Privacy Policy

Last updated: March 28, 2026

1. Introduction

SongCreator ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our music creation and distribution platform at songcreator.app ("the Service").

This policy complies with applicable data protection regulations including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and platform-specific requirements from YouTube (Google) and TikTok.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password (stored as a cryptographic hash)
  • Content Inputs: Song themes, topics, language preferences, genre selections, and creative direction you provide
  • Payment Information: Billing details processed securely through our payment provider (Stripe). We do not store credit card numbers on our servers.

2.2 Information from Third-Party Platforms

  • YouTube (Google): When you connect your YouTube account via OAuth 2.0, we receive your channel name, channel ID, and an access/refresh token to upload videos on your behalf. We access YouTube API Services and comply with Google's Privacy Policy.
  • TikTok: When you connect your TikTok account via OAuth 2.0, we receive your display name, user ID, and an access token to publish videos on your behalf. We comply with TikTok's Privacy Policy.

2.3 Automatically Collected Information

  • Usage Data: Pages visited, features used, pipeline creation history, credit consumption
  • Device Data: Browser type, operating system, IP address, device identifiers
  • Cookies: Session cookies for authentication and preferences. We do not use third-party tracking cookies.

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To generate songs, create videos, and distribute content to your connected platforms
  • Account Management: To authenticate your identity, manage subscriptions, and process payments
  • Platform Integration: To upload content to YouTube and TikTok on your behalf using authorized API access
  • Service Improvement: To analyze usage patterns and improve the Service's functionality and performance
  • Communication: To send service-related notifications, billing updates, and policy changes
  • Security: To detect, prevent, and address technical issues, fraud, and abuse
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over encrypted connections (TLS/SSL)
  • Passwords are stored using bcrypt cryptographic hashing
  • Third-party platform credentials (OAuth tokens) are encrypted at rest using AES-256 (Fernet encryption)
  • Access to production systems is restricted and monitored
  • Regular security assessments are conducted

Generated content (audio files, videos, images) is stored on our servers for the duration of your subscription. Upon account deletion, content is permanently removed within 30 days.

5. Data Sharing and Third Parties

We share your information only in the following circumstances:

  • Third-Party Platforms: Content and metadata are shared with YouTube and TikTok when you initiate uploads through the Service. This sharing is governed by their respective privacy policies.
  • Service Providers: We use third-party AI services (for music generation, image generation, and text generation) that process your creative inputs. These providers do not retain your personal data.
  • Payment Processor: Stripe processes your payment information under their Privacy Policy.
  • Legal Requirements: We may disclose information when required by law, court order, or governmental regulation.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. YouTube API Services

Our Service uses YouTube API Services. By using the Service and connecting your YouTube account, you agree to be bound by the YouTube Terms of Service and acknowledge Google's Privacy Policy.

Specifically regarding YouTube API data:

  • We only access YouTube data necessary for uploading videos and setting metadata
  • YouTube OAuth tokens are encrypted and stored securely
  • You can revoke our access at any time via Google Account Permissions
  • We do not access, store, or process YouTube analytics, comments, or viewer data
  • We retain YouTube API data only for the duration of your active account

7. TikTok API

Our Service uses the TikTok Content Posting API. By connecting your TikTok account, you acknowledge TikTok's Privacy Policy.

  • We only access TikTok data necessary for publishing videos
  • TikTok OAuth tokens are encrypted and stored securely
  • You can disconnect your TikTok account at any time through the Service settings
  • We do not access, store, or process TikTok analytics, followers, or engagement data

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Restriction: Request limitation of data processing
  • Withdraw Consent: Withdraw consent for data processing at any time

To exercise any of these rights, contact us at support@songcreator.app. We will respond within 30 days.

9. Data Retention

  • Account Data: Retained for the duration of your active account
  • Generated Content: Retained for the duration of your subscription; deleted within 30 days of account closure
  • OAuth Tokens: Retained until you disconnect the platform or delete your account
  • Usage Logs: Retained for 90 days for security and analytics purposes
  • Payment Records: Retained as required by applicable tax and financial regulations

10. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a user is under 18, we will take steps to delete their account and associated data.

11. International Data Transfers

Your data may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 30 days prior to taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact Us

For privacy-related inquiries, data requests, or concerns, contact us at:

privacy@songcreator.app

If you believe your privacy rights have been violated, you have the right to lodge a complaint with your local data protection authority.