Legal

Privacy Policy

Last updated: March 10, 2026

1. Introduction

Sonematic ("we," "us," or "our") provides a background music generation service for speeches. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services (collectively, the "Service").

By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

  • Account information: Name, email address, and authentication credentials managed through our authentication provider.
  • User content: Scripts and text you submit for tone analysis and music generation.
  • Generated content: Audio files produced by the Service based on your scripts.
  • Payment information: Billing details and transaction history processed through our payment provider. We do not store full credit card numbers on our servers.
  • Usage data: Features used, session duration, interactions with the Service, and performance metrics.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, and referring URLs.

3. How We Collect Information

We collect information through the following means:

  • Directly from you: When you create an account, submit scripts, configure settings, or contact us.
  • Automatically: Through cookies, server logs, and similar technologies when you use the Service.
  • From third-party services: Our authentication provider (Clerk) and payment processor (Stripe) may share account and transaction information with us to facilitate the Service.

4. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service, including AI-powered tone analysis and music generation.
  • Process payments and manage your subscription.
  • Communicate with you about your account, service updates, and respond to support requests.
  • Monitor and improve the performance, reliability, and security of the Service.
  • Detect, prevent, and address technical issues, fraud, and abuse.
  • Comply with legal obligations and enforce our terms of service.

5. AI Data Processing

The Service uses artificial intelligence to analyze your scripts and generate music. Here is how your data is processed by AI systems:

  • Tone analysis: Your scripts are sent to Anthropic and/or OpenAI for AI-powered analysis of tone, emotion, and pacing. This analysis is used solely to inform music generation for your project.
  • Music generation: Based on the tone analysis, music generation requests are sent to ElevenLabs and/or fal.ai to produce instrumental audio tracks.
  • No model training: Your scripts and content are not used to train any AI models. They are processed only to deliver the Service to you.
  • Data minimization: Only the information necessary for analysis and generation is sent to AI providers. We do not send your account details or payment information to AI services.

6. Third-Party Services

We use the following third-party services to operate the Service. Each processes data only for the purposes described:

  • Clerk — Authentication and user account management.
  • Anthropic / OpenAI — AI-powered tone and emotion analysis of scripts.
  • ElevenLabs / fal.ai — AI-powered instrumental music generation.
  • Stripe — Payment processing and subscription management.
  • Sentry — Error monitoring and crash reporting to maintain service reliability.
  • Cloudflare — Content delivery and file storage for generated audio.
  • Amazon Web Services (AWS) — Cloud hosting infrastructure, including compute, database, caching, and content delivery.

These providers are bound by their own privacy policies and data processing agreements. We encourage you to review their policies.

7. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

  • Service providers: With the third-party services listed above, solely to operate and deliver the Service.
  • Legal requirements: When required by law, regulation, legal process, or governmental request.
  • Protection of rights: To enforce our terms of service, protect the safety and security of our users, or defend against legal claims.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, in which case your information may be transferred to the successor entity.

8. Data Retention

We retain your information as follows:

  • Account data: Retained for as long as your account is active. Deleted upon account closure, subject to any legal retention requirements.
  • User content (scripts): Retained in accordance with your subscription plan and deleted upon request or account closure.
  • Generated audio: Retained in accordance with your subscription plan. Files may be removed after extended periods of inactivity.
  • Usage and technical data: Retained for up to 12 months for analytics and security purposes.

You may request deletion of your data at any time by contacting us at hello@sonematic.com.

9. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit using TLS (Transport Layer Security).
  • Encryption of data at rest for stored content and databases.
  • Access controls limiting data access to authorized personnel and systems.
  • Regular review and assessment of our security practices.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Cookies and Tracking

We use cookies as follows:

  • Essential cookies: Required for authentication and session management (provided by Clerk). These cannot be disabled without breaking core functionality.
  • No advertising cookies: We do not use third-party advertising or tracking cookies.

You can control cookie settings through your browser preferences. Disabling essential cookies may prevent you from using the Service.

11. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to restriction: Request that we limit how we process your data.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making: The Service uses AI to process your scripts, but final outputs are generated based on your instructions and are not used to make automated decisions that produce legal or similarly significant effects.

To exercise any of these rights, contact us at hello@sonematic.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

12. Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to opt-out of sale: We do not sell your personal information. No opt-out is necessary.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at hello@sonematic.com. We will verify your identity before processing your request and respond within 45 days.

13. International Data Transfers

Your data is processed and stored in the United States (AWS us-west-2 region). If you are located outside the United States, your information will be transferred to and processed in the US.

For users in the EEA or the UK, we rely on standard contractual clauses or other approved transfer mechanisms to ensure adequate protection for your data in compliance with GDPR requirements.

14. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at hello@sonematic.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or through a prominent notice within the Service before the changes take effect. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at hello@sonematic.com.