Privacy Policy for Soundtrak
Last Updated: October 1, 2025
Introduction
Welcome to Soundtrak ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your information. This Privacy Policy explains how Soundtrak handles your data when you use our iOS app.
Soundtrak is an innovative music app that creates personalized, adaptive soundtracks based on your real-time context—including your location, activity, health metrics, and calendar events. To deliver this unique experience, we need to collect various types of data from your device and sensors. This policy explains what we collect, why we collect it, and how we protect your privacy.
Information We Collect
1. Personal Information
When you sign in to Soundtrak, we collect:
- Email address - Used for account authentication and communication
- Full name - Collected via Google OAuth for personalization
- User ID - A unique identifier for your account
2. Location Data
To create music that reflects your environment and journey, we collect:
- Precise GPS coordinates (latitude, longitude)
- Altitude and elevation changes
- Speed and direction of travel
- Compass bearing (direction you're facing)
- Journey tracking data including:
- Origin and destination points
- Travel patterns (direct route, exploring, commuting, returning)
- Significant places you visit frequently
- Distance traveled
- Time spent at locations
Background Location: Soundtrak uses background location updates to continuously adapt your music as you move. You can control this permission in iOS Settings.
Note: We do not reverse-geocode your exact addresses or store precise location history beyond what's needed for active music generation.
3. Health & Fitness Data (via HealthKit)
With your permission, we access:
- Heart rate data (current, average, resting, variability)
- Workout information (type, duration, intensity)
- Step count and walking/running distance
- Active calories burned
- Exercise minutes
- Activity level (sedentary to extremely active)
Important: We only READ health data. We never write or modify your HealthKit data. All health data is used solely to match music tempo and energy to your physical activity.
4. Calendar Data
With your permission, we access:
- Current and upcoming events (titles, times, locations)
- Recent past events for context
- Event details (whether events have attendees, are all-day events)
- Calendar names (e.g., "Work," "Personal")
- Event patterns (how busy your day is compared to typical)
Note: We use this data to create music that matches your current activity (e.g., more energetic music before a workout, calming music during meditation sessions). We do not share calendar event details with third parties.
5. Motion & Sensor Data
To detect your activity and create matching music:
- Activity type (walking, running, cycling, driving, stationary)
- Motion data (accelerometer, gyroscope, magnetometer readings)
- Device orientation (pitch, roll, yaw)
- Step count and cadence (steps per minute)
- Barometric pressure (for altitude detection)
6. Environmental Data
To create contextually appropriate music:
- Weather conditions via OpenWeatherMap API (temperature, humidity, conditions, wind speed, visibility)
- Time of day (early morning, morning, afternoon, evening, night)
- Ambient light level (inferred from screen brightness)
7. Device & System Data
For optimal app performance and user experience:
- Battery level and charging state
- Low Power Mode status (to adjust sensor accuracy)
- Device orientation (portrait/landscape)
- Screen brightness
- Audio output route (speaker, headphones, Bluetooth, CarPlay)
- System volume
- Network type (WiFi, cellular, offline)
- Timezone and locale
8. Usage Data
To provide and improve our service:
- Songs generated (prompts, lyrics, titles, album art URLs)
- Music generation preferences (genre, mood, energy level)
- Audio source/model used (which AI model generated the music)
- Liked/disliked songs
- Daily usage minutes (for subscription management)
- Generation context (sensor data snapshot used for music generation)
9. Transaction Data
For in-app purchases:
- StoreKit transaction information (transaction IDs, product IDs)
- Subscription status (free, subscribed, grace period, expired)
- Subscription expiration dates
Note: Apple processes all payments. We do not collect or store credit card information.
How We Use Your Information
We use the collected information to:
1. Generate Personalized Music
- Create adaptive soundtracks matching your activity, location, and context
- Adjust music tempo to your heart rate and movement
- Generate location-specific lyrics ("Walking down Broadway")
- Match music to your calendar events and daily rhythm
2. Provide Core App Functionality
- Authenticate your account via Google OAuth
- Store your generated songs and preferences
- Track usage limits for free and paid tiers
- Process in-app subscription purchases
3. Improve App Performance
- Optimize music generation based on battery level and network conditions
- Adjust sensor accuracy in Low Power Mode
- Manage background location updates efficiently
4. Communicate with You
- Send important service announcements
- Respond to support requests
We do NOT:
- Sell your personal information to third parties
- Use your data for targeted advertising
- Share your location or health data for marketing purposes
- Track you across other apps or websites
Data Sharing & Third-Party Services
To provide Soundtrak's functionality, we share certain data with trusted third-party services:
Backend Infrastructure
- Purpose: Database, authentication, file storage, serverless functions
- Data Shared: All user data listed above
- Location: Cloud servers (configurable region)
- Privacy Policy: https://supabase.com/privacy
AI & Music Generation Services
We use various AI providers to generate music prompts and lyrics. Sensor data is processed by AI to create prompts, but raw sensor readings are not directly sent to these services.
Claude (Anthropic)
- Purpose: Generate music prompts, lyrics, and contextual interpretations
- Data Shared: Processed context descriptions (not raw sensor data)
- Privacy Policy: https://www.anthropic.com/privacy
OpenAI (ChatGPT)
- Purpose: Alternative AI provider for prompt generation
- Data Shared: Processed context descriptions
- Privacy Policy: https://openai.com/privacy
Apple Intelligence
- Purpose: On-device AI processing (when available)
- Data Shared: Processed locally on device
- Privacy: Follows Apple's on-device privacy standards
Music Generation APIs
The following services generate actual audio based on AI-created prompts:
- ElevenLabs (https://elevenlabs.io) - Vocal music generation
- Stable Audio (https://stability.ai) - Instrumental music generation
- Udio (https://udio.com) - Music generation with vocals
- Ace Step - Alternative music generation
- Replicate (https://replicate.com) - AI model hosting
- Fal.ai (https://fal.ai) - AI model hosting and generation
Data Shared: Music generation prompts, lyrics, user preferences (genre, mood, tempo)
Not Shared: Your location coordinates, health metrics, calendar events, or other personal sensor data
Apple Services
Apple Music API
- Purpose: DJ Mode track selection (when enabled)
- Data Shared: Music preferences, playback requests
- Privacy: Covered by Apple's privacy policy
StoreKit
- Purpose: In-app purchase processing
- Data Shared: Transaction verification data
- Privacy: Covered by Apple's privacy policy
Data Storage & Security
Where We Store Your Data
- Supabase Database: User accounts, songs, preferences, usage tracking
- Local Device Storage: User settings, cached sensor data
- Temporary Processing: Sensor data is processed in real-time and not permanently stored unless part of a song's generation context
Security Measures
We implement industry-standard security practices:
- Encryption in transit: All data transmitted to our servers uses HTTPS/TLS encryption
- Encryption at rest: Database is encrypted using Supabase's security standards
- Authentication: JWT-based authentication with Google OAuth
- API Keys: All third-party API keys are stored securely in backend environment variables, never in the app
- Row-Level Security: Database queries are restricted to your own data via Supabase RLS policies
- Rate Limiting: API endpoints are rate-limited to prevent abuse
Data Retention
- Active accounts: Data is retained while your account is active
- Generated songs: Stored until you delete them
- Usage tracking: Daily usage records retained for billing purposes
- Sensor data: Real-time data is not permanently stored; only snapshots used for music generation may be saved as optional "generation context"
- Deleted accounts: All user data is permanently deleted within 30 days of account deletion
Your Privacy Rights & Choices
iOS Permission Controls
You control what data Soundtrak can access:
Location Services:
Settings > Privacy & Security > Location Services > Soundtrak
- Choose "Never," "Ask Next Time," "While Using App," or "Always"
- Disable background location to prevent music updates while app is closed
Health Data:
Settings > Privacy & Security > Health > Soundtrak
- Toggle individual health metrics on/off
- Disable entirely to prevent HealthKit access
Calendar:
Settings > Privacy & Security > Calendars > Soundtrak
- Disable to prevent calendar access
Motion & Fitness:
Settings > Privacy & Security > Motion & Fitness > Soundtrak
- Disable to prevent activity tracking
Note: Disabling permissions will limit Soundtrak's ability to create personalized, adaptive music.
Account Data Rights
You have the right to:
1. Access Your Data
- View all your generated songs in the app's Library
- Contact us at [support email] to request a complete data export
2. Delete Your Data
- Delete individual songs in the app
- Delete your entire account: Settings > Account > Delete Account
- Contact us at [support email] to request manual data deletion
3. Correct Your Data
- Update your preferences in the app's Settings
- Contact us to correct any inaccurate personal information
4. Export Your Data
- Download your songs from the app
- Request a complete data export by contacting us
5. Opt-Out of Data Collection
- Disable specific iOS permissions (see above)
- Use the app with minimal permissions (basic functionality only)
Marketing Communications
We do not send marketing emails. All communications are service-related (e.g., subscription renewal reminders, important updates).
Region-Specific Rights
California Residents (CCPA)
If you are a California resident, you have additional rights:
- Right to Know: Request details about the personal information we collect
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of "sale" of personal information (Note: We do not sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise these rights, contact us at [support email].
European Residents (GDPR)
If you are in the European Economic Area, UK, or Switzerland, you have additional rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your data
- Right to Withdraw Consent: Withdraw permission for data collection
Legal Basis for Processing:
- Consent: We collect health, calendar, and location data based on your explicit consent
- Contract Performance: We process account and usage data to provide our service
- Legitimate Interests: We process technical data to improve app performance
To exercise these rights or contact our Data Protection Officer, email [support email].
Children's Privacy
Soundtrak is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at [support email], and we will delete the information.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via email or in-app notification
- Your continued use of Soundtrak after changes constitutes acceptance of the updated policy
We encourage you to review this Privacy Policy periodically.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: [Your support email address]
Mailing Address:
[Your company name]
[Street address]
[City, State ZIP]
[Country]
Response Time: We aim to respond to all privacy inquiries within 30 days.
Compliance & Certifications
Soundtrak is committed to compliance with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Apple App Store Privacy Guidelines
- HealthKit Data Use Guidelines
About Data Minimization
While Soundtrak collects extensive sensor data to create personalized music, we practice data minimization:
- Most sensor data is processed in real-time and discarded after music generation
- We only store what's necessary for core functionality (songs, preferences, usage limits)
- You can use Soundtrak with minimal permissions, though this reduces personalization
- Raw sensor data is not shared with third-party AI services; only processed, anonymized context descriptions are sent
Your Privacy Matters
We built Soundtrak with privacy in mind. All sensor data collection is transparent, optional (via iOS permissions), and used solely to enhance your musical experience. We never sell your data, and we give you full control over what information we access.
If you have any concerns about how we handle your data, please don't hesitate to contact us. We're here to help.
This privacy policy is effective as of the date listed at the top and applies to all users of the Soundtrak iOS application.