Privacy Policy

Contact, Deletion, And Review Requests

For privacy questions, account support, data deletion, or data review requests, contact Entropy Records Ltd at contact.entropyrecords@gmail.com.

You can ask us to review the personal data connected to your account, explain how it is used, correct inaccurate information, export a copy where reasonably possible, delete your account data, remove a public profile or leaderboard entry, or review a moderation/submission decision that affects your data.

We may need to verify that the request comes from the account owner or the person connected to the submission before we disclose, change, or delete data. If we cannot fully delete something for legal, security, fraud-prevention, or legitimate operational reasons, we will explain what remains and why.

Google Sign-In And Google User Data

Entropy currently uses email and password login through Supabase. Google Sign-In is planned but is not active in the website code at the time this policy was last updated.

If Google Sign-In is enabled, Entropy will request only the basic permissions needed to sign you in and create or connect your Entropy account. This may include your Google account ID, name, email address, email verification status, and profile image.

Entropy will use Google user data only to authenticate you, maintain your account session, prevent duplicate accounts, support account security, and provide visible account features such as profile identity inside Entropy OS. Entropy does not sell Google user data, does not use Google user data for advertising, retargeting, credit decisions, lending, or unrelated profiling, and does not transfer Google user data to third parties except where necessary to provide the service, protect security, comply with law, or with your explicit consent.

Entropy does not request access to Gmail, Google Drive, Google Calendar, Google Contacts, or any Google sensitive or restricted scope unless a future feature clearly explains the access first, this policy is updated, and you are asked to consent before that access is used. Entropy's use and transfer of information received from Google APIs will comply with the Google API Services User Data Policy, including the Limited Use requirements.

Information We Collect

We collect only the information needed to run the site, provide account features, process public submissions, protect the service, and understand basic performance of Entropy content and campaigns.

Account And Login Data

• Email address and authentication identifiers.
• Password credentials handled by Supabase Auth.
• Session tokens and refresh tokens used to keep you signed in.
• Profile username and optional avatar/cosmetic selections.
• XP, level, Entrobucks, inventory, rewards, and quest progress.
• Game scores, game IDs, waves, combos, and leaderboard data.
• Friend requests, friend relationships, and limited presence dates.
• Chat or terminal messages where interactive chat is enabled.

Forms, Events, And Public Submissions

• Demo submissions may include artist name, email address, private track or SoundCloud URL, genre, BPM, mood, notes, status, and review information.
• Event RSVPs may include email address, name, event ID, event source, RSVP status, and related event metadata.
• MIDI challenge submissions may include username, submission URL, notes, challenge ID, and vote tokens used to prevent duplicate voting.
• Campaign quest claims may include your account ID, claimed action, target ID, reward status, and related XP, Entrobucks, or item rewards.

Analytics, Security, And Technical Data

• Page paths, event types, source labels, UTM source, UTM medium, UTM campaign, and limited event metadata.
• Locally generated preview/session identifiers used for basic page view measurement.
• Hashed rate-limit identifiers derived from request IP, email, username, session, or token values. We store hashes for abuse prevention rather than the raw rate-limit key where possible.
• Standard server logs and browser technical data that may be processed by our hosting, database, security, and infrastructure providers.

How We Use Information

• To create accounts, verify login sessions, and manage sign-in.
• To provide Entropy OS features including profiles, quests, cosmetics, inventory, friends, leaderboards, and game progress.
• To process demos, RSVPs, MIDI challenge activity, event interest, campaign claims, and other forms you submit.
• To respond to support, privacy, deletion, security, or account recovery requests.
• To prevent spam, abuse, duplicate votes, suspicious submissions, and security incidents.
• To understand which public pages, releases, events, and campaigns are working, using limited analytics rather than hidden ad profiling.
• To comply with legal duties and protect the rights, safety, and integrity of Entropy, artists, users, and the public.

Cookies And Local Storage

Entropy uses cookies, local storage, and session storage where they are needed for login, embedded app sessions, game settings, progress, and basic analytics.

• Supabase Auth stores browser session data under keys such as entropy-auth-token so you can remain signed in.
• Entropy may set an HTTP-only bridge cookie such as entropy-bridge-access-token to allow embedded app surfaces to recognize your signed-in session.
• Preview and app features may store local IDs, tracked paths, game settings, unlocks, high scores, daily progress, audio preferences, and temporary reload flags in local or session storage.
• You can clear browser storage through your browser settings. Doing so may sign you out or reset local-only preferences and progress.

How We Share Information

We do not sell personal data. We share data only where needed to run Entropy services, process submissions, protect users, or comply with legal obligations.

• Service providers and processors: Supabase provides authentication, database, storage, and related backend services. Hosting, CDN, deployment, and website providers such as Vercel and Framer may process technical data required to deliver the site.
• Google services: Google may process data where Google Sign-In is enabled, where Google-hosted fonts or media are used, or where Google-hosted media such as Drive links are embedded or played. Google handles that data under Google's own terms and privacy policy as well as the OAuth/API rules that apply to Entropy.
• Artists, staff, and collaborators: Entropy team members may review demo submissions, RSVPs, challenge entries, or support requests where needed for label operations.
• Public features: Usernames, profile visuals, leaderboard entries, public fan cards, challenge submissions, and similar interactive content may be visible to other users when the feature is designed to be public.
• Legal and safety reasons: We may disclose information if required by law, to prevent fraud or abuse, to protect service security, or to defend legal rights.

Retention And Deletion

• Account data is retained while your account is active or while it is needed to provide account features, resolve disputes, protect security, or comply with legal duties.
• Demo submissions, RSVPs, challenge entries, and campaign records are retained for as long as needed for label operations, event planning, artist review, moderation, audit, and legitimate business records.
• Chat messages may be short-lived where cleanup is enabled. Some gameplay, transaction, leaderboard, and moderation records may be retained for longer to maintain account integrity and prevent abuse.
• Rate-limit and security records are kept as long as needed to detect abuse, maintain service integrity, and investigate security issues.
• To request account deletion or deletion of personal data, email contact.entropyrecords@gmail.com. You may also use this contact to review what data is connected to you before requesting deletion. We may need to verify that the request comes from the account owner before deleting, exporting, or reviewing account data.

Security

We use reasonable technical and organizational measures to protect personal data, including HTTPS in production, managed authentication, access controls, row-level database permissions where applicable, server-side validation, rate limiting, and HTTP-only cookies for bridge sessions where possible.

No internet service can guarantee perfect security. If you believe your account or data has been exposed, contact us immediately at contact.entropyrecords@gmail.com.

Your Rights And Choices

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You can also ask us to review your data, explain how your data is used, and review decisions or public entries that affect your account or submissions.

Send contact, deletion, and review requests to contact.entropyrecords@gmail.com. We will respond as soon as reasonably possible and may ask for information needed to verify your identity or locate your account.

Children

Entropy services are not intended for children under 13. If you are in the United Kingdom or European Economic Area and are below the age at which you can legally consent to online services, use Entropy only with permission from a parent or guardian. If we learn that we have collected personal data from a child without appropriate consent, we will take reasonable steps to delete it.

Changes To This Policy

We may update this Privacy Policy when Entropy features, login methods, data practices, or legal requirements change. If we make material changes to how Google user data or other personal data is used, we will update this page and, where required, ask for consent before using the data in the new way.

This page is intended to be available at https://www.entropyofficial.com/privacy.html and should match the Privacy Policy URL used in any Google OAuth consent screen for Entropy.