Skip to main content
VocaloriaVocaloria

Privacy Policy

Last updated: June 2, 2026

1. What We Collect

  • Email address — when you register, used for account management and verification
  • Password — stored as a one-way bcrypt hash; we cannot read it
  • IP address — used to enforce daily usage limits for anonymous users and logged out sessions
  • Usage data — number of audio generations per day, stored to enforce plan limits
  • Payment data — handled entirely by Stripe; we only store your Stripe customer ID
  • Generated text — the text you submit for audio generation is sent to a third-party voice API and is not stored by us

2. How We Use Your Data

  • To provide and improve the Service
  • To send account-related emails (verification, billing)
  • To enforce usage limits and prevent abuse
  • To process payments via Stripe

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

  • Stripe — payment processing. Subject to Stripe's Privacy Policy
  • Resend — transactional email delivery. Subject to Resend's Privacy Policy
  • Voice synthesis API — your submitted text is sent to a third-party API to generate audio. We do not control how this third party handles the data
  • Google Analytics 4 — we use Google Analytics to understand how visitors use our site (pages visited, session duration, country). This data is anonymized and aggregated. Subject to Google's Privacy Policy

4. Cookies

We use the following cookies:

  • Session cookie (session) — keeps you logged in. HttpOnly, not accessible by JavaScript, expires after 30 days.
  • Analytics cookies (_ga, _ga_*) — set by Google Analytics to measure site usage. These are first-party cookies scoped to our domain. You can opt out via Google Analytics Opt-out.
  • Consent cookie (cookie_consent) — stores your cookie banner acknowledgement in localStorage.

We do not use advertising or cross-site tracking cookies.

5. Data Retention

We retain your account data for as long as your account is active. Usage counters older than 90 days are periodically purged. You may request deletion of your account and all associated data by contacting us.

6. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict processing
  • Data portability

To exercise these rights, contact us at [email protected].

7. Security

Passwords are hashed with bcrypt. Session tokens are signed JWTs stored in HttpOnly cookies. We use HTTPS in production. However, no method of transmission over the internet is 100% secure.

8. Children

The Service is not directed at children under 13. We do not knowingly collect data from children under 13. If we become aware of such data, we will delete it promptly.

9. Changes

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the Service constitutes acceptance.

10. Contact

For privacy-related questions: [email protected]