Last Updated: August 8, 2025
Privacy Policy
At Beats By Tokyo, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
1. Information We Collect
Personal Information
We may collect the following types of personal information:
- Contact Information: Name, email address, phone number, mailing address
- Account Information: Username, password, profile preferences
- Payment Information: Credit card details, billing address (processed securely through third-party payment processors)
- Communication Data: Messages, feedback, and support requests
Automatically Collected Information
- Usage Data: Pages visited, time spent, click patterns, referral sources
- Device Information: IP address, browser type, operating system, device identifiers
- Location Data: Approximate geographic location based on IP address
- Cookies and Tracking Technologies: Session data, preferences, analytics information
- Advertising Data: Ad interaction data, conversion tracking, remarketing information (via Google services)
- Analytics Data: Website performance metrics, user behavior patterns, demographic insights
2. How We Use Your Information
We use your information for the following purposes:
- Providing and maintaining our music services and platform
- Processing transactions and managing your account
- Personalizing your music experience and recommendations
- Communicating with you about our services, updates, and promotions
- Analyzing usage patterns to improve our services
- Detecting and preventing fraud, abuse, and security threats
- Complying with legal obligations and enforcing our terms
- Marketing and promotional activities (with your consent where required)
- Displaying relevant advertisements and measuring ad performance
- Understanding user demographics and interests for service improvement
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process your personal data based on:
- Consent: When you provide explicit consent for specific processing activities
- Contract Performance: To fulfill our contractual obligations to you
- Legitimate Interests: For our business operations, security, and service improvement
- Legal Obligation: To comply with applicable laws and regulations
4. Google Services Integration
We use Google services to enhance your experience and improve our services. Here's how we use these services and what data they collect:
Google Analytics
We use Google Analytics to understand how visitors interact with our website:
- Data Collected: Page views, session duration, bounce rate, traffic sources, user demographics
- Cookies Used: _ga, _ga_*, _gid, and other Google Analytics cookies
- IP Anonymization: We have enabled IP anonymization to protect your privacy
- Demographics: Age and gender information (when available and consented to)
- Interests: Interest categories based on your browsing behavior
- Device Information: Browser, operating system, screen resolution, device type
- Data Retention: Analytics data is retained for 26 months by default
Google Ads and Conversion Tracking
We use Google Ads to display relevant advertisements and measure campaign effectiveness:
- Conversion Tracking: Tracks actions you take after clicking our ads (purchases, sign-ups, downloads)
- Remarketing: Shows you relevant ads on other websites based on your visit to our site
- Audience Lists: Creates custom audiences for targeted advertising
- Cookies Used: Google Ads conversion tracking cookie, doubleclick cookies
- Cross-Device Tracking: May link your activity across devices when signed into Google
- Enhanced Conversions: Uses hashed first-party data to improve conversion measurement
Google Tag Manager
We use Google Tag Manager to manage website tags and tracking codes:
- Purpose: Efficiently deploy and manage analytics and marketing tags
- Data Processing: Processes the same data as the tags it manages
- Security: Helps ensure proper implementation of privacy controls
Data Sharing with Google
When you interact with our website, certain information may be shared with Google:
- Website usage patterns and behavior data
- Device and browser information
- Approximate location data (city/region level)
- Conversion events and transaction values (without personal identifiers)
- Hashed email addresses for Enhanced Conversions (where consented)
Google's Data Usage: Google may use this data for their own purposes, including improving their services and showing you relevant ads across their network. Google's use of your data is governed by their Privacy Policy at
policies.google.com/privacy.
Your Control Options
- Google Analytics Opt-out: Install the Google Analytics Opt-out Browser Add-on
- Ad Personalization: Manage your ad preferences at myadcenter.google.com
- Google Account Settings: Control data collection in your Google account settings
- Browser Settings: Block or delete cookies through your browser preferences
- Do Not Track: We respect Do Not Track signals where technically feasible
5. Payment Processing
We use trusted third-party payment processors to handle financial transactions securely:
Stripe
When you make a payment via credit/debit card, we use Stripe as our payment processor. Stripe collects and processes your payment information according to their privacy policy:
- Information Collected: Card number, expiration date, CVC, billing address, name on card
- Security: PCI DSS Level 1 compliant with industry-leading encryption
- Data Handling: Payment data is tokenized and not stored on our servers
- Privacy Policy: stripe.com/privacy
- Data Processing: Stripe may use your data for fraud prevention, analytics, and compliance
PayPal
When you choose PayPal as your payment method, PayPal processes your payment information:
- Information Shared: Transaction amount, currency, merchant information, and purchase details
- PayPal Account: If you pay via PayPal account, we may receive limited account information
- Guest Checkout: PayPal may share billing address and email for guest payments
- Privacy Policy: paypal.com/privacy
- Dispute Resolution: PayPal may share transaction data for dispute resolution purposes
Payment Security Measures
- We never store complete credit card information on our servers
- All payment data is encrypted during transmission using SSL/TLS
- We maintain PCI compliance standards through our payment processors
- Regular security monitoring and fraud detection systems
- Tokenization of sensitive payment information
Important: We do not have access to your full payment card details. This information is handled directly by our payment processors (Stripe and PayPal) and is subject to their respective privacy policies and security measures.
6. Information Sharing and Disclosure
We may share your information in the following circumstances:
Google Services
We share data with Google through their various services:
- Google Analytics: Website usage, performance data, and user behavior metrics
- Google Ads: Conversion data, audience information for advertising purposes
- Enhanced Conversions: Hashed customer data to improve conversion measurement
- Google processes this data according to their privacy policy and data processing terms
Payment Processors
We share necessary transaction information with our payment processors:
- Stripe: Transaction details, billing information, and fraud prevention data
- PayPal: Purchase information, customer details for payment processing
- Both processors may share limited transaction data back to us for record-keeping and customer service
Service Providers
We share data with trusted third-party service providers who assist us in:
- Payment processing and fraud prevention (Stripe, PayPal)
- Website analytics and performance monitoring (Google Analytics)
- Digital advertising and marketing (Google Ads)
- Cloud hosting and data storage
- Email marketing and customer support
- Content delivery and streaming services
Legal Requirements
We may disclose information when required by law or to:
- Comply with legal processes, court orders, or government requests
- Protect our rights, property, or safety
- Investigate fraud or security issues
- Enforce our terms of service
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.
7. Data Security
We implement comprehensive security measures to protect your information:
- Encryption of data in transit and at rest using industry-standard protocols
- Regular security audits and vulnerability assessments
- Access controls and employee training on data protection
- Secure data centers with physical and digital safeguards
- Incident response procedures for potential security breaches
Note: While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to using reasonable measures to protect your data.
8. Your Privacy Rights
General Rights
- Access: Request information about the personal data we hold about you
- Correction: Update or correct inaccurate personal information
- Deletion: Request deletion of your personal data (subject to legal limitations)
- Opt-out: Unsubscribe from marketing communications
GDPR Rights (EU Users)
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Limit how we process your personal data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Revoke consent for specific processing activities
CCPA Rights (California Residents)
- Know: Information about personal data collected and shared
- Delete: Request deletion of personal information
- Opt-out: Opt-out of the sale of personal information
- Non-discrimination: Equal service regardless of privacy choices
9. Cookies and Tracking Technologies
We use various technologies to enhance your experience:
Types of Cookies
- Essential Cookies: Necessary for basic website functionality
- Performance Cookies: Help us analyze website usage and performance (Google Analytics)
- Functional Cookies: Remember your preferences and settings
- Marketing Cookies: Enable targeted advertising and promotions (Google Ads)
Specific Google Cookies
- _ga, _gid: Google Analytics cookies for tracking user sessions
- _gac_*: Google Analytics campaign attribution cookies
- IDE: Used by Google DoubleClick for advertising targeting
- NID: Contains unique ID for Google ads preferences
- Conversion cookies: Track ad conversions and remarketing
Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality and your ability to see relevant advertisements.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your residence. We ensure appropriate safeguards are in place:
- Adequacy decisions by relevant authorities
- Standard contractual clauses (SCCs)
- Binding corporate rules
- Certification schemes
Google Services Data Transfers
When using Google services (Analytics, Ads), your data may be transferred to and processed in the United States and other countries where Google operates. Google has certified under the EU-US Data Privacy Framework and maintains appropriate safeguards for international data transfers.
11. Data Retention
We retain your personal information for as long as necessary to:
- Provide our services and maintain your account
- Comply with legal, tax, audit, and accounting obligations
- Resolve disputes and enforce agreements
- Prevent fraud and maintain security
- Maintain transaction records for payment processing and refunds
Payment Data Retention
- Transaction Records: Kept for up to 7 years for tax and accounting purposes
- Payment Tokens: Stored securely by payment processors for recurring payments (if applicable)
- Dispute Records: Retained for the duration required by payment processor policies
Google Services Data Retention
- Google Analytics: Data retained for 26 months (configurable)
- Google Ads: Conversion data retained according to Google's retention policies
- Audience Lists: Remarketing lists expire automatically after specified periods
- Cookie Data: Various expiration periods depending on cookie type
We regularly review and delete data that is no longer necessary for these purposes.
12. Children's Privacy
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.
13. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
14. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:
- Posting the updated policy on our website
- Sending email notifications to registered users
- Displaying prominent notices on our platform
Your continued use of our services after any changes constitutes acceptance of the updated policy.