1. Introduction and Scope
Sunlight Productions Holdings LLC (“Sunlight Productions,” “Company,” “we,” “us,” or “our”) respects the privacy rights of individuals who visit, access, or use our website located at https://sunlight.productions and any associated domains, subdomains, applications, or services (collectively, the “Site”).
This Privacy Policy explains how we collect, use, store, disclose, and safeguard personal information in compliance with applicable U.S. federal law and California privacy laws, including the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act (“CPRA”) (Cal. Civ. Code §§ 1798.100 et seq.).
This Policy applies to visitors, customers, clients, account holders, vendors, contractors, and other users interacting with the Site or our services, including our film/media activities and our musical instruments business (manufacture, parts/accessories, and repair services).
2. Definitions
- Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual or household.
- Sensitive Personal Information: As defined under CPRA, including certain government identifiers, precise geolocation, or other categories designated as sensitive under California law.
- Processing: Any operation performed on personal information, including collection, storage, use, disclosure, or deletion.
- Service Provider: A third party that processes personal information on our behalf pursuant to a written contract.
- Third Party: Any entity other than Sunlight Productions and our service providers.
- Sharing: Under CPRA, certain disclosures of personal information for cross-context behavioral advertising.
3. Categories of Personal Information Collected
3.1 Information You Provide Directly
We may collect personal information you choose to provide, including:
- Full name
- Email address
- Phone number (if provided)
- Billing and shipping address (if provided)
- Company/organization name (if applicable)
- Account credentials (username and encrypted password)
- Customer support records and communications
- Information you submit through inquiry forms, contact forms, or chat/message features
- Repair intake information (e.g., instrument details, service requests, photos you provide, and scheduling/communication details)
- Email marketing preferences (subscription status and communication choices)
3.2 Information Collected Automatically
When you use the Site, we may automatically collect:
- IP address and approximate location derived from IP
- Device identifiers and browser type/version
- Operating system and settings
- Referring page/exit page and clickstream data
- Pages viewed, session duration, and interaction data
- Date/time stamps and diagnostic logs
- Cookie and similar tracking identifiers
3.3 Sensitive Personal Information
We do not intentionally collect sensitive personal information (as defined by CPRA) unless it is provided by you for a specific purpose and permitted by law. We do not require government identification numbers or biometric identifiers to use the Site.
Payment card data is handled by third-party payment processors (if and when payments are offered). We do not store full payment card numbers on our servers.
4. Purposes for Collection and Use
We use personal information for the following business and commercial purposes:
- To provide and manage creative services, production services, consulting, and project communications
- To operate account-based features (registration, authentication, account management)
- To respond to inquiries, support requests, and customer communications
- To provide repair, maintenance, customization, and technical servicing (including scheduling and intake)
- To deliver digital products and downloads (where offered in the future)
- To send transactional messages and service updates
- To send marketing communications where permitted by law and based on your preferences
- To maintain Site security, detect fraud, and prevent unauthorized access
- To improve Site performance, content quality, and user experience
- To comply with legal, accounting, and tax obligations
- To enforce our Terms of Use and other agreements
5. Cookies and Tracking Technologies (Analytics & Advertising)
We use cookies and similar technologies (such as pixels and SDKs) for essential site functions, security, analytics, and advertising measurement. These technologies may collect information about your device and your interactions with our Site over time.
Google Analytics. We use Google Analytics to understand how visitors use our Site (e.g., pages viewed, time on page, referral sources), and to improve performance and content. Google may set cookies or use similar identifiers to collect usage information.
Meta Pixel (Facebook Pixel). We use the Meta Pixel to help measure site activity and the performance of marketing campaigns. Meta may collect or receive information about your activity on our Site and may use it in accordance with Meta’s policies. (We may not always run ads, but the pixel may still be present for measurement and future use.)
Your controls. You can manage cookies through your browser settings. Blocking cookies may impact certain Site features (such as login).
Consent / opt-out tools. We intend to provide a cookie consent and opt-out mechanism. Once implemented, you will be able to manage certain analytics/advertising cookies and pixels through that tool.
Global Privacy Control (GPC). Where required by law, we treat GPC signals as a request to opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising.
6. Disclosure of Personal Information
We do not sell personal information for money. However, under California law, certain uses of cookies and pixels for targeted advertising and measurement may be considered “sharing” personal information for cross-context behavioral advertising.
6.1 Service Providers
We may share personal information with vendors that help operate our business, including:
- Website hosting, storage, and infrastructure providers
- Security, fraud prevention, and analytics providers (including Google Analytics)
- Email and communications service providers (including marketing email providers)
- Scheduling and customer service tools (where used)
Service providers are required by contract to use personal information only for the services they provide to us and to implement appropriate safeguards.
6.2 Legal and Regulatory Authorities
We may disclose information if required by law, legal process, court order, subpoena, or governmental request, or if we believe disclosure is necessary to:
- Protect the rights, property, or safety of the Company, users, or others
- Enforce agreements or investigate fraud/security issues
- Respond to lawful requests by public authorities
6.3 Business Transfers
If we undergo a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate confidentiality and legal protections.
6.4 Advertising and “Sharing” (California)
We may allow third-party advertising/measurement partners (including Meta) to collect information through cookies or pixels on our Site to help measure performance and understand site activity. Under the CPRA, this may be considered “sharing” personal information for cross-context behavioral advertising.
Categories that may be shared (depending on your interactions and settings) can include:
- Identifiers (such as cookie IDs, device identifiers, and IP address)
- Internet or network activity (such as pages viewed, clicks, and interactions)
- Approximate location derived from IP address
Opt out. California residents can opt out of “sharing” for cross-context behavioral advertising. See Section 9 for how to submit an opt-out request and for our treatment of Global Privacy Control (GPC) signals.
7. Data Retention
We retain personal information only as long as reasonably necessary to fulfill the purposes described in this Policy, including to comply with legal, accounting, tax, and reporting obligations; to resolve disputes; and to enforce agreements. Retention periods vary based on the type of data and applicable legal requirements.
8. Data Security
We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, loss, misuse, or alteration. No system can guarantee 100% security. You are responsible for maintaining the confidentiality of your account credentials.
9. California Privacy Rights (CCPA / CPRA)
9.1 Your Rights
California residents may have the right to:
- Know the categories and specific pieces of personal information collected, used, and disclosed
- Access personal information
- Delete personal information, subject to legal exceptions
- Correct inaccurate personal information
- Opt out of “selling” or “sharing” (as defined by California law), including sharing for cross-context behavioral advertising
- Limit the use and disclosure of sensitive personal information (if applicable)
- Non-discrimination for exercising privacy rights
Opt-out signals (GPC). Where required by law, we treat Global Privacy Control (GPC) signals as an opt-out of “sale”/“sharing.”
Because you currently do not use a cookie banner, opt-out controls may be limited until a consent/opt-out tool is implemented. We intend to implement a consent/opt-out mechanism (see Section 5).
9.2 How to Submit a Request
To exercise your California privacy rights, submit a request using one of the following:
- Email: privacy@sunlight.productions
- Mail: Sunlight Productions Holdings LLC, 2108 N St Ste N, Sacramento, CA 95816
Include your name, the email associated with your account (if applicable), and the type of request (Access, Delete, Correct, Opt-Out, etc.).
9.3 Authorized Agents
You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization and may also require you to verify your identity directly.
9.4 Verification and Response Timing
We will verify requests as required by law. We will respond within the timeframes required by California law. We may request additional information to verify your identity and to understand your request.
9.5 Non-Discrimination
We will not discriminate against you for exercising any privacy rights. However, certain features of the Site may require personal information to function properly (for example, account access).
10. Email Marketing Preferences
If you opt in to marketing emails, you can unsubscribe at any time by using the “unsubscribe” link in our emails or by contacting us at privacy@sunlight.productions. Transactional or service-related messages (such as responses to inquiries or account/security notices) may still be sent when necessary.
11. Children’s Privacy
The Site is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us to request deletion.
12. Third-Party Links
The Site may contain links to third-party websites. We are not responsible for the privacy practices, content, or security of third-party sites. Review third-party privacy policies before providing personal information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Updates become effective when posted on this page. Your continued use of the Site after changes are posted constitutes acceptance of the updated policy.