Privacy Policy
Last Updated: Dec 9, 2025
At AirMusic, your privacy is not just a policy—it's a core value embedded in everything we build. This comprehensive Privacy Policy explains what information we collect, how we use it, who we share it with, and how we protect it. We've written this in plain English so it's easy to understand, while still providing the legal details you need.
Effective Date: December 14, 2025 Last Updated: December 14, 2025
1. Information We Collect
We collect information to provide, improve, and protect our AI music generation services. Here's a detailed breakdown of what we collect and why.
1.1 Account Information
When you create an account, we collect:
| Data Type | Purpose | Required |
|---|---|---|
| Email address | Account verification, communications, password recovery | Yes |
| Full name | Personalization, identification | Yes |
| Password | Account security (stored as secure hash) | Yes |
| Profile picture | Profile personalization | No |
| Username | Public identification (if you choose to make content public) | No |
| Phone number | Two-factor authentication, account recovery | No |
| Date of birth | Age verification (for compliance purposes) | No |
1.2 Content and Usage Data
When you use AirMusic's AI tools, we collect:
Music Generation Data:
- Text prompts and descriptions you enter
- Genre, mood, and style preferences you select
- Duration and format settings you choose
- Generated audio files and their metadata
- Lyrics you write or generate
- Project names and organizational data
Audio Processing Data:
- Audio files you upload for processing
- Vocal separation results
- Voice cloning samples and models (with your explicit consent)
- AI cover generation inputs and outputs
- Audio enhancement and mastering preferences
Interaction Data:
- Songs you like, save, or download
- Playlists you create
- Comments and feedback you provide
- Features and tools you use most frequently
- Time spent on different functions
- Error reports and crash logs
1.3 Technical Information
We automatically collect technical data to ensure optimal service:
Device Information:
- Device type (desktop, mobile, tablet)
- Operating system and version
- Browser type and version
- Screen resolution
- Hardware capabilities (for audio processing optimization)
- Unique device identifiers
Network Information:
- IP address
- Internet service provider
- Connection type and speed
- Geographic location (country/region level)
Session Information:
- Pages and features visited
- Time and duration of visits
- Navigation paths through our service
- Referring URLs (how you found us)
- Exit pages
1.4 Payment and Billing Information
When you make purchases, we collect:
- Payment method type (credit card, PayPal, etc.)
- Billing name and address
- Transaction amounts and dates
- Subscription plan details
- Invoice history
- Refund and dispute records
Important Security Note: We never store complete credit card numbers, CVV codes, or other sensitive payment credentials. All payment processing is handled by PCI DSS Level 1 certified payment processors (Stripe, PayPal, LemonSqueezy).
1.5 Communications Data
We collect information from your communications with us:
- Support tickets and help requests
- Email correspondence
- Chat conversations
- Survey responses
- Feedback and feature requests
- Community forum posts (if applicable)
1.6 Third-Party Data
We may receive information from third parties:
- Social media profiles (if you sign in with Google, Apple, etc.)
- Marketing partners (with appropriate consent)
- Fraud prevention services
- Analytics providers
2. How We Use Your Information
We use your information for specific, legitimate purposes. Here's exactly how:
2.1 Providing Our Services
- Account Management: Create, authenticate, and manage your account
- Music Generation: Process your prompts and generate AI music
- Audio Processing: Perform vocal separation, voice cloning, and audio enhancement
- Content Storage: Safely store your generated music and projects
- Feature Access: Enable premium features based on your subscription
- Personalization: Remember your preferences and settings
2.2 Improving Our Technology
- AI Training: Improve our music generation models using aggregated, de-identified usage patterns
- Quality Enhancement: Analyze generation quality to improve outputs
- Bug Fixes: Identify and resolve technical issues
- Feature Development: Understand which features are most valuable
- Performance Optimization: Optimize server response times and processing speed
AI Training Transparency: We may use prompts and generated content to improve our AI models. This data is processed in aggregate and anonymized form. You can opt out of AI training use in your privacy settings while still using our full service.
2.3 Communications
- Transactional Emails: Order confirmations, password resets, subscription updates
- Service Notifications: Feature updates, maintenance alerts, security notices
- Marketing (with consent): New features, tips, tutorials, promotional offers
- Support: Respond to your questions and help requests
- Legal Notices: Policy changes, compliance notifications
2.4 Safety and Security
- Fraud Prevention: Detect and prevent fraudulent activity
- Content Moderation: Ensure generated content meets our guidelines
- Abuse Prevention: Protect against misuse of our services
- Security Monitoring: Detect unauthorized access attempts
- Legal Compliance: Meet our legal and regulatory obligations
2.5 Business Operations
- Analytics: Understand how our service is used overall
- Business Planning: Make informed decisions about service improvements
- Financial Reporting: Accurate accounting and financial management
- Legal Protection: Defend against legal claims if necessary
3. Legal Bases for Processing (GDPR)
For users in the European Economic Area (EEA), we process your data based on these legal grounds:
| Legal Basis | When It Applies |
|---|---|
| Contract Performance | Providing our services, processing payments, account management |
| Legitimate Interests | Service improvement, security, fraud prevention, analytics |
| Consent | Marketing communications, AI training participation, optional features |
| Legal Obligation | Tax records, responding to legal requests, compliance requirements |
You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
4. Data Sharing and Disclosure
We do not sell your personal information. This is a firm commitment.
We only share data in these limited circumstances:
4.1 Service Providers
We work with carefully selected companies that help us operate:
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure | Hosting, storage, computing | All service data (encrypted) |
| Payment Processors | Transaction handling | Payment and billing info |
| Email Services | Transactional and marketing emails | Email, name |
| Analytics | Usage analysis | Anonymized usage data |
| Customer Support | Help desk services | Support-related data |
| CDN Providers | Content delivery | Generated audio files |
| Security Services | Threat detection | Technical logs |
All service providers are bound by strict data processing agreements and can only use your data to provide services to us.
4.2 Legal Requirements
We may disclose your information when required by law:
- Valid court orders or subpoenas
- Government agency requests with legal authority
- To protect someone's life or safety
- To protect AirMusic's legal rights
- To investigate potential violations of our Terms of Service
We will notify you of legal requests when legally permitted to do so.
4.3 Business Transfers
If AirMusic is involved in a merger, acquisition, or sale:
- We will notify you before your data is transferred
- This policy will continue to apply to your data
- You will have the option to delete your data before transfer
- The new entity will be bound by this Privacy Policy
4.4 With Your Consent
We may share data in other situations, but only with your explicit permission.
4.5 Aggregated Data
We may share anonymized, aggregated statistics that cannot identify you (e.g., "50% of users prefer jazz-style generation").
5. Cookies and Tracking Technologies
5.1 Types of Cookies We Use
Strictly Necessary Cookies
- Authentication and login status
- Security tokens
- Load balancing
- Session management
- Cannot be disabled (service won't work without them)
Functional Cookies
- Language preferences
- Theme settings (light/dark mode)
- Audio player preferences
- UI customizations
- Recently used features
Analytics Cookies
- Page view tracking
- Feature usage patterns
- Session duration
- Navigation paths
- Error tracking
We use: Google Analytics, Clarity (Microsoft)
Marketing Cookies (if enabled)
- Ad effectiveness measurement
- Remarketing audiences
- Campaign attribution
- Social media integration
5.2 Third-Party Tracking
Third parties that may set cookies on our site:
| Third Party | Purpose | Privacy Policy |
|---|---|---|
| Google Analytics | Usage analytics | Google Privacy |
| Stripe | Payment processing | Stripe Privacy |
| Clarity | Behavior analytics | Microsoft Privacy |
5.3 Managing Cookies
Browser Controls:
- Most browsers let you block or delete cookies in Settings > Privacy
- Blocking all cookies may prevent some features from working
Our Cookie Settings:
- Use our cookie consent banner to manage preferences
- Adjust settings anytime in your account privacy settings
Do Not Track:
- We currently do not respond to browser "Do Not Track" signals
- We recommend using our cookie settings instead
6. Data Security
6.1 Technical Safeguards
Encryption:
- TLS 1.2+ (with TLS 1.3 preferred) for all data in transit
- AES-256 encryption for data at rest
- End-to-end encryption for sensitive operations
- Secure key management using Hardware Security Modules (HSM)
Infrastructure Security:
- Hosting on enterprise-grade cloud providers (AWS, GCP, Azure)
- Multi-region redundancy for disaster recovery
- DDoS protection and mitigation
- Web Application Firewall (WAF)
- Regular vulnerability scanning
- Annual penetration testing by third parties
Application Security:
- Secure software development lifecycle (SDLC)
- Code reviews and security testing
- Dependency vulnerability monitoring
- Input validation and sanitization
- Protection against OWASP Top 10 vulnerabilities
6.2 Organizational Safeguards
Access Controls:
- Role-based access control (RBAC)
- Principle of least privilege
- Multi-factor authentication for all staff
- Regular access reviews and audits
- Background checks for employees with data access
Operations:
- 24/7 security monitoring
- Incident response procedures
- Security awareness training
- Vendor security assessments
- Regular security audits
6.3 Your Role in Security
Help keep your account safe:
- Use a strong, unique password (12+ characters recommended)
- Enable two-factor authentication
- Don't share your login credentials
- Log out on shared or public computers
- Report suspicious activity immediately
- Keep your devices and browsers updated
6.4 Breach Notification
In the event of a data breach affecting your personal information:
- We will notify affected users within 72 hours of discovery
- We will notify relevant regulatory authorities as required
- We will provide details about what data was affected
- We will explain steps we're taking to address the breach
- We will offer guidance on protecting yourself
7. Data Retention
We retain your data only as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Active account + 30 days after deletion request | Service provision, account recovery |
| Generated Music | Until you delete it or close account | Your content ownership |
| Audio Uploads | 30 days after processing (or until you delete) | Processing completion |
| Voice Clone Models | Until you delete | Feature provision |
| Payment Records | 7 years after transaction | Legal and tax requirements |
| Support Conversations | 3 years | Quality assurance, legal protection |
| Analytics Data | 26 months | Service improvement |
| Server Logs | 90 days | Security and debugging |
| Marketing Data | Until consent withdrawal + 30 days | Marketing purposes |
After Retention:
- Data is permanently deleted or anonymized
- Deleted data is unrecoverable after 30-day grace period
- Backups are purged according to our backup rotation schedule
8. Your Privacy Rights
8.1 Universal Rights
All users have the right to:
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete information
- Deletion: Request deletion of your personal data
- Portability: Receive your data in a machine-readable format
- Opt-Out: Unsubscribe from marketing communications
- Object: Object to certain processing activities
8.2 How to Exercise Your Rights
Self-Service (Instant):
- Account Settings > Privacy: Download, delete, or modify your data
- Email Preferences: Unsubscribe links in all marketing emails
- Cookie Settings: Manage cookie preferences
Contact Us:
- Email: [email protected]
- Subject line: "Privacy Request - [Your Request Type]"
- Include your account email for verification
Response Time:
- Simple requests: Within 7 days
- Complex requests: Within 30 days (45 days maximum for CCPA)
- We may need to verify your identity before processing
8.3 Identity Verification
To protect your privacy, we may verify your identity before processing requests:
- Requests from logged-in accounts are automatically verified
- Email requests require verification from your registered email
- We may ask additional questions for sensitive requests
- Authorized agents must provide written authorization
9. International Data Transfers
9.1 Where We Process Data
AirMusic processes data in:
- United States (primary)
- European Union (for EU users)
- Other regions as needed for service delivery
9.2 Transfer Safeguards
For international transfers, we use:
- Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
- Adequacy Decisions: Transfers to countries with adequate protection
- Binding Corporate Rules: Internal data transfer policies
- Privacy Shield Principles: Although no longer valid for transfers, we still follow these principles
9.3 Your Choices
If you're concerned about international transfers:
- Contact us to discuss data localization options
- Enterprise customers may have regional hosting options
10. Children's Privacy
10.1 Age Requirements
- AirMusic is designed for users 13 years and older
- In the EU/EEA, users must be 16+ (or have parental consent)
- We do not knowingly collect data from children under these ages
10.2 Parental Rights
If you believe your child under 13 (or 16 in EU) has created an account:
- Contact us immediately at [email protected]
- We will verify and delete the account within 48 hours
- No data from child accounts will be used for any purpose
10.3 Educational Use
For educational institutions using AirMusic with minors:
- Contact us for special educational agreements
- Additional protections may be available
- Parental consent requirements apply
11. California Residents (CCPA/CPRA)
If you're a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
11.1 Your California Rights
- Right to Know: What personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Correct: Correct inaccurate personal information
- Right to Opt-Out: Opt out of "sale" or "sharing" of personal information
- Right to Limit: Limit use of sensitive personal information
- Right to Non-Discrimination: Equal service regardless of exercising rights
11.2 Information We Collect (CCPA Categories)
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, IP address | Yes |
| Personal Information (Cal. Civ. Code §1798.80) | Name, address, payment info | Yes |
| Protected Classifications | Age (for verification only) | Limited |
| Commercial Information | Transaction history, subscription plans | Yes |
| Biometric Information | Voice data for cloning (with consent) | With consent |
| Internet Activity | Browsing history, interactions | Yes |
| Geolocation Data | IP-based location (region level) | Yes |
| Sensory Data | Audio files you upload | Yes |
| Professional Information | N/A | No |
| Education Information | N/A | No |
| Inferences | Preferences, interests | Yes |
| Sensitive Personal Information | Account credentials, voice data | Limited |
11.3 Do Not Sell or Share
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
To make requests, email [email protected] with subject "California Privacy Request."
11.4 Authorized Agents
You may designate an authorized agent to make requests on your behalf:
- Provide signed written authorization
- We may still verify your identity directly
- Agent must provide proof of identity
11.5 Financial Incentive Programs
We may offer financial incentives for participation in programs like:
- Referral bonuses
- Beta testing rewards
- Survey participation rewards
These incentives are reasonably related to the value of your data. You can opt out at any time without penalty.
12. European Residents (GDPR)
If you're in the European Economic Area (EEA), United Kingdom, or Switzerland:
12.1 Your GDPR Rights
- Access (Art. 15): Obtain confirmation of processing and access to your data
- Rectification (Art. 16): Correct inaccurate personal data
- Erasure (Art. 17): Request deletion ("right to be forgotten")
- Restriction (Art. 18): Restrict processing in certain circumstances
- Portability (Art. 20): Receive data in structured, machine-readable format
- Object (Art. 21): Object to processing based on legitimate interests
- Automated Decision-Making (Art. 22): Not be subject to solely automated decisions
12.2 Data Controller
AirMusic is the data controller for your personal data.
Contact:
- Email: [email protected]
- Data Protection Officer: [email protected]
12.3 Supervisory Authority
You have the right to lodge a complaint with your local data protection authority:
- Find your authority: EDPB Directory
- We encourage you to contact us first so we can resolve your concerns
12.4 Data Processing Agreements
For business customers, we provide Data Processing Agreements (DPAs) compliant with Article 28 of the GDPR. Contact [email protected] for DPA requests.
13. Other Regional Privacy Laws
13.1 Virginia (VCDPA)
Virginia residents have similar rights to access, correct, delete, and opt out. Contact [email protected] for requests.
13.2 Colorado (CPA)
Colorado residents can exercise rights to access, correct, delete, and opt out. We provide universal opt-out recognition.
13.3 Connecticut (CTDPA)
Connecticut residents have rights similar to CCPA/GDPR. All general privacy rights apply.
13.4 Brazil (LGPD)
Brazilian users have rights under the Lei Geral de Proteção de Dados. We comply with all LGPD requirements including consent, access, and deletion rights.
13.5 Canada (PIPEDA)
Canadian users' information is processed in accordance with the Personal Information Protection and Electronic Documents Act.
13.6 Australia (Privacy Act)
Australian users are protected under the Privacy Act 1988. We comply with the Australian Privacy Principles (APPs).
14. Enterprise-Grade Compliance
AirMusic maintains enterprise-level security and compliance standards.
14.1 Security Certifications
SOC 2 Type II Aligned
Our controls align with AICPA Trust Services Criteria:
- Security: Protection against unauthorized access
- Availability: System accessibility and uptime
- Processing Integrity: Complete and accurate processing
- Confidentiality: Protection of confidential information
- Privacy: Personal information handling
ISO/IEC 27001 Aligned
We follow ISO 27001 information security management best practices:
- Comprehensive risk assessment framework
- Security policies and procedures
- Access control management
- Incident response procedures
- Business continuity planning
- Regular internal audits
14.2 Regulatory Compliance
| Regulation | Status | Details |
|---|---|---|
| GDPR | Compliant | Full EU data protection compliance |
| CCPA/CPRA | Compliant | California consumer privacy rights |
| SOC 2 Type II | Aligned | Security controls assessment |
| ISO 27001 | Aligned | Information security management |
| PCI DSS | Compliant | Payment card data security |
| HIPAA | Not Applicable | We don't process health information |
14.3 Enterprise Documentation
For enterprise and business customers:
- Security Questionnaires: Available upon request
- Data Processing Agreements: GDPR-compliant DPAs
- Subprocessor List: Complete list of third-party processors
- Penetration Test Results: Executive summaries available
- Insurance Certificates: Cyber liability and E&O coverage
Contact [email protected] for compliance documentation.
15. AI and Machine Learning
15.1 How We Use AI
AirMusic uses artificial intelligence for:
- Music generation from text prompts
- Vocal separation and isolation
- Voice cloning (with explicit consent)
- Audio quality enhancement
- Content moderation
15.2 AI Training Practices
What We May Use:
- Aggregated, anonymized usage patterns
- Public domain training data
- Licensed training datasets
- Opt-in user contributions
What We Don't Do:
- Train on identifiable user data without consent
- Use your private content to create models for others
- Sell models trained on user data
Your AI Choices:
- Opt out of AI training contribution in privacy settings
- Request deletion of any training data derived from your content
- Full service functionality remains available regardless of choice
15.3 Automated Decision-Making
We use automated systems for:
- Content moderation (flagging potentially problematic content)
- Fraud detection (identifying suspicious activity)
- Feature recommendations (personalized suggestions)
Your Rights:
- Request human review of automated decisions
- Understand the logic involved in automated processing
- Contest decisions that significantly affect you
16. Third-Party Services and Links
16.1 External Links
Our website may contain links to external sites. We are not responsible for their privacy practices. Always review privacy policies before sharing data with third parties.
16.2 Social Media
If you connect AirMusic with social media:
- We only access data you explicitly authorize
- You can disconnect accounts anytime in settings
- Social platforms' privacy policies apply to their processing
16.3 Third-Party Integrations
We may integrate with:
- Social media platforms
- Audio distribution services
- Collaboration tools
- Payment providers
Each integration is governed by both our policy and the third party's policy.
17. Changes to This Policy
17.1 How We Update
- We may update this policy periodically
- Material changes will be announced via email
- Non-material changes take effect upon posting
- We maintain an archive of previous versions
17.2 Your Acceptance
Continuing to use AirMusic after policy changes means you accept the updated policy. If you disagree with changes, please stop using the service and delete your account.
17.3 Version History
| Version | Date | Summary |
|---|---|---|
| 2.0 | December 14, 2025 | Comprehensive update, added compliance sections |
| 1.0 | December 9, 2025 | Initial privacy policy |
18. Contact Us
18.1 Privacy Questions
AirMusic Privacy Team
- General Privacy: [email protected]
- Data Protection Officer: [email protected]
- Enterprise/Legal: [email protected]
18.2 Response Times
- General inquiries: 5-7 business days
- Rights requests: 30 days (45 days for CCPA)
- Security concerns: 24-48 hours
- Enterprise requests: 2-3 business days
18.3 Mailing Address
AirMusic Inc. [Address to be added] United States
Summary of Your Privacy Rights
| Right | How to Exercise |
|---|---|
| Access your data | Account Settings > Privacy > Download Data |
| Correct your data | Account Settings > Profile |
| Delete your data | Account Settings > Privacy > Delete Account |
| Opt out of marketing | Unsubscribe link in emails or Account Settings |
| Manage cookies | Cookie banner or Account Settings > Privacy |
| Make privacy requests | Email [email protected] |
| Report concerns | Email [email protected] |
Your privacy matters to us. If you have any questions, concerns, or feedback about this Privacy Policy or our data practices, please don't hesitate to reach out. We're committed to protecting your information and being transparent about how we use it.
Thank you for trusting AirMusic with your data.