This Privacy Policy describes how SongFriend ("we," "us") collects, uses, and shares information when you use the service. We aim to collect as little as possible and never sell your information.
1. What we collect
- Account info: your email address and a hashed (one-way encrypted) password.
- Songs you write or save: the lyrics, chord progressions, and inputs (story, mood tags, etc.) you provide and generate.
- Subscription info: if you subscribe, we store your subscription status and Stripe customer ID. We do not store your credit card number — Stripe handles that.
- Usage data: a count of songs you generate each month, to enforce the free-tier limit.
- Standard server logs: our hosting provider (Vercel) records request data such as IP address and timestamps. Logs are retained briefly for debugging and security.
2. What we don't collect
- We don't use third-party analytics or advertising trackers.
- We don't track you across other websites.
- We don't fingerprint your browser or device.
- We don't sell your data to anyone, ever.
3. Cookies
SongFriend uses only essential cookies needed to keep you logged in. We don't use marketing, advertising, or analytics cookies.
4. Service providers we use
To run SongFriend, certain data is shared with these third parties. Each is a reputable company with its own privacy policy:
- Supabase — stores your account, songs, and subscription data.
- Vercel — hosts the application and processes requests.
- Stripe — processes payments. We never see or store your card details.
- Anthropic — provides the AI model that generates song output. Your generation inputs (story, mood tags, etc.) are sent to Anthropic to produce the song. Per Anthropic's commercial terms, your data is not used to train their models.
5. AI processing of your inputs
When you generate a song, the text inputs you provide (story, mood, location, etc.) are sent to Anthropic's API along with our system prompt to produce the output. Anthropic states that API conversations are not used to train their models by default and are retained only briefly for abuse monitoring. See Anthropic's privacy policy for their full practices.
6. Your rights
- Access / export: email us and we'll send you a copy of the data we hold about you.
- Deletion: email us and we'll delete your account and all associated data. Note that some data may persist briefly in backups or server logs.
- Correction: you can update your email and password directly within the app.
7. California residents (CCPA / CPRA)
If you live in California, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act: the right to know what we collect, the right to delete, the right to correct, and the right to opt out of any sale (we do not sell personal information). To exercise these rights, email us.
8. EU / UK residents (GDPR / UK GDPR)
If you live in the EU or UK, you have the right to access, correct, delete, restrict, or port your personal data, and to object to its processing. Email us to exercise these rights.
9. Children
SongFriend is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn we have, we will delete it.
10. Security
Passwords are hashed with industry-standard algorithms (handled by Supabase). All connections are encrypted in transit via HTTPS. We take reasonable measures to protect data but no system is perfectly secure.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision.
12. Contact
Privacy questions, data requests, or concerns? Email petec@tuta.com.