Skip to content
Goat
DRAFT. These policies are under attorney review. Final versions may differ. Last updated 2026-05-24.

Privacy Policy — Goat Music

Last updated: 2026-05-24 · Effective: [DATE OF PUBLISH]

1. Who we are

Goat Music is a music discovery and rating social platform operated by Puya Ventures LLC ("we", "us", "our"), a New York limited liability company. Address: 418 Broadway, Ste N, Albany, NY 12207.

2. What we collect

Information you provide directly:

  • Account info: email address, display name, password (hashed), profile photo (optional), bio (optional).
  • Ratings, reviews, and lists: your scores (0–100), tier placements (S/A/B/C/D/F), written reviews, custom lists, and any public-profile content you create.
  • Communications: messages you send us via email or support channels.

Information collected automatically:

  • Usage data: pages viewed, features used, time on site, click events.
  • Device data: browser type, IP address, OS, device identifiers.
  • Cookies and similar technologies: see §6 below.

Information from third parties (only if you connect them):

  • Streaming services (Spotify, Apple Music, Last.fm): listening history, library, playlist data — based on the scopes you authorize.
  • Music data services (Discogs, RYM, AOTY, Bandcamp): your import history when you opt in.
  • Social platforms (Bluesky, Mastodon, Threads): your crosspost activity when you opt in.

Payment information:

We do not store payment card details. Subscription payments are processed by Creem, our merchant of record. Creem collects and stores your payment information subject to Creem's privacy policy. We receive only transaction metadata (subscription status, billing date, anonymized payment method type).

3. How we use your information

We use your information for the following purposes (with the lawful basis under GDPR-style frameworks, where applicable):

  • Provide and operate the Service — Contract performance
  • Generate personalized recommendations and Taste DNA — Contract performance / Legitimate interest
  • Communicate with you (transactional emails, support) — Contract performance
  • Send product updates and marketing (opt-out anytime) — Consent / Legitimate interest
  • Detect and prevent fraud, abuse, and security incidents — Legitimate interest / Legal obligation
  • Comply with legal obligations (tax, audit) — Legal obligation
  • Aggregate analytics to improve the Service — Legitimate interest

We do not sell your personal information.

4. Who we share with

We share information only with:

  • Service providers that help us operate the Service (cloud hosting via Vercel and Neon; analytics; email delivery; error monitoring). These providers process data on our behalf under contractual obligations.
  • Creem (our merchant of record) — processes all subscription payments globally and collects applicable taxes.
  • Third-party integrations (Spotify, Apple Music, etc.) — only when you actively connect them, only the scopes you authorize.
  • Legal compliance — if required by law, court order, or to protect rights, property, or safety.
  • Business transfers — if Puya Ventures LLC is involved in a merger, acquisition, or asset sale, your information may transfer; we'll notify you and any new owner must honor this policy.

We do not sell or rent your personal information to third parties for their marketing purposes.

5. Your rights

Depending on where you live, you may have rights including:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to fix inaccurate data
  • Deletion — ask us to delete your account and personal information
  • Portability — receive your data in a structured, machine-readable format
  • Opt-out of marketing — unsubscribe from emails anytime via the link in any email or in account settings
  • Object to or restrict processing — for processing based on legitimate interest
  • Lodge a complaint with a supervisory authority (EU/UK/etc.)

To exercise rights, email privacy@goatmusic.me (forwarded to legal@goatmusic.me). We'll respond within 30 days.

California residents (CCPA/CPRA)

You have the rights above plus the right to know what personal information has been sold or shared (we do not sell or share for advertising purposes). California residents under 16 have additional protections; we do not knowingly collect data from anyone under 13.

Virginia, Colorado, Connecticut, Utah, and other state privacy laws

Similar rights apply. Use the same contact email above.

EU/UK/EEA residents (GDPR)

Lawful bases listed in §3. You have rights to access, rectify, erase, restrict processing, data portability, and to object. Our supervisory authority is in the user's jurisdiction. If you wish to contact our designated EU representative, contact privacy@goatmusic.me (we'll designate one if required as we scale into the EU).

6. Cookies and tracking

We use:

  • Strictly necessary cookies for authentication and security (cannot be disabled without breaking the Service)
  • Analytics cookies to understand usage and improve the Service (anonymous aggregate data)
  • Functional cookies to remember preferences (theme, locale, recently viewed)

We do not use cross-site advertising cookies, and we do not participate in advertising auctions. You can disable non-essential cookies via the cookie banner on your first visit, or in account settings.

7. Data retention

  • Active accounts: retained while your account exists.
  • After account deletion: personal information is deleted within 30 days. Backups are purged within 90 days.
  • Anonymized analytics: may be retained indefinitely.
  • Transaction records: retained per US tax and accounting law (typically 7 years), even after account deletion.

8. Security

We use industry-standard security measures including encrypted data in transit (TLS 1.3), encrypted data at rest, hashed passwords (bcrypt or argon2), restricted internal access, and routine security reviews. No system is 100% secure; you use the Service at your own risk.

9. International transfers

Goat Music is operated from the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border data transfers.

10. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact privacy@goatmusic.me and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy questions or to exercise your rights:

Email: privacy@goatmusic.me Mail: Puya Ventures LLC, 418 Broadway Ste N, Albany NY 12207