Privacy Policy

Last updated: April 17, 2026

This Privacy Policy explains how SoundMogul (“we”, operated by Byron Brown) collects, uses, and protects your information when you use soundmogul.app.

Short version: we collect the minimum data needed to run the Service, we never sell your data, we never train AI on your private content, and you can export or delete your data anytime.

1. What We Collect

Account data: email, name, password (hashed), OAuth provider info.
Profile data: artist/producer role, genres, DAW, goals, skill levels, location city, social handles (all optional — from onboarding).
Usage data: AI messages, calendar events, releases, contacts, saved studios/resources you create in-app.
Payment data: processed entirely by Stripe. We store only the Stripe customer ID and subscription status — never card details.
Technical data: IP address, browser type, pages visited (via Sentry for error monitoring).
Consent data: timestamps of when you accepted Terms and opt-in preferences.

2. How We Use Your Data

To provide the Service (MAESTRO chat, calendar, etc.)
To personalize MAESTRO's advice based on your profile
To send transactional emails (password reset, trial-ending alerts, weekly briefs)
To process payments (via Stripe)
To monitor errors and improve reliability (via Sentry)
To enforce rate limits and prevent abuse (via Upstash)
To comply with legal obligations

3. Third Parties We Share Data With

SoundMogul uses the following service providers. Your data is shared only to the extent necessary to provide these functions:

Supabase — authentication + database hosting
Anthropic — AI processing for MAESTRO. Your chat messages are sent to Anthropic for response generation. Anthropic does not train models on your data (per their API terms).
Stripe — subscription billing and card processing
Google Places — studio search (only your search query + city)
Resend — transactional email delivery
Upstash — rate limiting (stores daily message counts only)
Sentry — error monitoring (stack traces and runtime context)
Vercel — hosting and deployment

We do not sell your data to anyone. Ever.

4. Your Rights

Under GDPR, CCPA, and similar laws, you have the right to:

Access your data — view it anytime in the app
Export a copy of your data — request via Settings → Data
Correct inaccurate data — edit in Settings
Delete your account and data — Settings → Delete Account
Object to processing — contact hello@soundmogul.app

5. Cookies

We use essential cookies only — for session management (keeping you logged in) and CSRF protection. We do not use tracking cookies, advertising cookies, or third-party analytics cookies at this time. If that changes, we'll update this policy and notify you.

6. Data Retention

We retain your data while your account is active. If you delete your account, we retain a backup for 30 days (for recovery), then permanently delete all data except records we are legally required to keep (e.g., payment records for 7 years for tax compliance).

7. Data Security

All data is encrypted in transit (HTTPS) and at rest (Supabase/Postgres encryption). Passwords are hashed with bcrypt via Supabase Auth. Payment data is handled by Stripe (PCI-DSS Level 1 certified) — we never touch card data. API keys and secrets are stored in environment variables, never in code.

8. Children's Privacy

SoundMogul is not intended for users under 13 (or 16 in the EU/UK). If we learn we have collected data from a minor, we delete it immediately.

9. International Users

Our servers are located in the United States. By using SoundMogul, you consent to the transfer of your data to the U.S. for processing.

10. Changes to This Policy

We may update this policy. Material changes will be communicated via email or in-app notification at least 14 days before they take effect.

11. Contact

Privacy questions or data requests? Email hello@soundmogul.app.