Privacy Policy
Last Updated: February 24, 2026
1. Introduction
SoundLab AI ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, disclose, and safeguard your information when you use our website at createmusic.net, our mobile application, and related services (collectively, the "Service"). We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
By using the Service, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as a legal basis, we will obtain your explicit consent before processing.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, username, password, profile picture
- Profile Data: Bio, music preferences, favourite genres
- User Content: Playlists, comments, likes, shares, generated music
- Payment Information: Processed securely by Stripe; we do not store card details
- Communications: Messages, feedback, and support requests
2.2 Information Collected Automatically
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: Features used, songs played, listening history, interaction patterns
- Log Data: IP address, browser type, access times, pages viewed, referring URL
- Location Data: General location based on IP address (no precise GPS collection)
2.3 Information from Third Parties
- Social Login: Basic profile information from Google or other authentication providers
2.4 Cookies and Tracking Technologies
We use cookies and similar technologies on our website. For full details, see Section 11 below. Non-essential cookies (analytics and advertising) are only activated with your explicit consent via our cookie banner.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide and maintain the Service | Account info, device info | Contract |
| Personalise your experience | Preferences, listening history | Legitimate interest |
| AI-powered music generation | Prompts, style preferences | Contract |
| Social features | Profile data, user content | Contract |
| Analytics and service improvement | Usage data, Firebase Analytics | Consent |
| Advertising and conversion tracking | TikTok Pixel, Events API data | Consent |
| Process payments | Payment info (via Stripe) | Contract |
| Send notifications | Contact info, preferences | Legitimate interest |
| Ensure security and prevent fraud | Log data, device info | Legitimate interest |
4. Legal Basis for Processing
Under the UK GDPR (Article 6), we process your personal data on the following legal bases:
- Consent: For analytics cookies, advertising/tracking cookies (TikTok Pixel), and marketing communications. You can withdraw consent at any time via our cookie banner or by contacting us.
- Contract: To provide the Service, manage your account, process payments, and deliver AI-generated music as requested.
- Legitimate Interest: For service security, fraud prevention, service improvement, and sending essential service notifications. We balance our interests against your rights and freedoms.
- Legal Obligation: To comply with applicable laws, regulations, and legal processes.
5. AI and Machine Learning
The platform uses artificial intelligence to generate music based on your prompts and preferences, enhance music discovery through recommendations, and process content for improved search. Data processed for AI is handled securely and is not sold to third parties. AI-generated content is created on-demand and does not involve profiling or automated decision-making that produces legal effects.
6. Sharing Your Information
We do not sell your personal data. We may share information with the following categories of recipients:
6.1 Analytics Providers: We use Google Firebase Analytics to understand how visitors interact with our Service. Firebase may set cookies and collect usage data when you consent. See Google's Privacy Policy.
6.2 Advertising Partners: We use the TikTok Pixel and TikTok Events API (operated by TikTok Information Technologies UK Limited / ByteDance) to measure advertising campaign effectiveness and optimise ad delivery. When you consent, TikTok may set cookies and receive event data including hashed email addresses and interaction events. See TikTok's Privacy Policy.
6.3 Payment Processors: Stripe processes all payment transactions. We do not store your card details. See Stripe's Privacy Policy.
6.4 Public Content: Content you make public (playlists, profiles, comments, songs) is visible to other users of the Service.
6.5 Legal Requirements: Information may be disclosed if required by law, regulation, or legal process, or to protect rights and safety.
6.6 Business Transfers: In the event of a merger, acquisition, or sale, information may transfer to the new entity. You will be notified of any such change.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy:
- Account data: Retained while your account is active. You can request deletion at any time via Settings or by contacting us.
- Analytics data: Aggregated and anonymised within 14 months.
- Payment records: Retained for 7 years as required by UK tax law.
- Cookies: See expiry periods in Section 11.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including encryption of data in transit (TLS/HTTPS) and at rest, access controls and authentication, regular security assessments, and secure cloud infrastructure (Google Cloud Platform). No method of internet transmission is completely secure, so we cannot guarantee absolute security.
9. Your Rights
Under the UK GDPR, you have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate or incomplete data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request that we limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time for processing based on consent (e.g. analytics and advertising cookies), without affecting the lawfulness of prior processing
To exercise these rights, contact help@klipx.app. We will respond within one month.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.
10. Children's Privacy
The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete it.
11. Cookies and Tracking Technologies
Cookies are small text files stored on your device when you visit a website. We use them to provide essential functionality and, with your consent, to analyse usage and measure advertising effectiveness.
11.1 Essential Cookies
These are necessary for the Service to function and cannot be disabled. They do not require consent.
| Cookie | Purpose | Duration |
|---|---|---|
| Firebase Auth | Maintains your login session | Session |
| cookie_consent | Stores your cookie preference | 1 year (localStorage) |
11.2 Analytics Cookies
These help us understand how visitors interact with the Service. They are only set when you consent.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Distinguishes unique users | 2 years | |
| _ga_* | Maintains session state | 2 years |
11.3 Advertising Cookies
These are used to measure advertising effectiveness and deliver relevant ads. They are only set when you consent.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ttp | TikTok | Tracks visitor activity for ad targeting | 13 months |
| ttclid | TikTok | Attributes conversions to TikTok ad clicks | Session (localStorage) |
11.4 Managing Your Cookie Preferences
When you first visit our website, a cookie banner will ask for your consent to non-essential cookies. You can change your preferences at any time by clicking "Cookie Settings" in the footer. You can also control cookies through your browser settings, though this may affect functionality.
11.5 Server-Side Tracking (TikTok Events API)
In addition to browser cookies, we use the TikTok Events API to send certain event data (e.g. purchase completions, account registrations) from our servers to TikTok. Personal identifiers sent via this API are hashed (SHA-256) before transmission. Server-side tracking for client-initiated events is only active when you have consented to advertising cookies. Server-triggered events (account creation, purchases) are processed under the legal basis of legitimate interest for measuring advertising effectiveness.
12. International Data Transfers
Your data may be transferred to and processed in countries outside the UK, including the United States, where our infrastructure providers (Google Cloud Platform, Firebase) and advertising partners (TikTok) operate. We ensure appropriate safeguards are in place for these transfers, including:
- UK International Data Transfer Agreements (IDTAs) or equivalent Standard Contractual Clauses
- UK adequacy decisions where applicable
- Supplementary technical measures such as encryption
13. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes through the Service or by email. The "Last Updated" date at the top indicates the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
For questions, concerns, or to exercise your data protection rights:
Email: help@klipx.app
Data Protection Officer: help@klipx.app
UK Supervisory Authority: Information Commissioner's Office (ICO), ico.org.uk
© 2026 SoundLab AI. All rights reserved.