[ LEGAL · DOC_02 ]

PRIVACY POLICY.

$ last_updated: 2026-03-15 · version: 3.1.0 · gdpr: compliant · ccpa: compliant

We collect the minimum data required to run Synthstream. We do not sell it. We do not use your listening sessions to train our models. This document explains the details.

01 · WHAT WE COLLECT

When you create an account and use Synthstream, we collect:

  • · Account data: name, email, password hash, billing info (via Stripe).
  • · Usage data: session length, prompts, engine parameters, device type.
  • · Technical data: IP address, browser, OS, approximate location (country/region).
  • · Support data: messages you send us through the contact form.

We do not collect your stream audio contents for training, microphone input beyond what is needed for live synthesis, or any data from connected social accounts beyond what you explicitly authorize.

02 · HOW WE USE IT

We use the data above to:

  • · Run the synthesis engine and deliver your sessions.
  • · Authenticate your account and keep it secure.
  • · Process payments and send billing receipts.
  • · Respond to support requests.
  • · Diagnose bugs, monitor performance, and improve reliability.
  • · Send you critical service updates (no marketing without opt-in).

03 · AI TRAINING DATA POLICY

! CRITICAL: We do not train our models on user data.

The synthesis engine is trained only on commercially licensed music catalogs and first-party datasets we have acquired from rights holders. We do not train on:

  • · Your listening history.
  • · Your generated sessions or exports.
  • · Your prompts or parameter choices.
  • · Any audio you upload for reference or stem separation.

If we ever want to use any user data for model training, we will ask for explicit, opt-in consent. Even then, the default will always be "no."

04 · THIRD-PARTY SERVICES

We use a small number of third-party services to run Synthstream. We share only the data needed for each service to function:

  • · Payment processing (card data never touches our servers).
  • · Cloud hosting and CDN (session delivery, file storage).
  • · Transactional email (receipts, password resets, service alerts).
  • · Error monitoring (anonymized stack traces and performance metrics).
  • · Privacy-respecting analytics (no cross-site tracking, no ad IDs).

All third-party providers are bound by data processing agreements and are required to meet GDPR and CCPA standards.

05 · COOKIES

We use cookies for session management, preferences, and anonymized analytics. Full details are in the Cookie Policy.

06 · YOUR RIGHTS

Regardless of where you live, you have the right to:

  • · Access the personal data we hold about you.
  • · Correct inaccurate data.
  • · Delete your account and associated data.
  • · Export your data in a portable format.
  • · Object to or restrict certain processing.
  • · Withdraw consent at any time.

GDPR (EU/EEA/UK) and CCPA (California) residents have additional rights, including the right to opt out of "sale" of personal data. We do not do that anyway. To exercise any right, use the contact form.

07 · DATA RETENTION

Account data is retained while your account is active. When you delete your account:

  • · Personal data is purged within 30 days.
  • · Sessions and exports are recoverable for 30 days, then deleted.
  • · Anonymized logs may be retained up to 90 days for abuse detection.
  • · Billing records are kept for 7 years for tax compliance.

08 · SECURITY

We use TLS 1.3 for data in transit and AES-256 for data at rest. Passwords are hashed with argon2id. Access to production systems is restricted to on-call engineers and logged. We run quarterly penetration tests.

No system is 100% secure. If we detect a breach affecting your data, we notify you within 72 hours as required by GDPR.

09 · INTERNATIONAL TRANSFERS

Synthstream operates from the United States. If you are outside the US, your data will be transferred to and processed in the US. For EU/EEA/UK users, we rely on Standard Contractual Clauses (SCCs) as the legal basis for transfer.

10 · CHANGES

If we update this policy materially, we notify you via email or in-product banner at least 14 days before the changes take effect. A changelog of privacy policy revisions is available on request.

11 · CONTACT

Privacy questions? Data requests? Reach our data protection team through the contact form. We respond to all verified requests within 30 days, in line with GDPR and CCPA timelines.

Synthstream Audio, Inc. · 1356 Meserole Avenue, Unit 3F, Brooklyn NY 11222.

$ eof // doc_02.privacy // synthstream_audio_inc