Privacy Policy

Privacy Policy

ainastudios.org

Effective Date: April 16, 2026 Last Updated: April 16, 2026

1. Who We Are

This Privacy Policy describes how Ends of the Earth Media Inc., a Hawaiʻi nonprofit corporation doing business as Aina Studios ("Aina Studios," "we," "us," or "our"), collects, uses, discloses, and protects personal information in connection with ainastudios.org and our related applications, platforms, software, programs, recordings, publications, and services (collectively, the "Services").

Ends of the Earth Media Inc. is a 501(c)(3) public charity (EIN 87-0814824) with a principal address at 75-5851 Kuakini Hwy #42, Kailua-Kona, HI 96740. For all privacy matters, we are the "data controller" for the personal information we collect (or the equivalent term under your jurisdiction's law).

If you have questions about this Policy or our privacy practices, contact us at tyler@endsoftheearth.media.

2. Scope

This Policy applies to personal information we collect through the Services. It does not apply to third-party websites, platforms, or services that we link to or integrate with (such as distributors, payment processors, analytics providers, or ministry partners), each of which has its own privacy policy.

3. Information We Collect

Information you provide directly. We collect information you give us when you use the Services, including:

  • Contact and profile information: name, email address, mailing address, phone number, country of residence, date of birth (where required), profile photo, username, password;
  • Donation information: donation amount, frequency, designation, payment method type (handled by our payment processor), and name/address as required for tax receipts;
  • Purchase information: items purchased, price, shipping address, order history, and (for digital products) the account associated with the delivery;
  • User Content: recordings, lyrics, compositions, demos, photos, videos, written submissions, applications for programs, testimonies, comments, and other content you upload, submit, or share;
  • Program and consulting information: applications, questionnaires, intake forms, emergency contacts (for programs involving travel or minors), parental or guardian consent (for minors), and other information reasonably needed to run the program you have enrolled in;
  • Communications: messages you send us through contact forms, email, chat, social media, or while participating in our community.

Information collected automatically. When you access the Services, we and our service providers may automatically collect:

  • Device and browser information (device type, operating system, browser type, language, time zone);
  • Log data (IP address, access times, pages viewed, referring/exit URLs);
  • Usage data (features used, interactions with content, playback and download events for our media);
  • Cookies, web beacons, pixels, SDKs, and similar technologies (see Section 8).

Information from third parties. We may receive information about you from:

  • Payment processors (Stripe, PayPal, or similar) — transaction confirmations, partial payment-method details;
  • Distribution platforms (DSPs, CCLI, PROs, the MLC) — royalty and analytics data;
  • Analytics providers — aggregated engagement data;
  • Ministry partners, YWAM Kona, or collaborators — where you engage with us through their programs;
  • Social media platforms — if you interact with our profiles or log in using a social credential.

Sensitive information. We do not knowingly collect government-issued ID numbers, health information, precise geolocation, biometric data, or financial account numbers. Payment card numbers are submitted directly to our payment processor and not stored by us. If we ever need to collect sensitive personal information (for example, passport information for travel, or background check results for minor-facing roles), we will obtain separate consent as required by law.

4. How We Use Personal Information

We use personal information to:

  • Operate, maintain, and improve the Services;
  • Process donations, issue tax receipts, and send acknowledgment letters;
  • Process purchases and deliver goods, downloads, licenses, and subscriptions;
  • Administer accounts, authenticate users, and provide customer support;
  • Administer training programs, bootcamps, workshops, applications, and consulting engagements;
  • Facilitate music releases, publishing, distribution, royalty accounting, and collaboration with artists;
  • Communicate with you about donations, purchases, programs, releases, events, ministry updates, and organizational news (you may unsubscribe at any time);
  • Personalize content and recommend programs or resources;
  • Analyze usage, measure performance, and improve our content and platforms;
  • Protect the security and integrity of the Services and investigate suspected misuse;
  • Comply with legal obligations (including 501(c)(3) recordkeeping, IRS reporting, Hawaiʻi state charitable registration, and responses to lawful requests);
  • Protect the rights, safety, and property of Aina Studios, our staff and volunteers, our users, and the public.

5. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area, United Kingdom, or another jurisdiction requiring a legal basis for processing, we rely on one or more of the following bases:

  • Consent: for marketing emails, optional analytics, certain cookies, and sensitive processing. You may withdraw consent at any time.
  • Contract: to process donations, deliver goods and services, administer accounts, and fulfill programs you have signed up for.
  • Legitimate interests: to operate, secure, and improve the Services, to understand how they are used, to promote our charitable mission, and to prevent fraud and abuse. We balance these interests against your rights and freedoms.
  • Legal obligation: to meet tax, charitable, accounting, and other compliance requirements.
  • Vital interests: where processing is necessary to protect someone's life (e.g., in a medical emergency during a program).
  • Public interest / charitable activities: where recognized by applicable law for not-for-profit religious and charitable organizations.

6. How We Share Personal Information

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

We may disclose personal information to:

  • Service providers and processors who perform functions on our behalf (hosting, email delivery, payment processing, analytics, CRM, fundraising, customer support, shipping, distribution). They are bound by contractual obligations to protect personal information and to use it only for the purposes we specify.
  • Payment processors (such as Stripe or PayPal) to process donations and purchases. These processors handle card data under their own privacy policies and are responsible for PCI-DSS compliance.
  • Distribution and rights platforms (DSPs, CCLI, ASCAP/BMI/SESAC, the MLC, distributors such as DistroKid) to release, track, and collect royalties on music.
  • Affiliated artists, co-writers, producers, authors, and collaborators where necessary to pay royalties, split fees, issue credits, or administer co-owned works, consistent with applicable project agreements.
  • YWAM Kona and other ministry partners where you have enrolled in or applied to a joint program and disclosure is necessary to run that program.
  • Professional advisors (auditors, accountants, lawyers, insurance carriers) under confidentiality obligations.
  • Successor organizations in connection with a merger, consolidation, reorganization, or transfer of charitable assets. Any successor must honor the commitments of this Policy or provide notice to affected individuals.
  • Authorities and third parties when we reasonably believe disclosure is necessary to comply with a legal obligation, respond to lawful requests (such as subpoenas), enforce our Terms, protect rights, property, or safety, or investigate fraud or abuse.
  • With your consent for any other disclosure.

Aggregated or de-identified information that cannot reasonably be used to identify you may be shared for research, reporting, grant documentation, and mission storytelling.

7. International Data Transfers

We are based in the United States. If you access the Services from outside the U.S., your personal information will be transferred to, stored, and processed in the U.S. and in other countries where we or our service providers operate.

For transfers of personal information from the European Economic Area, United Kingdom, or Switzerland to the United States or other countries that have not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses ("SCCs"), the UK International Data Transfer Addendum, or other lawful transfer mechanisms. Contact us for a copy of the safeguards in place.

8. Cookies and Similar Technologies

We use cookies, local storage, pixels, and similar technologies to:

  • Operate core Service functionality (strictly necessary);
  • Remember your preferences;
  • Measure how the Services are used and improve them (analytics);
  • Support limited marketing and retargeting (where permitted and with consent where required).

Where required by law (for example, under the EU ePrivacy rules), we present a cookie banner allowing you to accept, reject, or manage non-essential cookies. You can also control cookies through your browser settings; blocking certain cookies may affect the Services. We honor Global Privacy Control (GPC) signals from your browser as an opt-out of sale/sharing for applicable U.S. residents.

9. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations (including IRS and state charitable recordkeeping — generally seven years for financial records, and permanently for certain governance records), resolve disputes, and enforce our agreements.

When personal information is no longer needed, we delete, anonymize, or securely archive it. Backup copies may persist for a reasonable period until overwritten.

10. Data Security

We use reasonable administrative, technical, and physical safeguards to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS), access controls, least-privilege principles for volunteers and staff, and vetted service providers. No system is perfectly secure, however, and we cannot guarantee absolute security. If we become aware of a personal data breach affecting you, we will notify you and the appropriate authorities as required by applicable law (including the 72-hour notification window under the GDPR where applicable).

11. Your Rights

Depending on where you live, you may have the following rights with respect to your personal information. To exercise any of these rights, contact tyler@endsoftheearth.media and describe your request. We will respond within the timeframes required by applicable law.

Rights available in many jurisdictions (including the GDPR/UK GDPR):

  • Access — request a copy of the personal information we hold about you.
  • Rectification — request correction of inaccurate or incomplete information.
  • Erasure / deletion — request deletion of your information (subject to exceptions such as legal retention obligations, defense of legal claims, and records we must keep to maintain our 501(c)(3) status).
  • Restriction — request that we limit how we process your information.
  • Objection — object to processing based on legitimate interests, or to direct marketing at any time.
  • Portability — request a machine-readable copy of information you provided to us.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint — with your local supervisory authority. In the EU/UK, you may contact your national Data Protection Authority.

California residents (CCPA/CPRA). You have the right to:

  • Know what categories and specific pieces of personal information we have collected, the sources, purposes, and categories of recipients;
  • Delete personal information we have collected from you, subject to exceptions;
  • Correct inaccurate personal information;
  • Opt out of the "sale" or "sharing" of personal information (we do not sell or share as defined);
  • Limit the use and disclosure of sensitive personal information (we do not use sensitive PI for purposes requiring this limit);
  • Not be discriminated against for exercising these rights.

You may also designate an authorized agent to make requests on your behalf. We will verify your identity using information reasonably necessary to confirm you are the person to whom the information relates.

Other U.S. states. Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, and other states with comprehensive privacy laws have similar rights, which we will honor consistent with those laws.

Response times. We generally respond within 45 days under CCPA/CPRA (extendable by 45 days), and within 30 days under GDPR/UK GDPR (extendable by 60 days for complex requests).

12. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent as required by the Children's Online Privacy Protection Act ("COPPA"). If you are a parent or guardian and believe we have collected personal information from a child under 13, contact us at tyler@endsoftheearth.media and we will promptly delete the information.

Individuals aged 13 to 17 may participate in Aina Studios programs, events, and activities — including YWAM Kona partner programs — only with the verifiable consent of a parent or legal guardian. We collect only the information reasonably necessary to administer the program, protect the minor, and comply with applicable law. Volunteers and staff working with minors are subject to background-check and supervision requirements. Certain child-safety protocols (reporting of suspected abuse, chaperone policies, photo-release consent) apply independently of this Policy.

Parents and guardians may review, correct, or request deletion of their minor's information by contacting us.

13. Marketing Communications

We send email updates, newsletters, fundraising appeals, ministry stories, and release announcements to donors, supporters, and subscribers. You can unsubscribe at any time through the unsubscribe link in any email or by contacting us. We will still send transactional messages (donation receipts, purchase confirmations, account notices) as necessary.

14. Third-Party Services and Links

The Services may contain links to or integrate with third parties — including payment processors, DSPs, CCLI, PROs, analytics providers, social media platforms, and ministry partners. We do not control those third parties. Their use of your information is governed by their own privacy policies, which we encourage you to review.

15. Do Not Track

Because there is no industry consensus on how to respond to "Do Not Track" browser signals, we do not currently respond to DNT. We do honor Global Privacy Control (GPC) signals as described in Section 8 for applicable users.

16. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the "Last Updated" date above and, for material changes, provide additional notice (such as a banner or email). Your continued use of the Services after the updated Policy takes effect constitutes acceptance.

17. Contact Us

Ends of the Earth Media Inc. (DBA Aina Studios) Attn: Privacy — Tyler Grieve, President 75-5851 Kuakini Hwy #42 Kailua-Kona, HI 96740 Email: tyler@endsoftheearth.media EIN: 87-0814824

EEA/UK residents: You may also contact your local Data Protection Authority. If you would like to direct a privacy request specifically to our GDPR / UK GDPR processing, please use the email above and indicate "GDPR Request" in the subject line.

Aina Studios is the DBA of Ends of the Earth Media Inc., a Hawaiʻi nonprofit corporation and 501(c)(3) public charity. This Privacy Policy is informational and does not form a contract; your use of the Services is governed by our Terms and Conditions and any applicable EULA.