Privacy Policy

    Effective date: March 8, 2026 · Last updated: March 8, 2026

    Overview

    melodara, operated by Mayfaire Row LLC, a New Jersey limited liability company ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information. We comply with applicable data protection laws including GDPR (EU), CCPA (California), and other relevant privacy regulations.

    What We Collect

    Data TypeWhatPurpose
    Account infoEmail, display nameAuthentication, profile
    Song dataLyrics, sections, chords, BPM, metadataCore service functionality
    Payment infoProcessed by Stripe (we never see your card number)Subscription billing
    Usage dataFeature usage, session duration (anonymized)Service improvement
    Device infoBrowser type, OS, screen sizeCompatibility, bug fixes

    How We Use Your Data

    • Provide and maintain the Service (syncing songs, enabling features)
    • Process payments and manage subscriptions
    • Send important account notifications (security alerts, billing updates)
    • Improve the Service based on anonymized usage patterns
    • Respond to support requests

    What we will NEVER do:

    • Sell your personal data to third parties
    • Use your lyrics to train AI models without explicit consent
    • Share your content with advertisers
    • Send marketing emails without your opt-in consent

    Third-Party Services

    We use the following trusted third-party services:

    • Supabase — Authentication and database hosting (data encrypted at rest and in transit, SOC 2 Type II compliant)
    • Stripe — Payment processing (PCI DSS Level 1 certified — we never handle your card data directly)
    • Datamuse API — Rhyme and word suggestions (no personal data is sent; only dictionary lookups)

    We do not use Google Analytics, Facebook Pixel, or any third-party advertising trackers.

    Cookies & Local Storage

    • Session cookies — Authentication (essential, cannot be disabled)
    • Local storage — Theme preference, editor settings, offline song cache (essential)
    • No tracking cookies — We do not use any advertising or analytics cookies

    Public Songs

    When you mark a song as "public," it becomes visible on the Explore page with your display name. Your email is never shown. You can make any song private again at any time, and it will be immediately removed from the Explore page.

    Data Security

    • All data encrypted in transit via TLS/HTTPS
    • Database encryption at rest (AES-256)
    • Row-level security (RLS) ensures users can only access their own data
    • Authentication handled by Supabase with industry-standard practices
    • Regular dependency security audits
    • No server-side logs of lyric content

    Data Retention

    • Active accounts: Data retained as long as your account is active
    • Deleted songs: Permanently removed within 24 hours
    • Deleted accounts: All associated data permanently removed within 30 days
    • Payment records: Retained for 7 years as required by tax regulations
    • Backups: Encrypted backups are purged within 90 days of account deletion

    Your Rights (GDPR / CCPA)

    You have the right to:

    • Access — Request a copy of all personal data we hold about you
    • Rectification — Correct inaccurate personal data
    • Deletion — Request deletion of your account and all associated data
    • Portability — Export your songs in standard formats (TXT, DOCX, PDF)
    • Restriction — Request that we limit processing of your data
    • Objection — Object to processing of your data for specific purposes
    • Withdraw consent — Withdraw any previously given consent at any time

    CCPA (California residents): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

    To exercise any of these rights, contact privacy@melodara.app. We will respond within 30 days.

    Children's Privacy

    The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided personal information, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal data, contact us at privacy@melodara.app.

    International Data Transfers

    Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.

    Changes to This Policy

    We may update this policy. Material changes will be communicated via email and/or an in-app notification at least 14 days before they take effect. Your continued use after changes constitutes acceptance.

    Contact Us

    • 📧 Privacy inquiries: privacy@melodara.app
    • 📧 General support: support@melodara.app
    • 📧 DMCA / Legal: legal@melodara.app

    If you are in the EU and believe your data protection rights have not been addressed, you have the right to lodge a complaint with your local Data Protection Authority.