graphic_eq
TonalBrain
Get Started
arrow_backBack to Home

Privacy Policy

Last updated: February 2026

1. Introduction

TonalBrain ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Data We Collect

2.1 Account Information

When you create an account, we collect information you provide directly to us, including:

  • Name (if provided)
  • Email address
  • Password (encrypted and hashed)
  • Credit balance and purchase history
  • Device activation information

2.2 Payment Information

Payment processing is handled by Stripe, a secure third-party payment processor. We do not store your complete credit card information on our servers. Stripe is PCI-DSS compliant and handles all sensitive payment data in accordance with industry security standards.

2.3 Usage Analytics

We use Umami Analytics to understand how visitors interact with our website. This includes:

  • Pages visited and time spent on pages
  • Browser type and version
  • Operating system
  • Referring website
  • General geographic location (country/region level)

2.4 Plugin Usage Data

The TonalBrain plugin may collect limited technical data to improve service quality, including:

  • Plugin version and build information
  • DAW host application and version
  • Operating system version
  • Crash reports and error logs (with no audio content)

We do not collect, store, or transmit your audio content. Your music remains entirely on your local machine.

2.5 Cookies

We use cookies and similar tracking technologies to:

  • Keep you logged into your account
  • Remember your preferences
  • Analyze website traffic
  • Prevent fraud and abuse

3. How We Use Your Data

We use the collected information for the following purposes:

  • Providing and maintaining the Service
  • Processing payments and managing credit balances
  • Creating and managing your account
  • Communicating with you about service updates, support, and security
  • Improving our product, features, and user experience
  • Complying with legal obligations
  • Detecting, preventing, and addressing technical issues and security threats

4. Data Sharing & Third Parties

4.1 Service Providers

We share data with the following trusted third-party service providers:

Supabase (Database & Authentication)

Stores user account data and handles authentication. Your data is encrypted at rest.

View Supabase Privacy Policy →

Stripe (Payment Processing)

Processes all payment transactions. We do not store your complete payment card details.

View Stripe Privacy Policy →

Cloudflare Turnstile (CAPTCHA)

Prevents automated abuse and bots. Analyzes device characteristics and browser behavior.

View Cloudflare Privacy Policy →

Umami (Website Analytics)

Anonymous website analytics. Does not use cookies or track individual users across sessions.

View Umami Privacy Policy →

GitHub (Code Hosting & Issue Tracking)

If you submit bug reports or feature requests, your public GitHub information may be visible.

View GitHub Privacy Statement →

4.2 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights:

5.1 Right to Access

You may request a copy of the personal data we hold about you, including details of how we use it.

5.2 Right to Rectification

You may request correction of inaccurate or incomplete personal data.

5.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data, subject to certain legal exceptions (e.g., we may need to retain some data for accounting or legal compliance purposes).

5.4 Right to Data Portability

You may request your data in a structured, commonly used format.

5.5 Right to Object

You may object to certain processing activities, such as direct marketing communications.

5.6 How to Exercise Your Rights

To exercise any of these rights, please contact us via our contact page. We will respond to your request within 30 days.

6. Data Retention

We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. Upon account deletion, your personal data will be deleted within 30 days, except where we are required by law to retain certain records (e.g., tax documents).

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Secure authentication protocols
  • Regular security reviews and updates
  • Access controls limiting data access to authorized personnel only

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with data, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us via our contact page.