Privacy Policy

1. Introduction

MusicFlowAI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered music generation platform. Please read this policy carefully to understand our practices regarding your personal data.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide:

• Account information (name, email address, password)
• Profile information and preferences
• Payment and billing information
• Content you create (lyrics, music descriptions, channel names, producer personas)
• Communications with our support team

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Performance and error logs
• Cookies and similar tracking technologies

2.3 Information from Third Parties

We may receive information from:

• Authentication providers (Stack Auth)
• YouTube (when you connect your channel for publishing)
• Payment processors (for billing purposes)
• AI service providers (for content generation features)

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Process your transactions and manage subscriptions
• Generate AI-powered content based on your inputs
• Store and manage your music library and content
• Publish videos to YouTube on your behalf (with your authorization)
• Send you service-related notifications and updates
• Improve and optimize the Service
• Analyze usage patterns and trends
• Detect and prevent fraud or abuse
• Comply with legal obligations
• Provide customer support

4. AI and Content Generation

Our Service uses AI technologies to generate content. Here's how we handle your data:

• Your prompts and inputs are sent to AI service providers (OpenAI, Moonshot AI, Google Gemini, FAL AI) to generate content
• These providers may process your data according to their own privacy policies
• We use Vercel AI Gateway to route requests without storing API keys in our codebase
• Generated content (lyrics, music, images, videos) is stored in our cloud storage (Cloudflare R2)
• We do not use your content to train AI models without your explicit consent
• You retain ownership of all content you create using the Service

5. Data Storage and Security

5.1 Where We Store Your Data

Your data is stored in:

• Neon PostgreSQL (serverless database for account and metadata)
• Cloudflare R2 (for audio files, videos, and images)
• AWS Lambda (for temporary video rendering)

5.2 Security Measures

We implement security measures including:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure authentication through Stack Auth
• Encrypted storage of OAuth tokens for YouTube
• Regular security audits and updates
• Access controls and permission systems
• Secure API key management

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share data with:

• Stack Auth (authentication and user management)
• OpenAI and Moonshot AI (lyric generation via Vercel AI SDK)
• Google Gemini (image generation)
• FAL AI (audio and image generation)
• MiniMax (music generation via FAL AI)
• YouTube/Google (video publishing, with your authorization)
• Cloudflare (file storage and CDN)
• AWS (video rendering on Lambda)
• Payment processors (billing and subscriptions)

6.2 Legal Requirements

We may disclose your information if required to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Enforce our Terms of Service

6.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

7. YouTube Integration

When you connect your YouTube channel:

• We request OAuth permissions to upload videos on your behalf
• Your YouTube OAuth tokens are encrypted and stored securely
• We only access YouTube data necessary to provide publishing features
• You can revoke access at any time through your Google Account settings or our dashboard
• We comply with YouTube's API Services Terms of Service
• We automatically refresh tokens before expiry to maintain publishing capabilities

YouTube's privacy policy is available at: https://policies.google.com/privacy

8. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences and settings
• Analyze usage patterns and improve the Service
• Provide security features

You can control cookies through your browser settings, but disabling cookies may limit functionality.

9. Your Rights and Choices

You have the right to:

• Access your personal information
• Correct inaccurate or incomplete data
• Delete your account and associated data
• Export your content and data
• Opt out of marketing communications
• Withdraw consent for data processing (where consent is the legal basis)
• Object to certain data processing activities
• Lodge a complaint with a data protection authority

To exercise these rights, please contact us through your account settings or support channels.

10. Data Retention

We retain your information:

• As long as your account is active
• As necessary to provide the Service
• To comply with legal obligations
• To resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where we are required to retain it for legal purposes.

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect and how we use it
• Right to delete your personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

15. GDPR Rights (European Users)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us through:

• The support channels available in your account dashboard
• The contact information provided on our website

We will respond to your inquiry within a reasonable timeframe.