Privacy Policy

Last updated: May 26, 2026

1. Overview

MusicYaa ("we", "us", or "our") operates the website musicyaa.com and the MusicYaa mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Summary

We collect only the information necessary to connect you with Latin music artists and event vendors. We do not sell personal data. Payments are processed securely through Stripe and we never store your full credit card details. We use Google Analytics and Google Ads to measure how the platform is performing — these technologies do not load any cookies or send identifying data until you opt in via Your Privacy Choices. We honor the Global Privacy Control browser signal as an opt-out.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Profile Information: Phone number, profile photo, and bio (for artists and vendors)
  • Booking Information: Event date, time, location, event type, and special requests
  • Payment Information: Payment card details are collected and processed directly by Stripe; we only receive a tokenized reference, the last four digits, and card type
  • Communications: Messages sent through our platform between clients, artists, and vendors
  • Legal Acceptance Records: When you accept the Terms of Service, Privacy Policy, or Provider Agreement, we record the timestamp, IP address, user agent, and document hash for audit purposes

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, and device identifiers, derived from request headers when you load a page or call our API
  • Usage Data: Pages visited, features used, and interaction patterns. The marketing site and the application both send a first-party analytics beacon to our own /analytics/track endpoint on every page view; this beacon never leaves our infrastructure
  • Location Data: General location derived from IP address (we do not collect precise GPS location)
  • Strictly Necessary Cookies: We set first-party cookies required to operate the Service, including an authentication session cookie issued by AWS Cognito, a CSRF/state cookie set during the booking flow, and the musicyaa_consent_v1 cookie that records your choices on the Your Privacy Choices page

2.4 Information from Third Parties

  • Authentication Providers: If you sign in with a third-party service, we receive your name and email from that provider
  • Payment Processor: Stripe provides us with transaction status, payment confirmations, and payout details
  • Advertising Measurement: When you opt in to advertising cookies, Google Ads reports back to us in aggregate which campaigns resulted in bookings. We do not receive personal information about individual users from Google in these reports

2.3 Cookies and Tracking Technologies

We disclose every cookie and third-party SDK loaded on the Service below.

Default state: all non-essential storage denied

By default we configure Google's Consent Mode v2 to deny all advertising and analytics storage — no Google Analytics or Google Ads cookies are set, and no identifying data is transmitted to Google — until you opt in via Your Privacy Choices. We also honor the Global Privacy Control browser signal (see Section 6.5).

SDK or Service Purpose Storage Set Retention Vendor Privacy Policy
Google Analytics 4 Aggregate traffic, page performance, and user journey measurement _ga, _ga_*, _gid cookies; only after opt-in 14 months Google
Google Ads Conversion Tracking Measure which advertising campaigns produce real bookings _gcl_au, _gcl_aw cookies; only after opt-in 90 days Google
Google Maps JavaScript API Display venue locations on maps Google session cookies on googleapis.com when a map renders Session Google
Stripe.js Tokenize payment cards in the browser before they reach our servers __stripe_mid, __stripe_sid cookies on stripe.com 1 year (mid), 30 minutes (sid) Stripe
AWS Cognito Authenticate logged-in users First-party session and refresh-token cookies on musicyaa.com Up to 30 days AWS
MusicYaa Analytics Beacon First-party page-view counter sent to our own /analytics/track endpoint First-party sessionStorage key atm_session_id (cleared when the browser tab closes) Session First-party
MusicYaa Consent Choice Remember your selections on the Your Privacy Choices page First-party cookie musicyaa_consent_v1 12 months First-party

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: Process bookings, facilitate payments, and connect clients with artists and vendors
  • Account Management: Create and maintain your account, authenticate your identity
  • Communications: Send booking confirmations, payment receipts, reminders, and platform messages
  • Customer Support: Respond to your inquiries and resolve disputes
  • Improvements: Analyze first-party usage patterns to improve our Service and user experience
  • Advertising Measurement (only when opted in): Measure which marketing campaigns produce successful bookings so we can invest in the channels that reach people who want what we offer. The CPRA categorizes this as "sharing" of personal information for cross-context behavioral advertising, and you have the right to opt out at any time. See Section 6.4
  • Safety & Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes
  • Audit & Evidence: Maintain records of legal acceptance, booking agreements, and payment transactions

No sale of personal data

MusicYaa does not "sell" personal information for monetary consideration. We do "share" pseudonymous identifiers with Google Ads when you have opted in to advertising cookies (see Section 4.3); you can opt out of this at any time via Your Privacy Choices.

4. How We Share Your Information

We may share your information in the following circumstances.

4.1 With Other Users

When you make a booking, your name, event details, and contact information are shared with the artist or vendor you are booking. Similarly, artist and vendor profile information is visible to clients browsing the platform.

4.2 Service Providers

We share information with trusted third-party services that help us operate the platform:

ProviderPurposeData Shared
StripePayment processingPayment card details, transaction amounts, billing address
Amazon Web Services (AWS)Cloud hosting, authentication, data storage, email via SESAll platform data (encrypted at rest and in transit)
Google MapsLocation services for event venuesEvent addresses for map display
Google AnalyticsAggregate traffic and usage measurementPseudonymous identifiers, page paths, referrers (only after opt-in)
Google AdsConversion measurement for paid marketing campaignsConversion events (only after opt-in)

4.3 Sharing for Advertising Measurement (CPRA)

When you have opted in via the Your Privacy Choices page, we share certain pseudonymous identifiers and event data with Google Ads to measure which campaigns produce real bookings. The CPRA categorizes this as "sharing for cross-context behavioral advertising." You have the right to opt out of this sharing at any time using the Your Privacy Choices page, or by enabling the Global Privacy Control signal in your browser. We do not share any personal information for advertising measurement when you have not opted in.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5. Data Security

We implement industry-standard security measures to protect your personal information:

  • All data is encrypted in transit using TLS/HTTPS
  • Data at rest is encrypted using AWS encryption services
  • Payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider
  • Authentication is managed through AWS Cognito with secure password hashing
  • Access to production systems is restricted and monitored
  • We use AWS WAF (Web Application Firewall) to protect against common web threats

Important

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct any inaccurate or incomplete personal data
  • Deletion: Request that we delete your personal data, subject to legal obligations
  • Data Portability: Request a machine-readable copy of your data
  • Opt-Out: Unsubscribe from marketing emails at any time using the link in our emails
  • Account Deletion: Request complete deletion of your account at musicyaa.com/delete-account

6.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect about you
  • Delete personal information we have collected about you
  • Correct inaccurate personal information
  • Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising (see Section 6.4)
  • Limit the use of sensitive personal information
  • Non-discrimination: we will not discriminate against you for exercising any of these rights

We do not "sell" personal information for monetary consideration. We do "share" pseudonymous identifiers with Google Ads when you have opted in to advertising cookies; you can opt out of this sharing at any time using the Your Privacy Choices page.

6.2 Other U.S. State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, Iowa, Delaware, Minnesota, New Jersey, Tennessee, Indiana, New Hampshire, Kentucky, Maryland, and Rhode Island have similar rights under their state privacy laws, including the right to access, delete, correct, port, and opt out of targeted advertising. To exercise any of these rights, email privacy@musicyaa.com from the email associated with your MusicYaa account with the subject "Privacy Rights Request" and a description of the right you wish to exercise. We will respond within the timeframe required by your state's law (typically 30 to 45 days). If you are not satisfied with our response, you have the right to appeal by replying to our response email; we will respond to your appeal within 60 days.

6.3 Children's Privacy

Our Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete such information.

6.4 Your Privacy Choices and Cookie Settings

You can control which non-essential cookies and tracking technologies operate on the Service via the Your Privacy Choices page. From that page you can:

  • Opt in or out of Google Analytics measurement
  • Opt in or out of Google Ads advertising measurement
  • See exactly what choice is recorded in your browser today

Your choice is stored in a first-party cookie (musicyaa_consent_v1) for 12 months. We honor the choice across the marketing site and the application. If you clear your cookies, your previous selection is cleared and the default state (all non-essential storage denied) applies again until you make a new selection.

6.5 Global Privacy Control

We honor the Global Privacy Control browser signal. If your browser sends GPC, we treat that as an opt-out from any "sale" or "sharing" of personal information for cross-context behavioral advertising, even if you have previously opted in via the Your Privacy Choices page. Major browsers and privacy extensions that support GPC include Brave, DuckDuckGo Privacy Browser, Firefox (with the Privacy Badger extension), and other GPC-compatible tools.

6.6 How to Exercise Your Rights

To exercise any right not exposed in the in-app settings or on the Your Privacy Choices page, email privacy@musicyaa.com from the email address associated with your MusicYaa account. We may ask you to verify your identity before processing a request that involves personal information beyond what the requesting account already has access to.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy:

Data TypeRetention Period
Account informationUntil account deletion requested
Booking records7 years (tax and legal compliance)
Payment records7 years (financial regulations)
Messages2 years after last activity
First-party usage analytics24 months (anonymized)
Google Analytics measurement14 months (only when opted in)
Google Ads conversion measurement90 days (only when opted in)
Consent choice cookie12 months from last update
Legal acceptance recordsPermanent (legal evidence)

When data is no longer needed, it is securely deleted or anonymized.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

MusicYaa

Castaneda Networks LLC

941 W Cameron Ave, Apt 201

West Covina, CA 91790

Email: privacy@musicyaa.com

General Support: support@musicyaa.com

Website: musicyaa.com