Privacy Policy

Last updated June 2026

This Privacy Policy explains how thebeatbeast collects, uses, shares, and protects your personal data when you use our Service, and your rights under the Turkish Law No. 6698 on the Protection of Personal Data (“KVKK”) and applicable regulations. We collect only what we need to sell you digital products and deliver them.

Data controller

The data controller responsible for your personal data is thebeatbeast, an İstanbul, Türkiye–based beat and sound store. You can contact us about privacy through our Contact page.

What data we collect

We collect the following categories of personal data:

Identity & contact: the full legal name and email address you provide at checkout, and any details you include when you contact us or submit an exclusive-licensing enquiry.
Billing data: the billing address you enter at checkout (required for invoicing and tax compliance).
Order data: the products you buy, prices, taxes, discounts, order number, language, and order status.
Payment data: processed directly by PayTR. We do not receive or store your full card number; we receive only the payment result and a transaction reference.
Technical data: a salted, hashed form of your IP address (used to prevent abuse and rate-limit), and basic request/device information. We do not run third-party analytics, advertising, or tracking.

Why we use your data and legal bases

We process your personal data to:

fulfil your order — deliver download links and license documents, and provide support (performance of a contract);
meet legal obligations such as invoicing, tax, and record-keeping (compliance with a legal obligation);
secure the Service, prevent fraud and abuse, and keep download links safe (our legitimate interests);
respond to your enquiries and exclusive-licensing requests (performance of a contract / legitimate interests).

We do not use your data for marketing without your consent, and we do not sell your personal data.

Who we share data with

We share personal data only with service providers who process it on our behalf to run the Service, under appropriate agreements:

PayTR — payment processing;
Resend — sending transactional emails (order confirmation, download links);
Cloudflare — content delivery, storage (R2), and network security;
Railway — application hosting and database infrastructure;
Sentry — error monitoring (technical diagnostics only).

We may also disclose data where required by law, court order, or a competent authority, or to establish, exercise, or defend legal claims.

International transfers

Some of our service providers process data on servers located outside Türkiye. Where personal data is transferred abroad, we rely on the conditions permitted under the KVKK and take reasonable steps to ensure an adequate level of protection.

How long we keep data

We retain order, billing, and invoice data for as long as required to provide the Service and to comply with legal retention periods under Turkish tax and commercial law. Technical and security logs are kept for a limited period and then deleted or anonymised. When data is no longer needed and no legal obligation requires us to keep it, we delete or anonymise it.

Security

We apply reasonable technical and organisational measures to protect your data — including encrypted connections, signed and time-limited download links, hashed identifiers, and access controls. No method of transmission or storage is completely secure, but we work to protect your information and to limit access to those who need it.

Your rights under the KVKK

Under Article 11 of the KVKK, you have the right to: learn whether your data is processed; request information about the processing; learn the purpose and whether it is used accordingly; know any third parties to whom it is transferred; request correction of incomplete or inaccurate data; request erasure or destruction; request notification of these actions to third parties; object to results arising from automated analysis; and claim compensation for damage caused by unlawful processing.

To exercise these rights, contact us through our Contact page with enough detail to verify your identity and locate your data (for example, your order number and the email used at checkout). We respond within the period required by law.

Cookies

We use only essential cookies needed to operate the Service. For details, see our Cookies + KVKK notice.

Children

The Service is not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. The “last updated” date above reflects the current version. Material changes will be posted on this page.

What data we collect

We collect the following categories of personal data:

Identity & contact: the full legal name and email address you provide at checkout, and any details you include when you contact us or submit an exclusive-licensing enquiry.

Billing data: the billing address you enter at checkout (required for invoicing and tax compliance).

Order data: the products you buy, prices, taxes, discounts, order number, language, and order status.

Payment data: processed directly by PayTR. We do not receive or store your full card number; we receive only the payment result and a transaction reference.

Technical data: a salted, hashed form of your IP address (used to prevent abuse and rate-limit), and basic request/device information. We do not run third-party analytics, advertising, or tracking.

Why we use your data and legal bases

We process your personal data to:

fulfil your order — deliver download links and license documents, and provide support (performance of a contract);

meet legal obligations such as invoicing, tax, and record-keeping (compliance with a legal obligation);

secure the Service, prevent fraud and abuse, and keep download links safe (our legitimate interests);

respond to your enquiries and exclusive-licensing requests (performance of a contract / legitimate interests).

We do not use your data for marketing without your consent, and we do not sell your personal data.

Who we share data with

We share personal data only with service providers who process it on our behalf to run the Service, under appropriate agreements:

PayTR — payment processing;

Resend — sending transactional emails (order confirmation, download links);

Cloudflare — content delivery, storage (R2), and network security;

Railway — application hosting and database infrastructure;

Sentry — error monitoring (technical diagnostics only).

We may also disclose data where required by law, court order, or a competent authority, or to establish, exercise, or defend legal claims.

How long we keep data

Security

Your rights under the KVKK