Privacy Policy

Last Updated: March 1, 2026

1. Introduction

Welcome to HeartMuLa, an AI-powered music generation platform. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains our practices regarding data collection when you use our web application at heart-mula.com and our services. By using HeartMuLa, you agree to the collection and use of information in accordance with this policy.

HeartMuLa is operated by the HeartMuLa team. We respect your privacy rights under GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and other applicable privacy laws.

2. Information We Collect

We collect several types of information to provide and improve our services:

Account Information (via Google OAuth)

  • Email address
  • Name
  • Profile picture (optional)
  • Google account ID (for authentication)

Usage Data

  • Music generation history (prompts, lyrics, generated audio files)
  • Credit balance and transaction history
  • Subscription tier and billing information (via Stripe)
  • Liked tracks and play history
  • Public/private music visibility settings

Technical Data

  • IP address and geolocation (approximate)
  • Browser type and version
  • Device information (desktop/mobile, operating system)
  • Cookies and similar tracking technologies
  • Session data and analytics (page views, feature usage)

Payment Information

  • Payment card details are processed by Stripe and never stored on our servers
  • We only store transaction IDs, subscription status, and billing metadata

3. How We Use Your Information

We use the collected information for the following purposes:

  • **Service Delivery**: Authenticate users, process music generation requests, manage credit balances
  • **Subscription Management**: Process payments via Stripe, manage tier-based feature access
  • **User Experience**: Save your music library, track listening history, personalize recommendations
  • **Platform Improvement**: Analyze usage patterns to improve AI models and platform features
  • **Communication**: Send account notifications, billing updates, and service announcements (opt-out available)
  • **Security & Fraud Prevention**: Detect and prevent abuse, unauthorized access, and payment fraud
  • **Legal Compliance**: Comply with applicable laws, regulations, and legal processes

4. Third-Party Services

HeartMuLa integrates with the following third-party services, each with their own privacy policies:

Google OAuth

Purpose: User authentication and account creation

Data Shared: Email, name, profile picture

Privacy Policy: https://policies.google.com/privacy

Stripe

Purpose: Payment processing for credit purchases and subscriptions

Data Shared: Email, payment card details (tokenized), billing address

Privacy Policy: https://stripe.com/privacy

kie.ai Suno API

Purpose: AI music generation backend

Data Shared: Music generation prompts, lyrics, style parameters

Privacy Policy: Refer to kie.ai's privacy policy

Vercel Analytics (optional)

Purpose: Website performance and usage analytics

Data Shared: Anonymized page views, session duration

Privacy Policy: https://vercel.com/legal/privacy-policy

We carefully vet all third-party services to ensure they meet industry-standard privacy and security practices. However, we are not responsible for their privacy policies or data handling practices.

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

Data Storage

User data is stored in a PostgreSQL database hosted on secure cloud infrastructure. Generated music files are stored on cloud storage with access controls.

Encryption

All data in transit is encrypted using TLS/SSL. Sensitive data at rest (e.g., session tokens) is encrypted using industry-standard algorithms.

Access Controls

Strict access controls ensure only authorized personnel can access user data. We follow the principle of least privilege.

Regular Audits

We conduct regular security audits and vulnerability assessments. We promptly patch known vulnerabilities.

Data Retention

We retain your account data as long as your account is active. Generated music is retained according to your subscription tier (free users: public music only, premium: up to plan limits). You can request deletion at any time.

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Your Privacy Rights

Depending on your jurisdiction (especially GDPR and CCPA), you have the following rights:

Access

Request a copy of all personal data we hold about you

Rectification

Correct inaccurate or incomplete personal data

Deletion (Right to be Forgotten)

Request deletion of your account and all associated data. Note: Some data may be retained for legal or billing purposes.

Data Portability

Request your data in a machine-readable format (JSON export available)

Opt-Out of Marketing

Unsubscribe from promotional emails at any time

Restrict Processing

Request limitation on how we process your data

Object to Processing

Object to data processing for direct marketing or legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or as required by law).

7. Cookies and Tracking

HeartMuLa uses cookies and similar technologies to enhance your experience:

Essential Cookies

Required for authentication, session management, and core functionality. Cannot be disabled.

next-auth.session-token, next-auth.csrf-token

Analytics Cookies

Track usage patterns to improve the platform (anonymized). Can be disabled via browser settings.

Vercel Analytics, Google Analytics (if enabled)

Preference Cookies

Remember your settings (language, theme, volume). Can be cleared.

locale, player-volume, sidebar-collapsed

You can control cookies through your browser settings. Note that disabling essential cookies may break core functionality.

8. Children's Privacy

HeartMuLa is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. We will promptly delete such information.

Users between 13-18 should use HeartMuLa with parental consent and supervision.

9. International Data Transfers

HeartMuLa operates globally. Your data may be transferred to and stored in countries outside your residence, including the United States and European Union.

We ensure adequate safeguards are in place for international transfers, including:

β€’ Standard Contractual Clauses (SCCs) for EU data transfers

β€’ Compliance with Privacy Shield principles (where applicable)

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features.

**How We Notify You**:

β€’ Material changes will be notified via email (to your registered address)

β€’ Policy version number and 'Last Updated' date will be updated

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: [email protected]
General Support: [email protected]
Legal Requests: [email protected]

We aim to respond to all inquiries within 48 hours (business days). For GDPR/CCPA requests, we will respond within the legally required timeframe (typically 30 days).