Privacy Policy

1. Who We Are

Fourth Door Media and Entertainment, LLC is a Texas-registered limited liability company operating primarily in the Nashville, Tennessee music and entertainment industry. We operate this marketing website, publish content about our artists and projects, and offer inbound-inquiry channels for prospective clients, sponsors, press, and the public.

We are the data controller for personal information collected on this Site. You can contact us at [email protected] with any privacy questions.

2. Information We Collect

We collect personal information in the following ways:

• Contact form submissions. When you fill out our contact form, we collect your name, email address, phone number, the type of project you're inquiring about, what you're trying to build ("what's your fourth door"), and, optionally, your company/artist name and how you heard about us.
• Newsletter signups. When you subscribe to our newsletter, we collect your email address.
• Automatic technical information. When you visit the Site, our hosting and delivery providers automatically receive standard technical information — your IP address, browser type and version, operating system, referrer URL, and timestamps — as part of ordinary network communication. This information is used for security, anti-abuse, and analytics purposes, and is handled per each provider's privacy practices.
• Cookies and similar technologies. We use a small number of cookies to remember your theme preference (dark or light) and to provide anti-bot protection on our forms. See Section 8 for details.

We do not collect financial information, government identifiers (such as Social Security numbers), biometric data, health information, or precise location data through this Site.

3. How We Use Your Information

We use personal information to:

• Respond to your inquiry and communicate about your request
• Send you our newsletter, if you've subscribed
• Prevent spam, abuse, and fraudulent submissions to our forms
• Maintain the security and operation of the Site
• Comply with legal obligations, resolve disputes, and enforce our agreements

We do not sell or rent personal information. We do not use personal information for automated decision-making or profiling that produces legal or similarly significant effects on you.

4. Third-Party Services (Data Processors)

We use the following third-party services ("data processors") to operate this Site. These providers process personal information on our behalf under data processing agreements and their own privacy practices:

• Vercel — hosting and serverless infrastructure. Standard web server logs are retained per Vercel's policies.
• Cloudflare — content delivery, DNS, DDoS protection, and privacy-respecting Web Analytics. Cloudflare may receive IP addresses and standard technical request information. We also use Cloudflare Turnstile to detect automated abuse of our forms. Cloudflare Web Analytics does not use cookies and does not track individual visitors. See Cloudflare's Turnstile Privacy Addendum for details on Turnstile-specific data practices.
• Resend — transactional email delivery. When you submit our contact form or newsletter signup, Resend handles the resulting email. Resend also stores newsletter subscribers in a managed audience list on our behalf.
• Upstash — Redis-based rate limiting to prevent form abuse. Stores IP-derived rate-limit counters for short windows.
• Sanity — content management system that stores editable site content. Sanity does not typically store visitor personal data; it primarily stores content we author.
• Sentry — error and performance monitoring. When the Site encounters a technical error, Sentry may receive technical information about the error and your browser environment to help us diagnose the issue.
• Google Workspace — email hosting for our inbound inboxes (including [email protected]).
• Google Tag Manager and Google Analytics 4 — loaded only if you accept analytics cookies (for visitors in regulated regions) or under implicit consent (for visitors outside those regions). GA4 collects aggregate usage statistics such as page views, referrer source, approximate location (country/city level), and device type. We do not use GA4 for advertising remarketing. We use IP anonymization where supported.
• HetrixTools — uptime monitoring. HetrixTools pings our site periodically from their monitoring servers and alerts us if the site is unreachable. They do not interact with or collect information about our visitors.

5. Data Retention

We retain inquiry data in our Gmail inbox for up to 24 months under the legitimate-interest basis of GDPR Article 6(1)(f) to respond to inbound inquiries and maintain records of prospective-client conversations. You can request deletion at any time by emailing [email protected]; we will fulfill deletion within 30 days.

Newsletter subscription data is retained as long as you remain subscribed. Unsubscribing removes your record from our active audience. Resend's system logs may retain technical delivery records per their own policy (typically 30 days for the free tier).

Automatic server logs (hosting and CDN) are retained per each provider's default retention window — typically 30 days or less.

6. Your Privacy Rights

This section applies if you are a resident of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, and to residents of any other US state to the extent that state has enacted a comprehensive consumer privacy law granting similar rights. We treat all US visitors as equally entitled to make a request; the rights you can actually enforce depend on your state of residence and applicable law.

Subject to applicable state law and verification of your identity, you may have the following rights:

• Right to know / access. Request confirmation that we process personal information about you, the categories we collect, the sources, the business purposes, the categories of third parties we share it with, and a copy of the specific personal information we hold.
• Right to correct. Ask us to correct personal information you believe is inaccurate or incomplete.
• Right to delete. Ask us to delete personal information we collected from you, subject to legal exceptions (e.g., to complete a transaction, comply with a legal obligation, or protect against fraud).
• Right to data portability. Receive a copy of your personal information in a structured, commonly used, machine-readable format.
• Right to opt out of the sale or sharing of personal information. We do not sell personal information for money, and we do not share personal information for cross-context behavioral advertising.
• Right to opt out of targeted advertising. We do not currently use personal information for targeted advertising. If that changes, we will provide a clear opt-out mechanism.
• Right to opt out of profiling. You may opt out of profiling that produces legal or similarly significant effects about you. We do not currently use personal information for such profiling or for automated decision-making.
• Right to limit the use of sensitive personal information. We do not collect sensitive personal information through this Site (no government IDs, financial account numbers, precise geolocation, biometric data, health data, or data revealing protected characteristics). If that changes, we will provide opt-in consent or a limit-use mechanism as required.
• Right to non-discrimination. We will not deny you service, charge a different price, or provide a different level of quality because you exercised a privacy right.
• Right to appeal. If we deny your request, you may appeal by replying to our response email or sending a new email to [email protected] with the subject line "Privacy Appeal." We will respond in writing within 60 days explaining our decision. If we deny your appeal, you may contact your state attorney general's office to file a complaint.

How to exercise a right. Email [email protected] with the subject line "Privacy Request" and tell us which right you want to exercise. We will acknowledge receipt within 10 business days and respond within 45 days (we may extend once by an additional 45 days when reasonably necessary, and we will tell you if we do). We may need to verify your identity before fulfilling certain requests. You may use an authorized agent to submit a request on your behalf; we will require written, signed authorization and may verify directly with you.

Universal opt-out signals. If your browser sends a Global Privacy Control (GPC) signal, we treat that as a valid request to opt out of the sale or sharing of personal information from that browser, consistent with California, Colorado, Connecticut, and Oregon law.

California-specific notice. In the past 12 months, the categories of personal information we have collected are: identifiers (name, email, phone, IP address), commercial information (project type and inquiry content), and internet activity (page views, referrer). We collect this from you directly via forms and from analytics providers. We disclose it only to the data processors listed in Section 4. We do not sell or share personal information.

EEA/UK/Switzerland visitors. If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR/UK GDPR — including the right to lodge a complaint with your local data protection authority. See Section 7 for our cross-border transfer basis.

7. International Visitors and Cross-Border Transfers

Fourth Door Media and Entertainment, LLC is established in the United States. If you access this Site from outside the United States, your personal information will be transferred to, stored in, and processed in the United States. We rely on the legitimate-interest basis of GDPR Article 6(1)(f) for processing necessary to respond to inbound inquiries, and on your consent for newsletter subscriptions.

Transfer mechanism cascade. For personal data of EEA, UK, or Swiss residents, we rely on the following safeguards in order of preference:

• EU-US Data Privacy Framework (DPF). Where the recipient processor is self-certified under the DPF (or its UK Extension or Swiss-US DPF), we rely on the European Commission's adequacy decision adopted 10 July 2023 (Decision (EU) 2023/1795).
• EU Standard Contractual Clauses (SCCs), Module 2 (Controller-to-Processor). Where the DPF does not apply, we use the European Commission's 2021 SCCs (Implementing Decision (EU) 2021/914) as our transfer mechanism. Each US-based processor in Section 4 has executed Module 2 SCCs with us as part of its data processing agreement.
• UK International Data Transfer Addendum (IDTA). For UK-resident data transferred outside the UK, we use the UK ICO's IDTA (effective 21 March 2022) as an addendum to the EU SCCs.

A copy of the SCCs and IDTA used for any specific transfer is available on request to [email protected] with subject line "Transfer Mechanism."

8. Cookies

We use cookies in the following categories:

• Necessary. Your theme preference (dark/light) is stored in browser localStorage indefinitely until you clear it. Your cookie-consent choice is stored as a cookie (fd-consent), which expires after 12 months. A geo-region cookie (fd-geo-region) records whether your location triggers the consent banner and expires after 12 months. A small functional cookie (fd-hero-last-bucket) stores a single integer (0–4) used only to vary the home-page hero video on each visit; it expires after 30 days, contains no personal information, and is not used for tracking.
• Anti-abuse. Cloudflare Turnstile sets short-lived cookies (typically a few minutes) to distinguish human visitors from automated bots on our forms.
• Analytics. If you consent, Google Tag Manager loads Google Analytics 4, which sets cookies to measure site usage (_ga expires after 2 years; _ga_* expires after 2 years). Cloudflare Web Analytics runs but does not use cookies. For visitors in the EU, EEA, UK, Switzerland, or United States, Google Analytics does not load unless you accept analytics cookies.
• Marketing. We do not currently load marketing or advertising trackers.

You can change your cookie preferences at any time by clicking "Cookie Preferences" in the Legal section of our footer.

9. Children's Privacy

This Site is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will delete it promptly.

10. Security

We use reasonable technical and organizational measures to protect personal information — encryption in transit (HTTPS), access controls on our vendor accounts, rate limiting on public forms, and monitoring for abnormal activity. No method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify you.

12. Contact Us

Privacy inquiries: [email protected]

Subject line: "Privacy Request" for data-subject access, deletion, or correction requests.