Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 1, 2026

This Privacy Policy explains how L’Una Music Group LLC and its affiliated entity, L’Una Studios LTDA, operating under the brand name Luna Studios (collectively, “the Company”), collect, use, disclose, store, and otherwise process personal information through https://desings.lunaxstudios.com/, its regional domains, and associated portals, client dashboards, checkout systems, forms, or online services (collectively, “the Site”). By accessing or using the Site, the user of the Site (hereinafter referred to as “the User”) acknowledges the terms of this Privacy Policy.

1. Corporate Identity and Contact Details

Data controllers responsible for processing activities are:

  • L’Una Music Group LLC d/b/a Luna Studios, a Georgia limited liability company, with its principal place of business located at 750 Piedmont Ave NE, Atlanta, GA 30308, United States of America. Email: [email protected].

  • L’Una Studios LTDA, a Brazilian limited liability company, registered under CNPJ: 44.160.583/0001-93, with its principal place of business located in Goiânia, State of Goiás, Brazil. Email: [email protected].

2. Scope of this Privacy Policy

This Privacy Policy applies to personal information collected:

  • Through the Site, including registration portals, client dashboards, and online checkout systems ;

  • Through forms, demo submissions, creative licensing inquiries, and catalog assessments ; and

  • Through emails, newsletters, and direct communication channels linked to the Site.

This Privacy Policy does not apply to third-party services, payment processors, digital streaming platforms (DSPs), or social media networks linked on the Site, which maintain independent privacy policies.

3. Categories of Personal Information Collected

The Company collects personal information through voluntary User submission and automated technical tracking.

A. Information Provided Directly by the User

  • Identifying Information: Full legal name, professional alias or stage name, company name, corporate tax registration identifiers (including CNPJ or SSN), and government-issued identification numbers.

  • Contact Details: Physical mailing address, business address, electronic mail address, and telephone numbers.

  • Portal Account Credentials: Usernames, passwords, and security access codes.

  • Commercial and Royalty Data: Bank routing numbers, digital payment usernames, invoice metadata, music rights registration details, and historic royalty statements.

  • Creative Content and Metadata: Sound recordings, musical compositions, copyright information, metadata spreadsheets, and pitch materials submitted via the Site.

B. Information Collected Automatically

  • Technical Identifiers: Internet Protocol (IP) addresses, unique device identifiers (UDID), media access control (MAC) addresses, and browser specifications.

  • Usage Metadata: Pages viewed, navigation duration, session recording, referring URLs, approximate geographic location data derived from IP addresses, and cookie-based interaction telemetry.

4. Legal Bases for Processing (Brazilian LGPD Alignment)

In compliance with Article 7 of the LGPD, the processing of personal information is justified under the following legal bases :

  • Consent: Where the User provides explicit, unambiguous authorization for specific processing tasks, such as subscribing to commercial communications or submitting music catalog files.

  • Performance of a Contract: Where processing is required to execute a service contract, licensing agreement, or distribution arrangement to which the User is a party, or to perform pre-contractual evaluations.

  • Legitimate Interests: Where processing is required to optimize the Site’s functionality, maintain network security, prevent fraudulent activities, and analyze commercial trends, provided such interests do not override the User’s fundamental rights and freedoms.

  • Compliance with Legal Obligations: Where processing is necessary to satisfy tax regulations, corporate record-keeping statutes, anti-money laundering requirements, or judicial orders.

5. Cookies and Tracking Technologies

The Site utilizes session and persistent cookies to remember User preferences, analyze traffic patterns, and support marketing campaigns.

A cookie consent manager is provided upon entry to the Site, allowing the User to accept or decline non-essential cookies. The Site is configured to detect and honor browser-based Global Privacy Control (GPC) opt-out preference signals. If a User disables necessary cookies via browser settings, certain areas of the Portal or checkout pages may experience reduced functionality.

6. Information Sharing and Disclosure

The Company does not sell personal information for monetary compensation. Personal information is disclosed to the following categories of recipients solely under binding data processing agreements :

  • Corporate Affiliates: Affiliated entities, including the joint US and Brazilian operating companies, to execute centralized administrative operations.

  • Service Providers: Infrastructure hosting providers (Hostinger), development suites (Divi Theme/WordPress), analytics providers (Google Analytics), payment gateways, and CRM platforms, all restricted from utilizing or disclosing the data for any independent purpose.

  • Professional Advisors: Legal counsel, accountants, insurers, and auditors engaged to secure and maintain corporate compliance.

  • Regulatory and Judicial Authorities: Public bodies, tax agencies, and law enforcement when required by statutory mandates, subpoenas, or to defend the Company’s legal rights.

7. Testimonials, Reviews, and Case Studies

If the User submits a testimonial, review, or case study to the Company, the User grants the Company a non-exclusive, perpetual, irrevocable, worldwide, royalty-free license to publish, display, and distribute the statement on the Site and associated marketing channels. The Company may edit submissions for length, spelling, and grammar, provided the substantive meaning is not altered. The User is responsible for ensuring they possess the authority to submit such statements.

8. User Accounts, Portals, and Dashboards

The Portal is restricted to authorized clients. The User must maintain the confidentiality of all login credentials. The Company maintains activity logs within the Portal to track security compliance, access history, and performance metrics. The User must notify the Company immediately of any unauthorized access to credentials.

9. Payments and Checkout

The Site utilizes PCI-DSS compliant third-party payment gateways to process transactions, bookings, and recurring subscriptions. The Company does not store full credit card numbers or financial account credentials on its servers. The Company receives transaction status, customer details, and limited billing metadata required to execute the purchase and satisfy tax retention mandates.

10. Submissions and Creative Materials

Submissions uploaded through the Site are evaluated for business and licensing purposes. Highly sensitive copyright materials or proprietary files should not be submitted through general website contact forms unless and until appropriate confidentiality agreements are in place.

11. Data Retention and Deletion Protocols

The Company retains personal information only for the period necessary to fulfill the specific purposes outlined in this Policy, or as required by applicable statutory retention schedules.

  • Client Account and Portal Data: Retained for the duration of the active contract plus five years to satisfy corporate liability limitations.

  • Financial and Billing Records: Retained for up to seven years to satisfy international tax compliance mandates.

  • Creative Submissions (Evaluated and Non-Selected): Non-selected demo tracks and accompanying metadata are permanently deleted or anonymized within 180 days of evaluation.

12. Data Security and Incident Response

The Company implements appropriate technical, physical, and administrative safeguards designed to protect personal information from unauthorized access, accidental loss, alteration, or disclosure. These measures include:

  • Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption for all data in transit across the Site.

  • Restricted role-based access controls limiting data visibility to authorized personnel.

  • Regular technical vulnerability assessments and server-level security logging.

In the event of a security breach affecting unencrypted personal information, the Company will notify the competent supervisory authorities (including the ANPD in Brazil) and the affected data subjects in accordance with the timelines and procedures established by applicable laws.

13. International Data Transfers

The Company operates an international infrastructure involving cross-border data transfers between the United States, Brazil, and other regional data nodes.

Transfers from the Brazilian Company to the US Company or other international destinations are carried out in compliance with Resolution CD/ANPD No. 19/2024. The Company utilizes ANPD-approved Standard Contractual Clauses incorporated into its intercompany agreements to ensure an equivalent level of protection for data subjects’ rights.

14. Children’s Privacy (Explicit COPPA Compliance)

The Site is directed to professional adults engaged in the music, design, and entertainment industries. The Company does not knowingly collect personal data from children under the age of 13 through the Site.

In the event that the Company discovers it has inadvertently collected personal data from a child under 13 without verifiable parental consent, the Company will permanently delete all such records from its active databases and backups within 48 hours.

If any service offered by the Company is deemed a “mixed audience” service under COPPA, the Company enforces a zero-retention model for children under 13. No children’s data is retained beyond the temporary window required to fulfill a singular transaction or query, and in no event is children’s data retained indefinitely or utilized for behavioral profiling or third-party ad targeting.

15. User Rights and Jurisdictional Choices

Depending on the User’s jurisdiction, the User may possess specific legal rights regarding their personal data :

A. Rights under the LGPD (Brazil) and GDPR (Europe)

  • Confirmation and Access: The right to obtain confirmation of whether the Company processes their data and to receive a detailed copy of such data.

  • Correction: The right to request the rectification of incomplete, inaccurate, or outdated records.

  • Anonymization, Blocking, or Deletion: The right to request the deletion or restriction of processing for unnecessary or non-compliant data.

  • Portability: The right to request the transfer of their data to another service provider.

  • Information Sharing: The right to receive detailed information regarding the public or private entities with which the Company has shared their data.

  • Consent Withdrawal: The right to revoke consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

B. Rights under the CCPA (California, US)

  • Right to Know: The right to request disclosure of the categories and specific pieces of personal data collected, the sources of collection, the commercial purpose, and the categories of third parties to whom the data is disclosed.

  • Right to Delete: The right to request the deletion of personal data, subject to statutory exemptions.

  • Right to Opt-Out of Sale or Sharing: The right to direct the Company not to share personal data for cross-context behavioral advertising.

  • Right to Limit Sensitive Data Use: The right to limit the processing of sensitive personal information to necessary operational functions.

  • Right to Non-Discrimination: The right to be free from discriminatory treatment for exercising CCPA privacy rights.

To exercise these rights, the User may submit a formal request to [email protected]. The Company will verify the User’s identity before responding to any request.

16. Contact Us and Data Protection Officer Designation

In compliance with Article 41 of the LGPD and ANPD Regulation CD/ANPD No. 18/2024, the Company has designated a Data Protection Officer responsible for handling communications in Portuguese and coordinating compliance activities.

  • Designated DPO Entity: L’Una Studios Compliance Committee

  • Responsible Natural Person: Senior Privacy Officer

  • DPO Contact Email: [email protected]

  • Mailing Address: L’Una Studios LTDA, Attn: DPO Department, Goiânia, State of Goiás, Brazil.

Terms & Conditions of Use

1. Acceptance of Terms

This document governs the use of the website https://desings.lunaxstudios.com/, and any associated webpages, forms, portals, and dashboards managed by the Company. By accessing, browsing, or utilizing the Site, the User acknowledges they have read, understood, and agreed to be bound by these Terms & Conditions. If the User does not agree to these terms, they must immediately cease using the Site.

2. Services Provided (Serviços Prestados)

The Site serves as an international commercial platform providing design, music, and software services, catalog distribution, and royalty management solutions. The Company makes reasonable commercial efforts to ensure that the descriptions, visual representations, portfolio images, and details displayed on the Site are as accurate and up-to-date as possible.

However, all descriptions, graphics, photos, and representations are non-binding, purely illustrative, and subject to change or modification without prior notice.

3. Data and Information Limitations (Limitação Contratual de Dados)

The content, resources, and articles displayed on the Site are provided for general informational purposes only. While the Company endeavors to maintain updated and accurate data, the Site may contain typographical errors, imprecisions, or omissions.

The User agrees that any download, use, or reliance on the information, files, or services provided through the Site is conducted at the User’s sole risk and discretion.

The Company does not assume liability for any direct or indirect damage to the User’s hardware, software systems, or loss of commercial data resulting from technical malfunctions, malware, or server connectivity interruptions.

The User agrees to notify the Company immediately at [email protected] upon identifying any technical errors, data gaps, or structural malfunctions, providing a detailed description of the affected URL, browser configuration, and device operating system used.

4. Intellectual Property Rights

All content displayed on the Site—including graphics, custom layout designs, text, icons, trademark logos, proprietary software code, animations, video elements, audio files, and the compilation thereof—is the exclusive property of the Company, its corporate affiliates, or its licensing partners. It is protected by the Copyright, Trademark, and Industrial Property laws of Brazil and the United States, as well as international treaties.

  • Any replication, redistribution, extraction, commercial exploitation, adaptation, or public transmission of the Content, in whole or in part, is strictly prohibited without the prior written authorization of the Company.

  • Unauthorized use of the Content may constitute an infringement of intellectual property rights and subject the violator to civil and criminal penalties under applicable laws.

5. Hyperlink Integrity and Controls

The Site may contain links to external, third-party websites or online networks. The Company has no administrative control over these external properties, does not endorse their content, and does not guarantee their security, accuracy, or compliance.

The User assumes all risks associated with accessing third-party links and must review the terms of use and privacy policies of those external services.

The User may not establish a hyperlink to the Site without the prior written authorization of the Company. Any request to implement such hyperlinks must be submitted to [email protected]. The Company reserves the right to accept or refuse any hyperlink request at its sole discretion, without providing justification.

6. Disclaimer of Warranties

The Site and all content, services, and digital tools provided through it are made available on an “as-is” and “as-available” basis, without warranties of any kind, either express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement.

The Company does not warrant that the Site will be uninterrupted, error-free, secure, or free of viruses or other harmful components.

7. Dispute Resolution and Governing Law

These Terms & Conditions and any disputes arising from the use of the Site shall be governed by and construed in accordance with the laws of the State of Goiás, Brazil, for operations and transactions originating in South America. The courts of Goiânia, Goiás, shall have exclusive jurisdiction over any legal proceedings arising from such matters.

For transactions, accounts, and operations originating in North America, these terms shall be governed by the laws of the State of Georgia, United States, and any dispute shall be resolved exclusively within the state or federal courts located in Fulton County, Georgia.