Privacy Policy

Last updated: April 2026

1. Who We Are

Musical Beings Inc. operates musicalbeings.com — a platform for playful musical instruments, music creation, lessons, and games.

2. What We Collect

Account info

Email, display name, avatar. When you sign in via Google, we receive your Google profile information (name, email address, profile picture) as part of the authentication process. We do not use Google account data for any purpose other than authentication and populating your profile. Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. When you sign in via email, we collect only your email address.

Content you create

Audio projects, sessions, samples, loops, recordings, drum arrangements. Your content is yours — see our Terms of Use.

Session event data

Actions you take in the platform, including musical performance data (note sequences, timing, velocity) and platform interaction data (feature usage, navigation, session duration). This does not include your audio recordings. You retain the underlying rights to your session event data; you grant us a license to use it for platform operation, improvement, and AI/ML training. Session event data is not used to reconstruct individual compositions. See Terms of Use, Section 6 for full license details.

Game scores

Scores and metadata from in-platform games.

Device info

Serial number, model, firmware version. If you pair a Musical Beings instrument, the device may send usage telemetry (play time, connection status, diagnostics). You can opt out of device telemetry in your device settings.

Payment references

Stripe subscription and payment IDs only. We never store credit card numbers or bank details.

Usage & activity data

We track which features you use and when, both in aggregate (anonymous analytics via Vercel) and per-account (for support, debugging, and platform improvement). Administrators may view your activity history by user ID only when necessary for support, security, or legal purposes.

Upload preferences

During onboarding you choose whether recordings auto-upload or require manual action. You can change this setting at any time.

Admin/security logs

IP addresses, actor identity, and timestamps for admin actions (audit trail).

Feedback submissions

If you submit feedback or bug reports, we collect the content you provide plus your email and device info for follow-up.

Local preferences

Game settings stored in your browser's localStorage (never sent to our servers, not personally identifiable).

3. How We Use Your Data

• Operate the platform and deliver your content back to you
• Authenticate your identity and maintain your session
• Push firmware updates and deliver kit content to your device
• Process payments and manage subscriptions
• Improve platform performance (anonymous analytics)
• Train AI/ML models using session event data (not your audio)
• Administer accounts and provide support
• Investigate and prevent abuse
• Comply with legal obligations

4. Where Your Data Lives

• Database and audio files: cloud infrastructure in the United States, encrypted at rest (AES-256)
• Frontend hosting: Vercel
• Authentication: Clerk
• Payments: Stripe (PCI-compliant)

For a current list of our data processors, see Section 5.

5. Who We Share Data With

We share data only with third-party processors who act as data processors on our behalf under our instruction. We do not sell or share personal data with advertisers or data brokers. Musical Beings Inc. acts as the data controller. We maintain data processing agreements with each processor:

• Clerk— authentication and session management
• AWS (S3)— file storage (encrypted)
• Stripe— payment processing
• Vercel— hosting, anonymous analytics
• Neon— database hosting

6. Data Retention

• Account and content data: retained while your account is active
• On deletion: all identifiable personal data, audio files, and auth records permanently erased
• Financial records (Stripe IDs): retained 7 years per tax law
• Audit logs: retained in denormalized form after deletion (platform integrity)
• Admin notes: internal notes written by support staff may survive account deletion in denormalized form (fraud prevention, escalation records)
• Session event data: retained after account deletion in anonymized or aggregated form

7. Your Rights

• Access your data (profile/settings)
• Request deletion of your account and all associated data
• Export your data (contact soundcheck@musicalbeings.com — we will respond within 30 days)
• Correct inaccurate information (profile settings)
• Opt out of device telemetry (device settings)

Note: session event data collection for platform operation is integral to the service. European users may withdraw consent for AI/ML training use specifically (see Section 12).

8. Cookies & Local Storage

• Clerk session cookies: required for auth (HttpOnly, Secure)
• localStorage: game preferences only (non-PII, never transmitted)
• No advertising cookies, no third-party tracking cookies

9. Children & Minors

The platform requires users to be 13 years or older to create an account. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it.

Users between 13 and 18 should use the platform with the awareness and consent of a parent or guardian.

Session event data from minor users is not used for targeted advertising or behavioral profiling. AI/ML training use is limited to platform and product improvement.

10. Security

HTTPS everywhere (HSTS enforced), S3 AES-256 encryption, HttpOnly Secure cookies, Content Security Policy, X-Frame-Options DENY.

In the event of a data breach that affects your personal information, we will notify affected users and applicable regulatory authorities without undue delay and as required by applicable law.

11. International Data Transfers

Your data is stored and processed in the United States. If you access the platform from outside the US, your information will be transferred to and processed in the US, where data protection laws may differ from your jurisdiction. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) or equivalent legal safeguards as required by applicable law.

12. European Users

If you are located in the European Economic Area (EEA) or United Kingdom, you may have additional rights under GDPR. We process your data under the following legal bases:

• Contract performance:account data, content storage, session replays, and kit delivery — necessary to provide the service you signed up for
• Legitimate interest:platform improvement, security, fraud prevention, anonymous analytics, and admin access to user activity for support — proportionate to our operational needs
• Consent:AI/ML training using session event data, marketing communications, and device telemetry (where applicable) — you may withdraw consent at any time

You may withdraw consent for AI/ML training by contacting soundcheck@musicalbeings.com. If you withdraw consent, we will exclude your future session event data from AI/ML training pipelines. We will continue to collect session event data as necessary for platform operation (replays, sharing, feature delivery). Withdrawing consent does not affect data already processed or anonymized prior to withdrawal. You also have the right to lodge a complaint with your local data protection authority.

As required by GDPR Article 27, we will appoint a representative in the EEA/UK as our user base grows. Until then, European users may direct data protection inquiries to soundcheck@musicalbeings.com.

13. California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell or “share” (as defined by CCPA) personal information for cross-context behavioral advertising.

Categories of personal information collected in the preceding 12 months:

• Identifiers (email, name, user IDs, device serial numbers)
• Internet/electronic activity (usage logs, session event data, game scores)
• Audio/visual data (user-uploaded audio content)
• Commercial information (subscription and payment references)
• Geolocation (IP address, country-level only via standard web requests)

Categories disclosed for a business purpose: identifiers and internet activity to our service processors listed in Section 5. Categories sold: none.

To exercise your rights, contact soundcheck@musicalbeings.com.

14. Do Not Track

We do not currently respond to “Do Not Track” browser signals.

15. Email Communications

We may send you service-related emails, including account notifications, security alerts, and product updates. These are necessary for the operation of your account and cannot be opted out of.

We do not send marketing or promotional emails without your consent. If you opt in to marketing communications, you can unsubscribe at any time.

16. Changes

We may update this policy. Changes will be posted on this page with an updated date.

17. Contact