Privacy Policy
Last updated: April 2026
Soundr8 is built on the idea that music taste is personal. So is your data. This policy explains exactly what we collect, why we collect it, and how we protect it — in plain language.
1. Who We Are
Soundr8 is a social music rating platform that allows users to rate albums and tracks, follow friends, and discover music through a personalised social feed. We are operated from Milan, Italy. For privacy-related queries, contact us at privacy@soundr8.app.
2. What We Collect
We only collect data that is necessary to provide and improve the Soundr8 service. Here is everything we collect:
- Account data: your email address, username, display name, and profile photo when you create an account
- Taste and activity data: the eras, genres, and artists you selected during onboarding; the albums and tracks you rate; the scores you give; any comments or reviews you write
- Social data: the accounts you follow, your follower list, and interactions with other users' content
- Device data: device type, operating system version, and app version, used solely for crash reporting and compatibility
- Communications: if you contact us by email, we retain that correspondence to resolve your query
What we do not collect: your precise location, contacts, microphone input, camera data beyond profile photos you choose to upload, or any sensitive personal data beyond what is listed above.
3. How We Use Your Data
We use the data we collect for the following purposes:
- To provide, operate, and improve the Soundr8 service
- To personalise your discovery feed and recommendations based on your taste profile
- To display your ratings and reviews to other users as part of the social features you have opted into
- To send important service notifications — we do not send marketing emails without your explicit consent
- To detect and prevent abuse, spam, fake ratings, and violations of our Terms of Service
- To comply with applicable legal obligations
- To run content moderation on uploaded profile images to ensure they comply with our guidelines
We never sell your personal data. We do not allow advertisers to target you based on your data within any Soundr8 product.
4. What Is Public By Default
The following information is visible to all Soundr8 users by default when you create an account:
- Your username and display name
- Your profile photo
- Your ratings, scores, and reviews
- Your follower and following counts
- Your music taste profile (genres, eras)
Your email address is never shown publicly under any circumstances. We do not offer private accounts at this time — all rating activity is public by design.
5. Third-Party Services
Soundr8 relies on a small number of trusted third-party services to operate. Each has its own privacy policy:
- Supabase — database, authentication, and edge functions. supabase.com/privacy
- iTunes Search API / Last.fm — music metadata and track data. No personal data is shared with these services
- Anthropic Claude API — used server-side to generate personalised music recommendations from your taste profile. Queries do not include personally identifiable information
- Sightengine — image content moderation for uploaded profile photos. Images are processed but not stored by Sightengine
- Expo / React Native — app framework used for performance monitoring and crash analytics
6. Data Sharing
We do not share your personal data with third parties except in the following limited circumstances:
- With the service providers listed above, under strict data processing agreements and only to the extent necessary to operate the service
- If required by applicable law, court order, or lawful governmental authority
- To protect the rights, property, or safety of Soundr8, our users, or the public
- In connection with a merger, acquisition, or sale of assets — in which case your data would remain subject to this policy or a successor policy of equal protection
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with the service. Specifically:
- If you delete your account, we will delete your personal data within 30 days
- Ratings and reviews you have posted may persist in aggregated, anonymised form in our analytics after deletion
- We may retain certain data beyond 30 days where required by law, for fraud prevention, or to resolve open disputes
- Backup copies may take up to 60 days to be fully purged from all systems
8. Your Rights
Depending on your location, you have the following rights regarding your personal data. To exercise any of these rights, email privacy@soundr8.app — we respond within 30 days.
- Right to access: request a copy of all data we hold about you
- Right to rectification: request correction of inaccurate or incomplete data
- Right to erasure: request deletion of your account and associated personal data
- Right to portability: request your data in a structured, machine-readable format
- Right to object: object to certain types of processing, including profiling for recommendations
- Right to restrict processing: request that we limit how we use your data in certain circumstances
- Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
If you are located in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.
9. Children's Privacy
Soundr8 is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at privacy@soundr8.app and we will delete it promptly.
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encrypted data transmission via HTTPS on all connections
- Server-side secret management — API keys and credentials are never stored in the client app
- Row-level security policies on our database so users can only access their own data
- Content moderation on uploaded images to prevent harmful material
- Regular security reviews of third-party dependencies
No method of transmission over the internet is 100% secure. While we take every reasonable precaution, we cannot guarantee absolute security. If you become aware of a security issue, please report it to support@soundr8.app.
11. International Data Transfers
Soundr8 is operated from Italy and uses infrastructure providers — primarily Supabase — that may store data in the United States or European Union. Where data is transferred outside the EU/EEA, we ensure that appropriate safeguards are in place in compliance with GDPR and applicable data protection law, including Standard Contractual Clauses where required.
12. Cookies and Tracking
Soundr8 is primarily a mobile application and does not use advertising cookies or third-party tracking pixels. Our website (soundr8.app) uses only essential session cookies required for the site to function. We do not use cookies for advertising, analytics profiling, or cross-site tracking.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via a notice in the app or by email at least 14 days before they take effect. The date at the top of this page will always reflect the most recent update. Continued use of Soundr8 after changes constitutes acceptance of the updated policy.