1. Introduction

This Privacy Policy explains how Jazz Band Library (jazzlib.com) collects, uses, and protects your personal data. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Federal Law No. 152-FZ "On Personal Data" of the Russian Federation.

2. Data Controller

The data controller is Individual Entrepreneur Ilya Alexeev, operating Jazz Band Library. Contact: [email protected].

3. Personal Data We Collect

We collect the following categories of personal data:

Account data: name, email address (provided during registration)
Payment data: processed by Stripe or YooKassa — we do NOT store card numbers, CVV, or full payment details
Order data: purchase history, download records
Technical data: IP address, browser type, device information, cookies
Communication data: support tickets, chat messages

4. Purpose of Processing

We process your personal data for the following purposes:

Contract performance — to process orders and deliver digital goods
Account management — to maintain your personal account
Communication — to respond to support requests and send order confirmations
Legal compliance — to fulfill tax and accounting obligations
Service improvement — to analyze usage patterns and improve our website (with your consent)

5. Legal Basis for Processing

We process your data based on:

Contract performance (Art. 6(1)(b) GDPR) — necessary to fulfill your purchase
Legitimate interest (Art. 6(1)(f) GDPR) — website security and fraud prevention
Consent (Art. 6(1)(a) GDPR) — for analytics and marketing communications
Legal obligation (Art. 6(1)(c) GDPR) — tax and accounting requirements

6. Third-Party Services

We share data with the following third parties only as necessary:

Stripe, Inc. — payment processing (USA, PCI DSS certified)
YooKassa (NBCo LLC) — payment processing for Russian users
Resend — transactional email delivery
Cloudflare — CDN and DDoS protection

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Order records are retained for 5 years for tax compliance. You may request deletion of your account at any time.

8. Your Rights

Under GDPR and 152-FZ, you have the right to:

Access your personal data
Rectify inaccurate data
Request erasure ("right to be forgotten")
Restrict processing
Data portability
Object to processing
Withdraw consent at any time

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies

We use the following cookies:

Essential cookies: session management, authentication (strictly necessary)
Analytics cookies: website usage statistics (with consent)

You can manage cookie preferences in your browser settings.

10. International Data Transfers

Your data may be transferred to countries outside the Russian Federation or the EEA for payment processing (Stripe — USA). Such transfers are protected by Standard Contractual Clauses or adequacy decisions.

11. Data Security

We implement appropriate technical and organizational measures to protect your data, including TLS 1.3 encryption, secure authentication, and access controls.

12. Children's Privacy

Our service is not directed to individuals under 18 years of age. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date.

14. Contact

For privacy-related inquiries: [email protected].

If you believe your rights have been violated, you may file a complaint with Roskomnadzor (Russian Federation) or your local data protection authority (EU/EEA).