Workspace

Privacy Policy

Last updated: 27 February 2026

This Privacy Policy explains how husic.ai ("we", "us") collects and uses personal data when you use our website and service.

1. What We Collect

We may collect:

  • Account data: name, email, login details
  • Social sign-in profile data: provider account identifier, verified email status, and profile image URL when you sign in with Google
  • Session and security data: session identifier and token, session lifecycle timestamps (created, updated, expires), IP address, and user-agent string
  • Usage data: interactions with the app, feature usage, device/browser info, IP address
  • Advertising and attribution data: page views, referrer information, ad click identifiers (such as GCLID), and conversion events used to measure campaign performance
  • Audio & file metadata: uploaded audio files and related metadata you provide
  • Support data: messages you send to support
  • Payment data: payments are processed by Paddle. We generally receive transaction references and subscription status, not your full card details.

Session and security metadata (such as IP address and user-agent) is processed server-side for fraud prevention and account security. Client session responses are minimised to account/session essentials.

2. How We Use Data

We use data to:

  • Provide the Service (upload, processing, downloads)
  • Manage subscriptions and account access
  • Improve performance, reliability, and features
  • Measure ad campaign performance and conversions
  • Provide customer support
  • Prevent fraud/abuse and keep the Service secure
  • We do not use uploaded audio to train general-purpose AI models
  • Comply with legal obligations

3. Legal Bases (UK/EU)

Depending on context, we process personal data under:

  • Contract — to deliver the Service you request
  • Legitimate interests — security, product improvement, analytics
  • Consent — where required, e.g. certain cookies/marketing
  • Legal obligation — tax/accounting compliance

4. Sharing and Processors

We share data only as needed to operate the Service, for example with:

  • Paddle (payments, taxes/VAT, invoicing)
  • Railway (application infrastructure and private object storage for uploads and mastered files)
  • Vercel (website hosting and runtime infrastructure)
  • Google (Google Ads conversion measurement and attribution)
  • Queue, analytics, and monitoring providers
  • Legal/anti-fraud requirements where applicable

5. International Transfers

If data is transferred outside the UK/EU, we use appropriate safeguards (e.g. standard contractual clauses) where required.

6. Retention

We retain personal data as long as necessary to provide the Service and meet legal/accounting requirements. Uploaded audio and mastered outputs are retained for up to 30 days for delivery and account history, then deleted as part of operational cleanup.

You can also delete items from your account history earlier. We may retain limited records for legal, fraud-prevention, or security reasons where required.

Account session records are retained while active and for a limited period after expiry for fraud prevention, abuse monitoring, and account security.

7. Security

We use appropriate technical and organisational measures to protect data, but no method is 100% secure.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object, and data portability. You can request this by contacting .

9. Cookies

We use cookies and similar technologies for authentication, preferences, analytics, and advertising conversion measurement (including Google Ads tracking technologies). Authentication cookies are essential for sign-in and account session continuity.

10. Contact

Privacy requests: