Legal policy
Privacy Policy
How MusiCraft AI collects, uses, stores, shares, and protects information for accounts, AI generation, payments, support, analytics, and security.
Last updated: June 4, 2026
MusiCraft AI is operated by Sphoten Ltd, a company registered in the United Kingdom. This Privacy Policy explains how we handle personal information when you use our website, app, AI music tools, account features, payment flows, support channels, and related services.
AI music products handle creative prompts, generated assets, account records, payment metadata, and technical logs. This policy explains what we collect, why we collect it, who helps us process it, and what choices you may have.
Important points
- No full card storage: Payments are processed by Stripe or another payment provider. We receive payment metadata, but we do not store full payment card numbers.
- AI processing: Prompts, uploads, generated songs, cover art, lyrics, tags, and task metadata may be processed by AI, storage, and infrastructure providers to deliver the requested service.
- Privacy requests: Send access, correction, deletion, or export requests to support@musicraft.ai.
1. Who we are
MusiCraft AI is operated by Sphoten Ltd. For privacy questions or requests, contact support@musicraft.ai.
Depending on your location, Sphoten Ltd may be the controller of personal information we process for our own service operations.
2. Information you provide
We collect information you provide directly when you create or use an account, contact support, buy a plan, configure settings, or use generation tools.
- Account information, such as name, email address, avatar, authentication provider, profile settings, and login identifiers.
- Creative content, such as prompts, lyrics, titles, tags, audio uploads, stems, vocals, artwork, cover references, chat messages, generation settings, and feedback.
- Support information, such as messages, attachments, account email, order IDs, task IDs, screenshots, and details you provide when asking for help.
- Business or billing information, such as company name, tax details, invoice information, billing email, and purchase context when you provide it.
3. Information collected automatically
When you use the service, we may automatically collect technical and usage information needed for security, debugging, analytics, product operation, billing, and abuse prevention.
- Device and browser information, including browser type, operating system, device type, language, timezone, and app version.
- Network and log information, including IP address, request timestamps, referrer, pages visited, error logs, response status, and performance data.
- Product activity, including generation requests, task status, playback events, library activity, chat activity, downloads, likes, dislikes, settings changes, and feature interactions.
- Approximate location inferred from IP address or payment provider metadata where permitted.
4. Payment and order records
Payments are processed by Stripe or another payment provider. We do not store full card numbers, bank account numbers, or card security codes.
We may store payment-related metadata such as customer ID, checkout session ID, subscription ID, invoice ID, payment intent ID, order status, product name, plan, price, currency, credits purchased, taxes, refund status, and timestamps. We use this information to provide receipts, maintain order history, grant credits, support disputes, prevent fraud, and comply with accounting and tax obligations.
5. Generated content and AI processing
To provide AI features, prompts, uploads, lyrics, audio references, generated assets, cover art, tags, task IDs, and metadata may be processed by AI infrastructure, storage providers, content delivery networks, databases, and worker services.
Do not submit content unless you have the rights and permissions needed to process it through the service. We may review, restrict, or preserve content where needed to enforce our Terms, protect rights, prevent abuse, debug failures, or comply with law.
6. How we use information
We use information for the following purposes.
- Provide, personalize, and operate the service, including accounts, chat history, libraries, music generation, image generation, playback, storage, and downloads.
- Process payments, subscriptions, credit grants, refunds, invoices, order status, chargebacks, and billing support.
- Secure the service, authenticate users, detect abuse, investigate fraud, enforce limits, protect rights, and prevent unauthorized access.
- Respond to support requests, legal requests, privacy requests, billing questions, and technical incidents.
- Improve reliability, debug errors, measure performance, understand feature usage, and develop product improvements.
- Send service notices, security alerts, billing notices, policy updates, and administrative messages.
- Send marketing communications where permitted, with opt-out choices where required.
7. Legal bases for processing
Where UK or EU data protection law applies, our legal bases may include performance of a contract, legitimate interests, consent, legal obligations, and protection of rights and safety.
- Contract: to provide the service, process orders, manage subscriptions, and respond to account requests.
- Legitimate interests: to secure the service, prevent abuse, improve reliability, understand usage, and support customers.
- Consent: for certain cookies, marketing, or optional processing where required.
- Legal obligation: for tax, accounting, sanctions, fraud prevention, legal process, and compliance requirements.
8. How we share information
We share information only as needed to operate, secure, improve, and support the service, or as required by law.
- Infrastructure providers for hosting, databases, workers, storage, content delivery, logs, and monitoring.
- AI providers for generation, transformation, moderation, transcription, lyrics, image, audio, and related processing.
- Payment providers for checkout, subscriptions, invoices, taxes, fraud prevention, refunds, disputes, and receipts.
- Authentication, email, analytics, customer support, and security providers.
- Professional advisers, auditors, accountants, legal counsel, and authorities where required.
- A successor organization if we are involved in a merger, acquisition, financing, restructuring, or sale of assets.
9. Cookies and similar technologies
We use cookies, local storage, pixels, tags, SDKs, and similar technologies for login, security, preferences, analytics, performance, checkout, and fraud prevention. Our Cookie Policy explains these technologies in more detail.
10. Retention
We keep information for as long as needed to provide the service, maintain account and billing records, comply with law, resolve disputes, enforce agreements, prevent abuse, preserve security, and support users.
Retention periods vary by category. Billing and order records may be retained for accounting, tax, dispute, and compliance periods. Generated assets and chats may remain until deleted, expired, removed under policy, or no longer needed. Logs may be retained for shorter operational periods unless needed for security or legal reasons.
11. Security
We use technical and organizational measures designed to protect information, including access controls, encryption in transit where appropriate, authentication controls, monitoring, provider security practices, and internal restrictions.
No online service can guarantee absolute security. You are responsible for protecting your credentials, using secure devices, and notifying us if you suspect unauthorized account access.
12. International transfers
We may process and store information in countries other than where you live. Where required, we use appropriate safeguards for international transfers, such as contractual commitments, provider safeguards, and other mechanisms recognized by applicable law.
13. Your privacy rights and choices
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have the right to withdraw consent for certain processing.
To make a privacy request, email support@musicraft.ai. We may need to verify your identity and account ownership before completing the request. Some information may be retained where required for billing, accounting, security, fraud prevention, legal compliance, dispute handling, or legitimate business operations.
14. Marketing choices
You can opt out of promotional emails by using the unsubscribe link in the email or by contacting support. Even if you opt out of marketing, we may still send transactional, security, billing, account, and policy messages.
15. Children
The service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to MusiCraft AI, contact support@musicraft.ai so we can review and delete it where appropriate.
16. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated policy with a revised date. If changes are material, we may provide additional notice through the service, email, or checkout/account surfaces.
17. Contact
Questions about privacy or data protection may be sent to support@musicraft.ai.
Include your account email and the type of request you are making so we can route it correctly.