and collective-management organizations, licensors, licensees, royalty administrators, marketing partners, and collaborators.
  • From public sources and third parties, including social networks, public websites, industry databases, public records, referrals, and information you authorize another person or service to provide.

4. How We Use Personal Information

We may use personal information to:


  • Provide products and services: operate the Services; create and manage accounts; process payments, orders, returns, exchanges, and refunds; manufacture, personalize, fulfill, and ship physical products; deliver downloads and digital products; administer gift cards, subscriptions, recurring billing, appointments, and customer benefits; and provide support.
  • Provide music, artist, and label services: evaluate applications and service requests; plan and perform projects; manage releases, metadata, catalogs, rights, royalties, licensing, distribution, publishing administration, marketing, and reporting; communicate with collaborators and platforms; create or deliver commissioned work; and perform our contracts.
  • Personalize and improve the Services: remember preferences, recommend products or services, understand how the Services are used, test features, troubleshoot problems, conduct research and analytics, and improve operations, content, products, and customer experience.
  • Communicate: send transactional messages, order and subscription notices, service updates, support responses, policy notices, and other relationship communications.
  • Market and advertise: send promotional email or messages where permitted; measure campaigns; build audiences; and display or help others display advertisements based on activity on our Services and, where permitted, activity across different websites or services.
  • Protect the Services and others: authenticate users, verify eligibility or identity, prevent fraud and abuse, secure accounts and transactions, detect malicious or unlawful activity, enforce our terms and agreements, protect rights and safety, and resolve disputes.
  • Comply with law and operate our business: maintain financial, tax, rights, licensing, royalty, and business records; respond to lawful requests; exercise or defend legal claims; perform audits and due diligence; manage corporate transactions; and comply with legal and regulatory obligations.
  • Carry out another purpose: as described when information is collected or with your direction or consent.

Where applicable law requires a legal basis, we rely on one or more of the following:


  • Contract: processing needed to enter into or perform a contract with you, including purchases, subscriptions, downloads, appointments, and client services.
  • Legitimate interests: operating and improving our business and Services, securing transactions and systems, preventing fraud, providing customer support, maintaining business and rights records, and marketing our offerings, when those interests are not overridden by your rights.
  • Consent: where we ask for consent, including for certain marketing, cookies, sensitive information, or new uses. You may withdraw consent at any time without affecting earlier lawful processing.
  • Legal obligation: processing necessary to comply with tax, accounting, consumer-protection, sanctions, law-enforcement, court, and other legal requirements.
  • Legal claims and vital interests: where necessary to establish, exercise, or defend legal claims or protect someone's vital interests.

5. Artificial Intelligence and Automated Tools

We may use service providers with artificial-intelligence or automated features to assist with fraud prevention, security, analytics, search, customer support, transcription, administrative tasks, creative workflows, or a service a client requests. We apply human review where appropriate to the task and risk. We do not use personal information to train our own large language model, and we do not knowingly authorize service providers to use customer or client personal information to train a general-purpose model, unless we first provide any notice and obtain any consent required by law. We do not use solely automated decision-making to make decisions that produce legal or similarly significant effects concerning consumers.


6. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients for the purposes described above:


  • Shopify: Shopify hosts our storefront and processes information to operate, secure, personalize, and improve the shopping services. Some Shopify enhanced services combine activity from our store with activity involving Shopify and other merchants. Shopify may act as our service provider or as an independent controller for certain processing. Learn more in the Shopify Consumer Privacy Policy and manage certain Shopify uses through the Shopify Privacy Portal.
  • Payment and financial providers: payment gateways, card networks, banks, subscription-billing providers, payout providers, tax providers, and fraud-prevention services.
  • Production, fulfillment, and delivery providers: print-on-demand providers such as Printful, product manufacturers, CD or media manufacturers, warehouses, packaging providers, shipping carriers, postal services, order-tracking providers, and digital-file delivery or hosting providers.
  • Technology and operations providers: cloud hosting, security, IT, customer support, communications, email, appointment scheduling, event or ticketing, product options and customization, file transfer, reviews, surveys, discounts and eligibility verification, search, and upsell providers.
  • Advertising, analytics, and social partners: providers such as Meta, Google, Mailchimp, Shopify, and other partners that help us analyze use, measure campaigns, communicate, build audiences, and advertise. Their use of information may be governed by their own privacy notices.
  • Music-industry and client-service recipients: artists, labels, managers, collaborators, producers, engineers, studios, designers, manufacturers, distributors, digital service providers, publishers, rights and royalty organizations, licensing partners, publicists, promotional platforms, vendors, and other recipients reasonably necessary to provide requested services or carry out your instructions.
  • Professional advisers: attorneys, accountants, auditors, insurers, consultants, financing providers, and other advisers subject to appropriate duties.
  • Affiliates and transaction parties: current or future affiliates and parties involved in a financing, merger, acquisition, reorganization, sale of assets, bankruptcy, or similar transaction, subject to applicable law.
  • Authorities and other parties for legal or safety reasons: courts, regulators, law enforcement, government agencies, rights holders, and other parties when we believe disclosure is necessary to comply with law or legal process, enforce agreements, protect rights or safety, investigate misconduct, or prevent harm.
  • Recipients you direct or authorize: a recipient you select, a third-party integration you use, or another person or organization you ask us to contact or share information with.

Artist biographies, credits, approved images, music, videos, release information, social links, and other promotional materials may be published or distributed as part of the service you request. Information made public can be copied, indexed, or redistributed by others beyond our control.


7. Our Relationship With Shopify

The store is powered by Shopify. Information you submit through the store is transmitted to Shopify and may be transmitted to Shopify's subprocessors in countries other than your own. Shopify processes information on our behalf to provide commerce services and also processes certain information for its own purposes, including to provide, personalize, and improve Shopify services. If Shopify is responsible for a particular use, requests concerning that use may need to be directed to Shopify through its Privacy Portal. Requests about East Rock's use of information should be directed to us.


8. Cookies, Analytics, and Advertising

We and our providers use cookies, pixels, tags, software development tools, local storage, and similar technologies. These technologies may collect device, network, usage, commercial, approximate-location, and advertising information. We use them to:


  • keep the store, cart, checkout, account, security, and digital-delivery functions working;
  • remember preferences and measure performance;
  • understand traffic, troubleshoot, and improve the Services;
  • measure marketing and attribute purchases or conversions; and
  • personalize content and advertise on our Services and elsewhere.

Our current integrations may include Shopify pixels and enhanced services, Meta Pixel, Google services (including reCAPTCHA and merchant tools), Mailchimp, and tools for fulfillment, appointments, events, product customization, discounts, reviews, analytics, and upselling. The exact technologies may change as our Services evolve.


You can use the cookie or privacy controls presented on our website, adjust browser settings, or visit our Privacy Choices page. Blocking some technologies may cause parts of the Services to function incorrectly. Where required, we use non-essential cookies only after obtaining consent.


Global Privacy Control. Where required by law, we treat a recognized universal opt-out preference signal, such as Global Privacy Control (GPC), as a request to opt out of sale, sharing, or targeted advertising for the browser or device sending the signal. If we can reasonably associate the signal with your Shopify account, we may apply it to that account. Learn more at globalprivacycontrol.org.


Do Not Track. Because there is no uniform industry standard for browser "Do Not Track" signals, we do not currently respond to them. We do respond to legally recognized opt-out preference signals as described above.


9. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain business and rights records, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and establish or defend legal claims. Retention depends on the nature and sensitivity of the information, the relationship and service involved, legal requirements, limitation periods, and technical or operational needs.


Our general retention criteria are:


  • Accounts: for the life of the account and a reasonable period afterward, unless earlier deletion is required or requested and no exception applies.
  • Orders, payments, subscriptions, tax, and accounting records: generally seven years after the relevant transaction or end of the relationship, or longer if required by law, audit, chargeback, or dispute.
  • Customer support and routine communications: generally up to three years after the matter closes, unless linked to a transaction, contract, complaint, or legal issue requiring longer retention.
  • Marketing records: until you opt out or the information is no longer useful, with minimal suppression-list information retained as needed to honor your opt-out.
  • Cookies and online analytics: according to the lifespan of the relevant cookie or provider setting, generally no longer than twenty-five months unless a longer period is necessary for security, fraud prevention, or legal compliance.
  • Applications and service inquiries: generally up to three years after the last interaction, unless you become a client or request earlier deletion and no exception applies.
  • Client, project, catalog, rights, royalty, licensing, and distribution records: for the service or agreement term and afterward as needed for delivery, rights administration, royalty accounting, audits, claims, chain-of-title records, contractual obligations, and legal compliance. Certain ownership, license, credit, release, and accounting records may need to be retained for an extended period.
  • Creative and production files: according to the applicable service agreement, project needs, storage practices, and any archival, delivery, rights, or legal obligations.

When retention is no longer justified, we will delete, de-identify, or securely dispose of information, subject to technical limitations in backups and lawful exceptions.


10. Information Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information, taking into account the nature of the information and our operations. No transmission or storage system is completely secure, and we cannot guarantee absolute security. Do not send sensitive or confidential information through an unsecured channel. You are responsible for using a unique password, protecting account credentials, and notifying us if you suspect unauthorized account activity.


11. Your Privacy Rights and Choices

Depending on your location and subject to applicable exceptions, you may have the right to:


  • confirm whether we process your personal information;
  • access or know the personal information we process, including categories, sources, purposes, and recipients;
  • correct inaccurate personal information;
  • delete personal information;
  • obtain a portable copy of personal information;
  • opt out of sale, sharing, targeted advertising, or certain profiling;
  • limit certain uses or disclosures of sensitive personal information, where applicable;
  • withdraw consent where processing is based on consent;
  • object to or restrict certain processing;
  • appeal our refusal of a privacy request; and
  • receive equal service and not be discriminated or retaliated against for exercising a privacy right.

How to submit a request. Email legal@eastrockent.com with the subject "Privacy Rights Request." For sale, sharing, or targeted-advertising opt-outs, use our Privacy Choices page or GPC. Describe the right you want to exercise and the email address or other information associated with your relationship with us.


We may take reasonable steps to verify your identity and authority before completing a request. We will use information provided for verification only for verification, security, fraud prevention, and legal compliance. If we cannot verify a request, we may ask for additional information or deny it as permitted by law. We will respond within the period required by applicable law and explain any lawful denial.


Authorized agents. Where permitted, an authorized agent may submit a request for you. We may require proof of signed authorization and may ask you to verify your identity or confirm directly that you authorized the agent. An agent may use the same request methods listed above.


Appeals. If we deny a request and your law provides an appeal right, email legal@eastrockent.com with the subject "Privacy Request Appeal" and explain why you believe the decision should be reconsidered. We will respond within the legally required period and, where required, explain how to contact the appropriate regulator.


Marketing communications. You can unsubscribe from promotional email using the link in the message. You may opt out of promotional text messages by replying STOP where available. We may still send non-promotional communications about transactions, accounts, subscriptions, services, security, or our ongoing business relationship.


Account information. You may update certain account information through your account settings. Closing an account does not necessarily delete information we must or are permitted to retain.


12. U.S. State Privacy Notice

This section supplements the rest of this Privacy Policy for residents of U.S. states with comprehensive privacy laws. The terms "sell," "share," "targeted advertising," "business purpose," "commercial purpose," "controller," and "sensitive personal information" have the meanings given by applicable law.


Sale and sharing. We do not sell personal information in exchange for money. We use advertising, analytics, and Shopify enhanced services that may disclose identifiers, commercial information, internet or other electronic-network activity, approximate geolocation, and inferences to advertising, analytics, and platform partners. Under some state laws, these disclosures may be considered a "sale," "sharing," or processing for "targeted advertising." You may opt out through our Privacy Choices page or GPC.


Notice of collection and preceding twelve months. The following table summarizes categories we collect and have collected during the preceding twelve months. Our practices vary based on the interaction and service.


Category Examples and purposes Categories disclosed for business purposes Sold/shared or used for targeted advertising Retention criteria
Identifiers Name, contact details, IP address, account and online identifiers; used for accounts, transactions, delivery, services, communications, security, and marketing. Service providers, Shopify, payment providers, fulfillment and shipping providers, operational partners, client-service recipients, advisers, and legal recipients. Yes, online identifiers and contact or device data may be disclosed to advertising, analytics, and platform partners for targeted advertising. No sale for money. Account, transaction, communication, marketing, and security criteria in Section 9.
Customer records and contact information Signature, address, phone number, payment and related customer information; used for contracts, orders, billing, verification, service delivery, and compliance. Service providers, Shopify, payment providers, fulfillment and delivery providers, client-service recipients, advisers, and legal recipients. Contact information may be used with marketing platforms as instructed by us; not sold for money. We do not disclose complete payment-card numbers for targeted advertising. Transaction, contract, accounting, and client-service criteria in Section 9.
Protected classification or potentially sensitive characteristics Not requested for ordinary retail activity. Creative content or artist information may incidentally reveal age, race or ethnicity, religion, disability, gender identity, sexual orientation, or similar characteristics. Used only to provide requested services, comply with law, or with consent—not to infer sensitive traits for advertising. Only service providers or client-service recipients as necessary and directed, and legal recipients where required. No. Client-service, creative-file, consent, and legal criteria in Section 9.
Commercial information Products, services, subscriptions, purchases, returns, downloads, interests, and transaction history; used for commerce, personalization, analytics, and marketing. Service providers, Shopify, payment providers, fulfillment and delivery providers, client-service recipients, and advisers. Yes, purchase interest and interaction data may be disclosed to advertising, analytics, and platform partners for targeted advertising. No sale for money. Transaction, account, analytics, and marketing criteria in Section 9.
Internet or electronic-network activity Browsing, search, click, cart, session, device, network, and advertising interaction data; used for store operation, security, analytics, personalization, and advertising. Service providers, Shopify, security providers, analytics providers, and operational partners. Yes, disclosed to advertising, analytics, and platform partners for targeted advertising. No sale for money. Cookie, analytics, security, and account criteria in Section 9.
Geolocation data General or approximate location derived from IP address; used for localization, security, fraud prevention, analytics, and advertising. We do not intentionally collect precise geolocation through ordinary retail activity. Shopify, service providers, security, analytics, and operational partners. Approximate location may be disclosed to advertising, analytics, and platform partners. No sale for money. Cookie, analytics, and security criteria in Section 9.
Audio, electronic, visual, and similar information Music, recordings, voice, images, video, artwork, calls, project and customization files; used to provide products, projects, promotions, distribution, and requested services. Service providers, production and delivery providers, music-industry and client-service recipients, platforms you direct, advisers, and legal recipients. No, unless you expressly direct publication or promotion; publication is not used as a sale of personal information for money. Creative-file, project, rights, contract, and legal criteria in Section 9.
Professional or employment-related information Artist, collaborator, business, role, professional history, catalog, credits, project and service information; used to evaluate and provide professional services and administer rights. Service providers, music-industry and client-service recipients, advisers, and legal recipients. No. Application, client-service, rights, accounting, and legal criteria in Section 9.
Sensitive personal information Account access credentials, government or tax identifiers, and financial or payout information where needed for identity, payment, rights, fraud, tax, or legal purposes. Service providers, payment and verification providers, authorized client-service recipients, advisers, and legal recipients as necessary. No. We do not use or disclose sensitive personal information to infer characteristics or for purposes requiring a right to limit under California law. Transaction, security, tax, accounting, rights, contract, and legal criteria in Section 9.
Inferences Likely interests, preferences, customer segments, and security indicators; used for personalization, analytics, marketing, and fraud prevention. Shopify, service providers, security, analytics, and operational partners. Yes, preference or audience inferences may be disclosed to advertising and platform partners for targeted advertising. No sale for money. Marketing, analytics, account, and security criteria in Section 9.

The business and commercial purposes for collecting, using, and disclosing these categories are described in Sections 4 and 6. The sources are described in Section 3. We do not have actual knowledge that we sell or share the personal information of consumers under age 16.


California direct-marketing disclosure. California Civil Code Section 1798.83 may permit California residents to request certain information about disclosures of personal information to third parties for those third parties' own direct-marketing purposes. Submit a request to legal@eastrockent.com. Applicable exceptions may apply.


13. International Users and Transfers

East Rock is based in the United States. We and our providers may process personal information in the United States, Canada, and other countries whose privacy laws may differ from those where you live. Where required for transfers from the European Economic Area, United Kingdom, Switzerland, or another jurisdiction, we rely on recognized safeguards such as an adequacy decision, the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum or Agreement, or another lawful transfer mechanism. You may contact us for information about applicable safeguards.


If you are in the EEA, UK, or Switzerland, you may have the rights listed in Section 11 and the right to complain to the data-protection authority where you live or work or where an alleged violation occurred. We ask that you contact us first so we can try to resolve the issue.


14. Children and Teenagers

The Services are intended for a general audience and are not directed to children under 13. We do not knowingly collect personal information online from a child under 13 without verifiable parental consent. If you believe a child under 13 provided personal information to us, contact legal@eastrockent.com so we can investigate and delete it where required.


Users under the age of majority in their jurisdiction should use the Services only with the involvement of a parent or legal guardian. We do not knowingly sell or share personal information of consumers under 16. Where we know a user is a minor, we do not process that minor's personal information for targeted advertising, sale, or prohibited profiling without the consent required by applicable law. A parent or legal guardian may submit a privacy request on a minor's behalf.


15. Information About Other People

If you provide personal information, creative content, contact details, royalty splits, account access, or other materials concerning another person, you represent that you have authority to provide it and that you have given any required notice and obtained any required permission. Do not provide a fan, customer, collaborator, or mailing list to us unless you have a lawful basis to do so. Your own collection and use of personal information may be subject to a separate agreement and your independent legal obligations.


The Services may link to or integrate with websites, apps, social networks, streaming services, payment services, or platforms controlled by others. Their privacy practices are governed by their own notices. We are not responsible for third-party privacy or security practices. A link does not necessarily mean that we endorse the third party.


17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, Services, technology, or legal obligations. We will post the updated version, revise the "Last updated" date, and provide additional notice or obtain consent when required by law. If we plan to use personal information for a materially different purpose, including a newly disclosed use involving artificial intelligence, we will provide any notice and choice required by applicable law before that use begins.


18. Contact Us

East Rock Entertainment LLC is the controller or business responsible for the personal information covered by this Privacy Policy, except where another party is identified as responsible.


East Rock Entertainment LLC
Attn: Privacy and Legal
175 Manomet Avenue
North Haven, Connecticut 06473
United States
Email: legal@eastrockent.com


For accessibility assistance or to request this Privacy Policy in an alternative format, contact legal@eastrockent.com.