Legal

Privacy Policy

Version 1.0 — Last updated June 20, 2026

This page explains what information is collected when you subscribe to release updates from MadeUp MonkeyShit, why it's collected, and how long it's kept. It's written in plain language on purpose.

What we collect when you subscribe

When you submit the email subscription form on this site, we collect:

Your email address — used solely to send you notifications when new music is released.
Your consent record — the date and time you agreed to receive emails, and the version of this policy that was in effect at the time.
Your IP address — collected automatically at the time of submission.

Why we collect your email

Your email address is collected under your explicit consent, given by checking the consent box before submitting the form. We use it for exactly one purpose: letting you know when new music comes out. We do not sell, rent, or share this information with third parties for marketing purposes.

You may withdraw this consent at any time by unsubscribing. Once you unsubscribe, we stop sending you emails and your record is marked inactive.

Why we collect your IP address

Unlike your email, your IP address is not collected under consent. It's collected under a separate legal basis: legitimate interest in network and information security, a basis specifically recognized for this purpose under data protection law (including GDPR Recital 49).

In plain terms: we log IP addresses to help detect and investigate fraudulent, abusive, or malicious activity connected to subscriptions on this site. This is a standard security practice and does not require a separate consent action from you.

How long we keep this information

Your email and consent records are retained for as long as your subscription remains active, and are deleted upon request if you unsubscribe and ask for full removal.

Your IP address is retained for the duration of your active subscription, plus a period of 10 years following unsubscription. This longer retention period for IP data specifically reflects the legal reality that fraud is often discovered long after it occurs — under the legal "discovery rule," the relevant time limit for pursuing a fraud-related claim typically doesn't begin until the fraud is actually discovered, not when it happened. A short retention window could mean the exact records needed to investigate a slow-developing security issue are gone by the time anyone notices something was wrong. This retention period is set with that risk specifically in mind.

Your rights

Depending on where you live, you may have rights to access, correct, or request deletion of your personal data, and to withdraw consent at any time. To exercise these rights, or if you have any questions about this policy, you can reach out through any of the contact methods listed on the main site.

Changes to this policy

If this policy is meaningfully updated, the version number and date at the top of this page will change, and your original consent record will always reflect which version was in effect when you subscribed.