Analytics consent

Help us improve SongGift with anonymous usage analytics. Analytics stays off until you choose.

Legal

Privacy Policy

Last updated: April 14, 2026

Summary

SongGift ("we", "us") helps you create custom AI-generated song gifts. This page explains what information we collect, how we use it, and the choices you have. We aim for plain language. This policy is general information, not legal advice.

Who we are

SongGift operates this website and the song generation service. You can reach us at support@songgift.app for any privacy question or request.

Information we collect

We collect the following categories of information:

  • Account data. When you sign up we store your email address, a hashed password, and an optional full name. If you sign in with Google, we also receive your name and Google account identifier from Google's OAuth response.
  • Order data. When you create a song gift you provide a contact email, recipient name, optional recipient email, occasion, mood, style, language, a short personal memory (up to 500 characters), and a dedication message (up to 200 characters).
  • Payment data. Payments are handled entirely by Stripe. We never see or store your card number. We keep Stripe identifiers (checkout session, payment intent, customer id) and our internal credit history so we can reconcile your purchase.
  • Generated assets. The lyrics and audio file produced for your order are stored in our private storage bucket and served to you via signed, expiring links.
  • Usage data. If you accept analytics, PostHog receives anonymised product events such as page views and button clicks. No session recordings and no autocapture.
  • Technical data. Our servers write operational logs (request metadata, order ids, error details) so we can debug issues and keep the service reliable.

How we use your information

We use the information above to create and deliver your song, process payments, send transactional email (order confirmations and delivery notifications), operate and secure the service, and comply with our legal obligations. We do not use your data for advertising and we do not sell it.

Legal bases (GDPR)

If you are in the EU, UK, or EEA, we rely on the following legal bases: contract to deliver a song you ordered, legitimate interests to keep the service secure and improve it, consent for optional analytics, and legal obligation where required.

Sub-processors

We rely on the following trusted providers to run SongGift. Each receives only the data needed to perform its function.

  • Supabase Database, authentication, and file storage
  • Stripe Payment processing
  • Resend Transactional email delivery
  • PostHog Product analytics (only when you opt in)
  • OpenAI Lyric generation
  • Kie / Suno Music generation

Cookies and local storage

We use cookies and local storage sparingly: authentication cookies set by Supabase to keep you signed in, a theme preference (songgift-theme:v1), and your analytics consent choice (songgift-analytics-consent:v1). You can decline analytics in the banner and nothing is sent to PostHog.

Data retention

We keep your account and order data for as long as your account is active. Delivery links expire automatically — download links after 7 days, shareable listen links after 30 days. You can ask us to delete your account and associated data at any time by emailing support@songgift.app.

International transfers

Our sub-processors may store and process your data in the United States or the European Union. Where required, these transfers are covered by the providers' standard contractual clauses or equivalent safeguards.

Your rights (GDPR)

If you are in the EU, UK, or EEA, you have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You can also withdraw consent for analytics at any time. To exercise any of these rights, email support@songgift.app. You also have the right to lodge a complaint with your local data protection authority.

California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion or correction, and to opt out of any "sale" or "sharing" of personal information. We do not sell your personal information and we do not share it for cross-context behavioral advertising. You can request exercise of your rights by emailing support@songgift.app. We will not discriminate against you for exercising these rights.

Children

SongGift is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child has given us personal information, contact us and we will delete it.

Security

We use industry-standard safeguards including encrypted connections (HTTPS), hashed passwords, Row Level Security on our database, and private storage with signed URLs. No system is perfectly secure, but we take reasonable steps to protect your information.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be highlighted on this page.

Contact

Questions, requests, or concerns about this policy? Email us at support@songgift.app.