This Privacy Policy describes how SongFriend ("we," "us") collects, uses, and shares information when you use the service. We aim to collect as little as possible and never sell your information.
1. What we collect
- Account info: your email address and a hashed (one-way encrypted) password.
- Songs you write or save: the lyrics, chord progressions, and inputs (story, mood tags, etc.) you provide and generate.
- Subscription info: if you subscribe, we store your subscription status and Stripe customer ID. We do not store your credit card number — Stripe handles that.
- Usage data: a count of songs you generate each month, to enforce the free-tier limit.
- Standard server logs: our hosting provider (Vercel) records request data such as IP address and timestamps. Logs are retained briefly for debugging and security.
2. What we don't collect
- We don't use third-party analytics or advertising trackers.
- We don't track you across other websites.
- We don't fingerprint your browser or device.
- We don't sell your data to anyone, ever.
3. Cookies
SongFriend uses only essential cookies needed to keep you logged in. We don't use marketing, advertising, or analytics cookies.
4. Service providers we use
To run SongFriend, certain data is shared with these third parties. Each is a reputable company with its own privacy policy:
- Supabase — stores your account, songs, and subscription data.
- Vercel — hosts the application and processes requests.
- Stripe — processes payments. We never see or store your card details.
- Anthropic — provides the AI model that generates song output. Your generation inputs (story, mood tags, etc.) are sent to Anthropic to produce the song. Per Anthropic's commercial terms, your data is not used to train their models.
5. AI processing of your inputs
When you generate a song, the text inputs you provide (story, mood, location, etc.) are sent to Anthropic's API along with our system prompt to produce the output. Anthropic states that API conversations are not used to train their models by default and are retained only briefly for abuse monitoring. See Anthropic's privacy policy for their full practices.
6. Your rights
- Access / export: email us and we'll send you a copy of the data we hold about you.
- Deletion: email us and we'll delete your account and all associated data. Note that some data may persist briefly in backups or server logs.
- Correction: you can update your email and password directly within the app.
7. California residents (CCPA / CPRA)
If you live in California, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act: the right to know what we collect, the right to delete, the right to correct, and the right to opt out of any sale (we do not sell personal information). To exercise these rights, email us.
8. EU / UK residents (GDPR / UK GDPR)
If you live in the EU or UK, you have the right to access, correct, delete, restrict, or port your personal data, and to object to its processing. Email us to exercise these rights.
9. Children and SongFriend for Kids
SongFriend is not directed at children. Neither the main SongFriend site nor the SongFriend for Kids section (/kids) is intended for use by anyone under 13.
SongFriend for Kids is a tool designed for adults — parents, teachers, caregivers, grandparents — who want to make songsfor the children in their lives. The adult creates the account, subscribes if they choose to, types every input, and reviews every generated song. Children do not sign up, do not interact with the site, and are never asked to provide information.
We do not knowingly collect any personal information about children from the SongFriend for Kids experience. The only inputs sent to the AI model are what the adult explicitly types (a story or theme, selected feelings, places, and things). No child-specific identifiers, voice recordings, images, or behavioral data are ever collected. If we learn that a child under 13 has created an account, we will delete it.
Parents and guardians can email us at any time to review, correct, or delete anything associated with their account.
10. Security
Passwords are hashed with industry-standard algorithms (handled by Supabase). All connections are encrypted in transit via HTTPS. We take reasonable measures to protect data but no system is perfectly secure.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision.
12. Contact
Privacy questions, data requests, or concerns? Email petec@tuta.com.