Privacy Policy

Last updated: TBD

[Company Name] ("we", "us", "our") operates [Brand Domain] (the "Service"). This Privacy Policy explains how we handle your personal information.

1. Data we collect

• Account: email address, name (optional)
• Order content: text you submit to generate songs (brief details, names, occasions)
• Technical: IP, browser type, device fingerprint, cookies (see Cookie Policy)
• Payment: handled by [TODO: Stripe / payment processor], we do not store card data

2. How we use your data

• To generate the song you requested (legal basis: contract performance, GDPR Art. 6(1)(b))
• To prevent fraud and abuse (legitimate interest, GDPR Art. 6(1)(f))
• To send transactional emails (contract performance)
• Marketing communications only with explicit opt-in (GDPR Art. 6(1)(a))

3. Third parties we share data with

• AI providers (Suno, OpenRouter) — to generate music and lyrics
• Email service ([TODO])
• Payment processor ([TODO])
• Hosting provider (Railway, US/EU regions)

4. Your rights (GDPR / UK GDPR)

You have the right to: access, rectify, erase, restrict, port, and object. Contact: [TODO: privacy@brand.com]

5. California residents (CCPA / CPRA)

You may request: to know what we collect, to delete, to opt out of "sale" or "sharing" of personal information. [TODO: "Do Not Sell or Share My Personal Information" mechanism]

6. Children

The Service is not directed to children under 13 (US, per COPPA) or under 16 (EU). We do not knowingly collect data from minors.

7. Data retention

Account data: until deletion request. Generated songs: [TODO: X days/years]. Logs: 90 days.

8. International transfers

Data is processed in [TODO: regions]. Transfers to non-EU countries rely on Standard Contractual Clauses where applicable.

9. Contact

[TODO: Company Name]
[TODO: Address]
Email: [TODO: privacy@brand.com]
EU Representative (if no EU office): [TODO]
Data Protection Officer (if required): [TODO]