← Back

Privacy Policy

Privacy Policy

Last updated: JULY 11, 2026

The short version

ROYALTY LEDGER is an invite-only tool for tracking and splitting royalties. We collect the minimum we need to run it. We don't sell your data, we don't show ads, and we don't share your financial information with anyone outside the vendors listed below who help us operate the service.

If you'd rather not read the whole thing, that's the gist.


Who we are

ROYALTY LEDGER is operated by THE GREAT EXPERIENCE CO., based in Michigan, United States. You can reach us at hello@gr8x.co about anything in this policy.

Who this policy covers

This policy applies to people with an account on ROYALTY LEDGER, and to visitors of https://royalties.gr8x.co, and any custom company subdomains linked to the ROYALTY LEDGER service. Accounts are invite-only — you can't sign up on your own.


What we collect

Account information. When you're invited and set up an account, we store your name, your email address, and a securely hashed version of your password. We never store your password in a form we can read.

Royalty and sales data. This is the whole point of the service. That includes sales reports you upload, data we pull from platforms you connect (see below), the splits and agreements you configure, and the calculated results.

Information about other people. Royalty reports often contain personal information about collaborators, co-writers, performers, and payees — names, split percentages, earnings amounts. When you upload or sync that data, we store it so we can do the math. See "Data about third parties" below, because this one has strings attached.

Usage and log data. Standard server logs: IP address, browser type, pages visited, timestamps. We use this to debug problems and keep the service secure.

What we don't collect. We don't collect bank account numbers, routing numbers, tax IDs, or payment credentials. ROYALTY LEDGER calculates what people are owed — it does not move money, and it has no reason to hold the information required to do so. If we ever change that, we'll update this policy and tell you before it takes effect.


Data about third parties

Some of the data in your account is about people who never signed up for ROYALTY LEDGER and never agreed to this policy — your collaborators.

We treat that data as yours to control and yours to be responsible for. We don't contact those people, market to them, or use their information for anything other than producing the reports and calculations you asked for. When you delete a report or close your account, that data goes with it.

By uploading data about other people, you're confirming you have the right to do so — usually because you have an agreement with them. That's covered in more detail in the Terms of Service.


How we use your data

That's the whole list. We do not use your data to train AI models, build advertising profiles, or generate any kind of aggregate product we sell to anyone.


Who we share data with

We don't sell your data. We don't rent it, trade it, or hand it to data brokers. We have never done this and we have no plans to.

We do use a small number of vendors ("subprocessors") whose infrastructure the service runs on. They can technically touch your data because it lives on their servers, and they're each contractually bound to handle it only for the purpose of providing us their service:

<!-- EDIT THIS LIST. Delete what you don't use, add what you do. -->
VendorWhat they doWhere
SupabaseDatabase and user authenticationUnited States
VercelApplication hostingUnited States
ResendTransactional email (invites, password resets)United States

Platforms you connect. If you authorize ROYALTY LEDGER to pull data from a service like Shopify, Vimeo, or a distributor, we'll read data from that platform on your behalf. We only read — we don't write anything back, and we don't send your ROYALTY LEDGER data to them. You can revoke that connection at any time from your account settings.

Legal requests. If we get a valid subpoena, court order, or other lawful demand, we may have to disclose data. If that ever happens, we'll notify you unless we're legally prohibited from doing so.

If the service is sold or transferred. If ROYALTY LEDGER is ever acquired or transferred, your data would go with it. We'd tell you before that happened and give you a chance to export your data and leave.


Cookies

We use cookies to keep you logged in. That's it — a session cookie so you don't have to re-enter your password on every page.

<!-- If you add analytics (Vercel Analytics, Plausible, Fathom, PostHog, etc.), you MUST add a sentence here saying so and naming the tool. Don't forget. -->

How long we keep things

If you need something deleted sooner, email us and we'll take care of it.


Security

Data is encrypted in transit (HTTPS) and at rest. Passwords are hashed, not stored. Access to the production database is limited to people who need it to operate the service.

No system is perfectly secure, and we're not going to pretend otherwise. If we ever discover a breach that affects your data, we'll tell you promptly and tell you what we know.


Your rights

You can, at any time:

If you're a California resident, you have additional rights under the CCPA/CPRA, including the right to know what personal information we've collected and the right to request deletion. We extend these rights to everyone regardless of where you live, because it's easier and it's the right thing to do. Email hello@gr8x.co and we'll respond within 30 days.

We will never discriminate against you for exercising any of these rights.


Children

ROYALTY LEDGER is not intended for anyone under 18 and we don't knowingly collect information from children.


Changes to this policy

We may update this policy. If we make a material change — especially one that affects how we use or share your data — we'll email you before it takes effect, not after.


Contact

Questions, concerns, requests: hello@gr8x.co


Adapted in part from the Basecamp open-source policies / CC BY 4.0.