Privacy Policy

1. Who we are

Liora Music Technologies, Inc. ("Liora") is the data controller for personal data processed in connection with the Liora service. Contact: [email protected].

For users in the European Economic Area, our representative under Article 27 GDPR is appointed and contactable at the same address.

2. What data we collect

We collect the following categories of data:

• Account data — email address, display name, profile photo (if provided), language preference, password hash (if applicable), authentication tokens.
• Billing data — billing address, last 4 digits of payment method, country, tax ID (if business). Full payment-card data is collected and stored by Stripe and never reaches Liora's servers.
• Service data — prompts, lyrics, generated tracks, library, playlists, preferences, usage events.
• Device & technical data — IP address (hashed for security purposes), browser, OS, device type, referrer, session identifiers.
• Communications — emails, support messages, survey responses.
• Cookies — see /legal/cookies.

3. How we use your data

We process personal data for the following purposes and legal bases (under GDPR):

We do not use your private prompts, lyrics, generated tracks or other private User Content to train artificial intelligence models. If we ever change this, we will require explicit opt-in consent before doing so for any user.

4. Sharing

We share data only with:

• Service providers (processors) acting on our instructions — including: Stripe (payments), Postmark (transactional email), Cloudflare (CDN, security), and our cloud and database hosts. A list is at /legal/subprocessors.
• Authorities, where required by law (court order, subpoena), and only the minimum required.
• Business transfer — in a merger, acquisition or sale of assets, your data may be transferred subject to confidentiality.

We do not sell or rent personal data.

5. International transfers

Liora is headquartered in the United States. Data of users in the EEA, UK and Switzerland may be transferred to the United States and other jurisdictions. Where required, transfers are protected by the EU Standard Contractual Clauses (SCCs) or equivalent safeguards.

6. Retention

We keep personal data only as long as needed for the purpose collected:

• Account data — as long as your account is active, plus up to 30 days after deletion (recovery window), then irreversibly purged.
• Billing records — 10 years (tax law).
• Logs — up to 90 days.
• Backups — up to 35 days.

7. Your rights

Subject to applicable law, you have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Erase your data (the "right to be forgotten").
• Restrict or object to processing.
• Data portability — receive your data in a portable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with your local supervisory authority.

To exercise any right, email [email protected] or use Settings → Privacy. We respond within 30 days.

California residents have additional rights under CCPA/CPRA, including the right to know, delete, correct, and limit the use of sensitive personal information. We do not sell personal information.

8. Children

The Service is not directed to children under 13, and we do not knowingly collect data from them. If you believe we have done so, contact [email protected] and we will delete it.

9. Security

We protect your data with industry-standard measures: encryption in transit (TLS 1.2+) and at rest, role-based access control, audit logging, vulnerability scanning, and SOC 2 Type II controls (in progress). No system is perfectly secure; you accept residual risk by using the Service.

10. Changes

Material changes to this Policy will be announced at least 30 days in advance by email and in-app notice.

11. Contact

Liora Music Technologies, Inc.

[email protected]