Privacy Policy
Last updated: April 28, 2026
This Privacy Policy explains how StudioPilot ("we", "us", "our") collects, uses, and protects your personal data when you use our website, plugin, and services. We are committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
StudioPilot, based in the Netherlands, is the data controller for the personal data processed through the Service. Contact: privacy@studiopilot.tech.
2. Data We Collect
- Account data: username, email address (optional), hashed password.
- Payment data: processed by Stripe. We store your Stripe customer ID and subscription status. We never store full card numbers.
- Usage data: generation prompts, style tags, credit balance, generation history, timestamps, IP addresses.
- Technical data: browser type, device fingerprint (for demo rate limiting), operating system, referral URLs.
- Audio data: audio files you upload for analysis or transformation. Generated audio is stored temporarily on our servers and may be cached on third-party CDNs.
3. How We Use Your Data
- To provide and operate the Service (contract performance).
- To process payments and manage subscriptions.
- To enforce rate limits and prevent abuse (legitimate interest).
- To improve the Service, fix bugs, and develop new features (legitimate interest).
- To send transactional emails (password reset, billing); no marketing without consent.
- To comply with legal obligations.
4. Data Sharing
We share data with:
- Third-party AI providers: generation prompts and uploaded audio are sent to third-party AI services for processing (including music generation and audio transformation). These providers may process data outside the EU/EEA.
- Stripe — payment and billing data.
- Hosting providers — server infrastructure and CDN services.
- Analytics — anonymized usage statistics.
We do not sell your personal data. We may disclose data if required by law or to protect our rights.
5. Data Retention
- Account data is retained until you delete your account.
- Generation history is retained for 12 months, then automatically deleted.
- Uploaded audio files are deleted within 24 hours of processing.
- Server logs are retained for 90 days.
- Payment records are retained as required by tax law (typically 7 years).
6. Your Rights (GDPR)
Under the GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten").
- Restrict or object to processing.
- Data portability.
- Withdraw consent at any time (where processing is based on consent).
- Lodge a complaint with a supervisory authority (Autoriteit Persoonsgegevens in the Netherlands).
To exercise these rights, email privacy@studiopilot.tech. We will respond within 30 days.
7. International Transfers
Your data may be transferred to and processed in countries outside the EU/EEA, including the United States (for AI processing and hosting). We rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable to safeguard these transfers.
8. Security
We implement reasonable technical and organizational measures to protect your data, including encryption in transit (TLS), hashed passwords (bcrypt), and access controls. However, no system is 100% secure, and we cannot guarantee absolute security.
9. Children
The Service is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Changes
We may update this Privacy Policy at any time. The updated version will be posted on this page with a new "Last updated" date. Continued use of the Service constitutes acceptance of the updated policy.