Privacy Policy
Your data, your music, your control.
Melodex Studio is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.
1. Personal Data We Collect
We collect only the data that is necessary to operate, maintain, and continuously improve Melodex. We do not collect sensitive personal information such as health data, biometric data, or religious beliefs, and we do not knowingly collect data from minors below the permitted age thresholds.
1a. Information You Provide Directly
- Account Information: Email address — used for account authentication, communications, and recovery. Name (optional) — if you choose to provide it. Login credentials — passwords are hashed and encrypted using industry-standard algorithms. We never store passwords in plaintext.
- User-Created Content: Prompts you enter into the application (e.g., “create a lo-fi beat at 85 BPM with jazzy chords”). Music projects saved as structured JSON files (.musicproj format), including track arrangements, MIDI data, tempo, key, and instrument configurations. Project metadata such as title, date created, last modified, and tags.
- Communications: Messages you send to our support team. Feedback, bug reports, and feature suggestions submitted through the application or our website.
1b. Information Collected Automatically
- Device & Technical Information: Operating system (e.g., Windows, macOS, Linux). Application version. Device type and hardware configuration relevant to audio performance.
- Usage Data: Features accessed (e.g., generation, editing, export, mixing). Interaction timestamps and session durations. Button clicks, menu navigations, and tool usage patterns (aggregated and anonymized where possible).
- Log & Diagnostic Data: IP address (collected transiently for security and abuse prevention). Crash logs and performance metrics. Error reports submitted for debugging and quality assurance.
1c. Payment Information
If you subscribe to a paid Melodex plan, payment is processed exclusively by trusted third-party payment providers (such as Stripe). We do not store, process, or have access to your full credit card number, CVV, or bank account details. We may retain limited transaction records (e.g., subscription tier, billing date, transaction ID) for accounting and legal compliance purposes.
1d. Data We Do Not Collect
- ✓We do not collect sensitive personal data such as health information, biometric identifiers, racial or ethnic origin, religious beliefs, political opinions, or sexual orientation. We do not knowingly collect personal data from children under 13 (US) or under 16 (EU).
2. How We Use Personal Data
We use the data we collect strictly to operate and improve Melodex.
| Purpose | Details |
|---|---|
| Provide the service | Operate and maintain the Melodex app; authenticate your account; save and sync your projects. |
| AI-powered generation | Send your prompts and project structure to AI providers to generate or modify music projects. |
| Subscription management | Process payments, manage your plan, and issue receipts. |
| Performance & reliability | Monitor app health, diagnose bugs, fix crashes, and improve performance. |
| Security & fraud prevention | Detect and prevent unauthorized access, abuse, or violations of our Terms of Service. |
| Communication | Send transactional emails (account changes, receipts) and important product updates. |
| Product improvement | Use aggregated, anonymized data to develop new features and improve existing ones. |
3. AI Processing and Data Use
Melodex uses third-party AI models (including Anthropic Claude) to interpret your natural language prompts and generate structured music instructions.
3a. How AI Processing Works
Your text prompt and relevant project data (structured JSON format, not raw audio) are transmitted to the AI provider’s API. The AI model interprets the prompt and returns structured instructions (e.g., “add a reverb effect to track 3 at 30% mix”). All actual music generation, synthesis, and audio playback happens locally on your device. Raw audio files are never sent to our servers or to AI providers.
3b. Key Privacy Guarantees
- ⛔We do NOT use your prompts, music projects, or creative work to train any AI model — whether our own or third-party.
- ⛔We do NOT permit any third-party AI provider to use your data for training their models. Our agreements with providers contractually prohibit this.
- ✓We minimise the data we send. Only the structured information strictly required to fulfil your prompt is shared with AI providers. Unnecessary personal or project data is never included.
This architecture is intentional: your creative work stays private and under your control. Melodex is designed so that the most sensitive and personal parts of your work — the audio itself — never leave your device.
4. How We Share Personal Data
We do not sell your personal data. We do not share it for advertising purposes. We only share data in the limited circumstances described below.
4a. Service Providers
We work with carefully selected third-party companies who perform services on our behalf. These include: AI providers (e.g., Anthropic) — for natural language processing and music instruction generation. Cloud infrastructure providers — for secure hosting and storage. Payment processors (e.g., Stripe) — for subscription and billing management. Analytics and monitoring tools — for application performance and error tracking. All service providers are contractually bound to protect your data, use it only for the specific services they provide to us, and comply with applicable data protection laws. We do not permit them to use your data for their own commercial purposes.
4b. Legal Requirements
We may disclose personal data if we believe in good faith that such disclosure is required to: Comply with applicable law, regulation, or a valid legal process (such as a court order or subpoena). Respond to requests from competent government or regulatory authorities. Protect the safety, rights, or property of Melodex, our users, or the public.
4c. Business Transfers
If Melodex Studio is involved in a merger, acquisition, financing, reorganisation, or sale of all or part of its assets, your personal data may be transferred to the relevant successor entity. We will notify you via email and/or in-app notification before such a transfer occurs and will ensure the receiving party provides at least equivalent privacy protections.
4d. With Your Explicit Consent
We may share data with additional third parties if you have given us your clear and informed consent to do so. You may withdraw this consent at any time by contacting us.
5. Data Retention
We retain personal data only for as long as it is necessary to fulfil the purposes described in this policy, or as required by applicable law.
| Data Category | Retention Period |
|---|---|
| Account information & music projects | Retained while your account is active. |
| Usage data & session logs | Typically up to 12 months, then anonymised or deleted. |
| Crash logs & diagnostic data | Up to 90 days. |
| Payment & transaction records | As required by applicable financial and tax regulations (typically 7 years). |
| Support communications | Up to 2 years after ticket resolution, or as required for legal disputes. |
We may retain certain limited data for longer periods where required for legal compliance, fraud prevention, or ongoing dispute resolution. In such cases, access to the data is restricted to only those personnel with a legitimate need.
6. Account Deletion
You may request the deletion of your Melodex account at any time, free of charge, without penalty.
- Upon account deletion:: Your account credentials and profile information will be permanently removed. All stored prompts, music projects, and associated metadata will be permanently deleted from our active systems. Deletion from active systems is completed within 30 days of your request. Backup systems may take an additional period (typically up to 90 days) to fully purge deleted data.
Certain data may be retained beyond account deletion where required by law — for example, payment records required under financial regulations. Such retained data will be stored securely and accessed only for the purposes required by law.
7. Your Rights and Choices
Depending on your location and applicable data protection law (including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)), you may have the following rights over your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Correction | Request correction of any inaccurate or incomplete personal data. |
| Erasure | Request deletion of your personal data (subject to legal retention requirements). |
| Portability | Request your data in a structured, machine-readable format for transfer to another service. |
| Restriction | Request that we restrict processing of your data in certain circumstances. |
| Objection | Object to processing based on legitimate interests or for direct marketing. |
| Withdraw consent | Where processing is based on your consent, withdraw it at any time without affecting past processing. |
To exercise any of these rights, contact us at: privacy@melodexstudio.com. We will respond within the timeframe required by applicable law (typically 30 days). We will not discriminate against you for exercising your privacy rights.
8. Security
We take the security of your personal data seriously and implement technical and organisational measures appropriate to the risk.
- Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
- Encryption at rest: Stored data is encrypted using industry-standard algorithms.
- Access controls: Internal access to personal data is restricted on a need-to-know basis and requires strong authentication.
- Regular security audits: Vulnerability assessments and security testing.
- Incident response: Procedures to detect, respond to, and notify users of data breaches where required by law.
By design, Melodex minimises the attack surface for your most sensitive data: Audio generation and playback happen locally on your device. Raw audio files are never transmitted to our servers. AI providers receive only structured JSON data, not your audio.
No system is completely immune to security threats. While we take strong precautions, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately.
9. International Data Transfers
Melodex operates globally, and your personal data may be processed in countries other than your country of residence.
When we transfer personal data outside of the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, we implement appropriate safeguards as required by applicable law. These may include: Standard Contractual Clauses (SCCs) approved by the European Commission. Adequacy decisions issued by relevant regulatory authorities. Binding Corporate Rules or other approved transfer mechanisms. You may request further information about the specific safeguards applied to transfers of your data by contacting us at the address in Section 13.
10. Children's Privacy
Melodex is not directed at or intended for use by: Children under the age of 13 in the United States. Children under the age of 16 in the European Union and European Economic Area. Minors below the applicable minimum age in other jurisdictions.
We do not knowingly collect personal data from children below these age thresholds. If we become aware that we have inadvertently collected such data, we will take prompt steps to delete it. If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately at the address in Section 13.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
If we make material changes that significantly affect your rights or how we process your data, we will notify you through one or more of the following: Email notification to the address associated with your account. A prominent in-app notice when you next open Melodex. A notice posted on our website. Your continued use of Melodex after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should stop using the service and request deletion of your account.
12. Ownership of Your Creative Content
Melodex is built on the principle that creators own their creations, in full, without exception.
- ✓You retain full, exclusive ownership of all music, projects, stems, MIDI data, and exported audio files you create using Melodex. We claim no intellectual property rights whatsoever over your creative output.
You grant Melodex a limited, non-exclusive, royalty-free licence solely to store, process, and transmit your content for the purpose of providing the service to you. This licence does not permit us to use your content for any other purpose — including marketing, training AI models, or distribution to third parties — without your explicit written consent. When you delete your account or your content, our licence to that content terminates, and the content is deleted in accordance with Section 5 and Section 6.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Melodex Studio:
- Privacy Officer Email: privacy@melodexstudio.com
- Support Email: support@melodexstudio.com
- Website: melodexstudio.com
- Response time: We aim to respond to all privacy-related enquiries within 30 days.
Melodex is built to give creators control — over their music and their data.