Effective Date: 1 March 2026 Last Updated: 1 March 2026
This Privacy Policy explains how SongPrompterAI ("the Service"), operated by Jamie Boyd trading as SongPrompterAI ("we", "us", "our"), collects, uses, and protects your personal data when you use our website and service at songprompter.ai.
We are committed to protecting your privacy and handling your data transparently, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
The data controller for personal data collected through the Service is:
Jamie Boyd Trading as SongPrompterAI Email: [email protected]
When you register for an account, we collect:
When you subscribe or purchase credits, our payment processor Polar (polar.sh) handles all payment information. We receive and store:
We do not collect, process, or store your credit card number, bank account details, billing address, or any other payment card data. All payment processing is handled entirely by Polar.
When you use the Service to generate lyrics, we store:
We collect limited technical data necessary to operate the Service:
We do not collect your IP address for profiling or tracking purposes. We do not use cookies, tracking pixels, or advertising technology.
We use Plausible Analytics (plausible.io), a privacy-first, cookie-free analytics service. Plausible does not collect any personal data, does not use cookies, and is fully compliant with UK GDPR, PECR, and ePrivacy. All data is aggregated — no individual visitors are tracked. For details, see the Plausible Data Policy.
Our hosting infrastructure (Railway) automatically generates server logs that may temporarily contain your email address in authentication-related log entries. These logs are retained for a limited period (typically 30 days) for operational and debugging purposes and are not used for profiling or marketing.
We use your data for the following purposes:
| Purpose | Data Used | Legal Basis (UK GDPR) |
|---|---|---|
| Provide the Service (account management, song generation) | Email, password hash, display name, song data | Article 6(1)(b) — Performance of contract |
| Process payments and manage subscriptions | Email, Polar IDs, subscription status | Article 6(1)(b) — Performance of contract |
| Send important service communications (account changes, security alerts) | Article 6(1)(b) — Performance of contract | |
| Maintain and improve the Service | Generation metadata, aggregated usage statistics | Article 6(1)(f) — Legitimate interest |
| Detect and prevent abuse | Account activity patterns | Article 6(1)(f) — Legitimate interest |
| Comply with legal obligations | Account data, transaction records | Article 6(1)(c) — Legal obligation |
We do not use your data for marketing, profiling, automated decision-making, or selling to third parties.
We share your data only with the following third-party processors, and only to the extent necessary to operate the Service:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Polar (polar.sh) | Payment processing (Merchant of Record) | Email address (for checkout sessions) | EU/US |
| Railway (railway.app) | Application hosting and database | All account and song data (encrypted at rest) | US |
| DeepInfra (deepinfra.com) | AI model inference | Song genre, topic, and brief (no account data) | US |
| Cloudflare (cloudflare.com) | DNS, CDN, and DDoS protection | IP addresses (transient, not stored by us) | Global |
| Plausible (plausible.io) | Privacy-first website analytics | No personal data (aggregated page views only, no cookies) | EU |
We do not sell, rent, or otherwise make your personal data available to any other third parties.
International transfers: Some of our processors operate outside the UK. Where data is transferred internationally, it is protected by appropriate safeguards including Standard Contractual Clauses and the processor's own data protection commitments.
We retain your data for as long as your account is active or as needed to provide the Service. Specifically:
Under UK GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
We take reasonable technical and organisational measures to protect your personal data, including:
No system is completely secure. While we take reasonable precautions, we cannot guarantee the absolute security of your data.
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.
The Service does not use HTTP cookies.
The Service uses browser localStorage (client-side storage on your device) for the following purposes:
| Item | Purpose | Contains PII |
|---|---|---|
sp_theme |
Remembers your light/dark theme preference | No |
sp_access_token |
Authentication session token | Yes (contains email) |
sp_refresh_token |
Token renewal | Yes (contains user ID) |
sp_user_email |
Displays your email in the interface | Yes |
localStorage data is stored only on your device and is not transmitted to third parties. You can clear this data at any time through your browser settings. For more details, see our Cookie Policy.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice within the Service. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office Website: https://ico.org.uk Telephone: 0303 123 1113
For any questions about this Privacy Policy or your personal data, contact us at:
Email: [email protected] Website: https://songprompter.ai