Privacy Policy

Introduction

Atish Music LLC ("Slapback", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered music collaboration platform (the "Service").

By using Slapback, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

1. Information We Collect

Account Information

When you sign up using Google OAuth, we collect:

  • Email address
  • Display name
  • Google account ID (for authentication)
  • Profile picture (if available)

Content You Create

  • Audio files (.wav, .mp3, .aiff) you upload
  • DAW project files (Ableton Live .als files)
  • Comments, feedback, and messages
  • Voice notes and recordings
  • Project names and descriptions
  • SoundCloud URLs you provide

Collaboration Data

  • Collaborator relationships and permissions
  • Timestamps of comments and interactions
  • Privacy mode preferences
  • Project sharing settings

AI Interaction Data

  • AI feedback requests and parameters
  • Questions asked to AI
  • AI response preferences
  • Feature usage patterns

Payment Information

We do not store payment card details. Stripe, our payment processor, collects:

  • Billing address
  • Payment method details
  • Transaction history

Automatically Collected Information

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Time spent on pages
  • Referring website
  • Error logs and performance data

2. How We Use Your Information

To Provide Our Service

  • Enable audio playback and waveform visualization
  • Process and store your music projects
  • Facilitate collaboration between users
  • Generate AI feedback and analysis
  • Manage user permissions and access controls
  • Process subscription payments

To Improve Our Service

  • Analyze usage patterns to enhance features
  • Debug technical issues
  • Test new functionality
  • Monitor system performance
  • Understand user preferences

To Communicate With You

  • Send service-related notifications
  • Notify about collaborator activity
  • Provide customer support
  • Send billing and account updates
  • Announce new features (with your consent)

Legal and Safety

  • Comply with legal obligations
  • Protect against fraud and abuse
  • Enforce our Terms of Service
  • Protect rights and safety of users

3. How We Share Your Information

With Other Users

Based on your privacy settings:

  • Collaborators can access projects you share with them
  • Comments are visible based on privacy mode (collaborative/private)
  • Profile information visible to collaborators
  • Project activity visible to authorized users

With Service Providers

We share data with trusted third parties who help us operate:

  • Supabase - Database and file storage
  • Google Cloud / Vercel - Application hosting
  • Stripe - Payment processing
  • Google AI / OpenAI - AI analysis (audio content only when you request AI feedback)
  • Upstash - Background job processing
  • Giphy - GIF search in comments

When Required by Law

We may disclose information when legally required, such as in response to court orders, subpoenas, or to protect our rights.

Business Transfers

If we merge with or are acquired by another company, your information may be transferred to the new owners.

What We Don't Do

  • Sell your personal information to third parties
  • Share your music with unauthorized parties
  • Use your content to train AI models
  • Allow advertising networks to track you

4. AI and Your Content

Important: We take special care with how AI interacts with your content:

  • AI analysis is only performed when you explicitly request it
  • Your audio files are sent to AI providers (Google/OpenAI) only for analysis, not training
  • We do not allow AI providers to retain or train on your content
  • AI interactions are processed in isolated sessions
  • You can use the Service without any AI features

5. Data Security

We implement industry-standard security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for stored files
  • Secure authentication via Google OAuth
  • Regular security audits
  • Access controls and monitoring
  • Secure cloud infrastructure

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights and Choices

Access and Portability

  • Download your audio files at any time
  • Export your project data
  • Request a copy of your personal information

Control Your Information

  • Update profile information in settings
  • Delete projects and comments
  • Control privacy mode for each project
  • Manage collaborator access
  • Opt out of non-essential communications

Account Deletion

You can delete your account at any time. This will:

  • Remove your profile information
  • Delete your projects and uploaded files
  • Remove you from collaborations
  • Cancel any active subscriptions

7. For European Users (GDPR)

If you are in the European Economic Area, you have additional rights:

Legal Basis for Processing

We process your data based on:

  • Contract: To provide the Service you requested
  • Consent: For optional features like AI analysis
  • Legitimate Interest: To improve our Service and prevent fraud
  • Legal Obligation: To comply with laws

Your GDPR Rights

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing
  • Withdraw Consent: For consent-based processing

To exercise these rights, contact us at privacy@slapback.io. You also have the right to lodge a complaint with your local supervisory authority.

8. For California Users (CCPA)

California residents have specific rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

To make a request, email privacy@slapback.io with "California Privacy Rights" in the subject.

9. Data Retention

We retain your information for different periods depending on the type:

  • Account data: As long as your account is active
  • Projects and audio: Until you delete them or close your account
  • Comments: As long as the associated project exists
  • Billing records: As required by tax laws (typically 7 years)
  • Deleted content: Removed within 30 days from active systems, may persist in backups up to 90 days
  • Analytics data: Aggregated and anonymized after 2 years

10. International Data Transfers

Our servers are located in the United States. If you access Slapback from outside the US, your information will be transferred to and processed in the US. We ensure appropriate safeguards are in place for international transfers.

For transfers from the European Economic Area (EEA) to the US, we rely on:

  • The EU-US Data Privacy Framework for services that participate (including Supabase, Vercel, Google Cloud Platform, and Stripe)
  • Standard Contractual Clauses (SCCs) approved by the European Commission where the Framework doesn't apply
  • Your explicit consent for certain transfers, such as when you request AI analysis

These mechanisms ensure your data receives adequate protection consistent with European data protection laws, even when processed in the United States.

11. Children's Privacy

Slapback is not intended for children under 13 in the US or under 16 in the EEA, unless local law allows a lower age. We do not knowingly collect personal information from children below these age thresholds. If we learn we have collected information from a child under the applicable age limit, we will delete it promptly. If you believe we have collected information from a child under the applicable age, please contact us at privacy@slapback.io.

12. Third-Party Links and Services

Our Service may contain links to third-party websites or allow you to share content from external services:

  • SoundCloud URLs for audio streaming
  • External links shared in comments
  • OAuth authentication providers
  • Payment processing through Stripe

Important: We are not responsible for the privacy practices or content of these third-party services. When you click on external links or interact with third-party services, their privacy policies apply, not ours.

We encourage you to review the privacy policies of any third-party services before providing them with your information.

13. Do Not Track

We do not currently respond to Do Not Track browser signals. We do not track users across third-party websites.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or a prominent notice in the Service. Your continued use after changes means you accept the updated policy.

15. Contact Us

For privacy-related questions, requests, or concerns:

  • Email: privacy@slapback.io
  • Address: Atish Music LLC, New York, NY

We aim to respond to all privacy requests within 30 days.

Last updated: September 10, 2025