Privacy Policy

1. Information We Collect

We may collect the following types of information when you use Cream Soda:

• Account information: email address and basic profile data when you sign up or sign in through Supabase.
• Usage data: prompts, generation settings (such as genre, vibe, tempo), and information about how often and when you use features like music generation, preview, and playlists.
• Subscription and billing data: plan type, subscription status, and related metadata processed via Stripe (we do not store your full payment card details on our servers).
• Technical data: IP address, device information, browser type, and approximate location derived from your connection, used for security and to operate the Service.

2. How We Use Your Information

We use the information we collect to:

• Authenticate you and maintain your session using Supabase.
• Provide core features of the Service, such as generating and streaming AI music, managing tokens, and saving playlists.
• Manage your subscription, billing, and plan limits through Stripe and our token system.
• Monitor for abuse or suspicious activity, including rate limiting and security logging.
• Improve the Service by analyzing anonymized or aggregated usage patterns.
• Communicate with you about updates, service changes, and support requests.

3. Legal Bases for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or other regions that require a legal basis for processing, we process your personal data on one or more of the following bases:

• To perform a contract with you (for example, when providing the Service and subscriptions).
• With your consent (for example, when you create an account or enable certain features).
• For our legitimate interests (for example, to secure, maintain, and improve the Service), provided those interests are not overridden by your rights.
• To comply with legal obligations.

4. How We Share Information

We do not sell your personal information. We may share your information with third parties in the following situations:

• Service providers: We use trusted providers such as Supabase (for authentication, database, and storage) and Stripe (for payment processing and subscription management).
• Compliance and safety: We may disclose information if required by law or if we believe in good faith that it is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to appropriate safeguards.

5. Data Retention

We retain your information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. For example, we keep subscription and payment records as required by accounting and tax laws.

If you delete your account or request deletion, we will remove or anonymize personal data that we are not legally required to keep, within a reasonable time. Certain usage records, such as anonymized token usage history or aggregated statistics, may be retained to help us understand and improve the Service, but they will no longer be directly linked to your identity.

6. Your Rights & Choices

Depending on your location, you may have certain rights regarding your personal information, such as the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data, subject to legal obligations.
• Object to or restrict certain processing.
• Receive a copy of your data in a portable format where technically feasible.

You can also manage many aspects of your data directly in the app, such as updating your profile or deleting your account (for example, via the profile/settings dialogs).

7. Cookies & Similar Technologies

When you first visit Cream Soda, we may show a cookie consent banner so you can choose to accept all cookies or only those necessary for the service. Your choice is stored locally and the banner will not be shown again unless you clear site data.

Cream Soda may use cookies or similar technologies (such as local storage) to keep you signed in, remember your preferences, and help protect your account. Some of these technologies are provided by Supabase or other third parties as part of our authentication and analytics tooling.

You can typically control cookies through your browser settings, but disabling certain cookies may affect the functionality of the Service.

8. Data Security

We take reasonable technical and organizational measures to protect your information, including using Supabase and Stripe's security features, access controls, and logging. However, no online service can be completely secure, and we cannot guarantee absolute security of your data.

9. Logs, Analytics & Error Monitoring

To operate and troubleshoot Cream Soda, we use infrastructure and monitoring tools (such as Supabase and Sentry) that may collect technical logs, including IP address, browser and device information, request metadata, and error details. This information is used primarily for security, performance monitoring, and debugging, not for building marketing profiles.

We may also keep a limited history of your in-app activity, such as token usage logs and key events (for example, when you generate a track or change your subscription), so that you can review your own usage and so we can respond to support or billing questions. Where possible, we aggregate or pseudonymize this data to reduce privacy risk.

10. International Transfers

Your information may be stored and processed in countries other than your own, where data protection laws may differ. When we transfer personal data, we take steps to ensure that it is protected in accordance with this Privacy Policy and applicable law.

11. Children's Privacy

Cream Soda is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date at the top of this page and may notify you through the Service or by other reasonable means. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us through the support or inquiry features provided in the app.