This English translation is provided for convenience. The German version is the authoritative version. View the German Privacy Policy

Privacy Policy

As of: July 2026 · Version 1.2 · pursuant to GDPR

1. Controller

Controller within the meaning of the GDPR:
Alexander Tannigel
Burgsteinstr. 29
83646 Wackersberg
Germany
Email: support@ai-music-organizer.com

2. What Data Is Processed

The following data is processed in the course of operating AI Music Organizer:

  • Account data, e.g. name, email address and login data
  • Payment and subscription status data (Stripe customer ID, subscription status, payment status, booked packages, storage limits)
  • Uploaded files, e.g. audio files, cover art and images
  • Entered content, e.g. prompts, lyrics, notes and metadata
  • Usage data, e.g. storage consumption, uploads, exports and status
  • Technical data, e.g. IP address, browser information, timestamps and server logs
  • Record of acceptance of the Terms of Use, including the date and time of acceptance and the applicable document version

3. Hosting and Infrastructure (Replit)

The Service is operated on infrastructure provided by Replit, Inc. (USA). When the Service is accessed, the hosting infrastructure processes technically necessary data such as IP address, timestamps and connection data, and creates server logs. Replit processes this data as a Processor for the operation of the application. Further information can be found in the Privacy Policy of Replit.

4. Registration and Login (Clerk)

Login and user management are handled via Clerk, Inc. (USA). Depending on the chosen login method, email address, name, profile picture or OAuth data are processed. Clerk manages authentication and stores corresponding identity data. Further information can be found in the Privacy Policy of Clerk.

5. Payment Processing via Stripe

Payments and subscriptions are processed via Stripe. The contracting entity for users in the European Economic Area is Stripe Payments Europe, Ltd. (Ireland). Payment data (e.g. credit card details) is not stored on own servers. The Service stores only the information necessary for subscription management: Stripe customer ID, subscription status, payment status, booked packages and storage limits.

The privacy information of Stripe additionally applies to payment processing.

6. File Uploads and Cloud Storage

Uploaded files are stored for the purpose of providing the Service. This includes audio files, cover art, reference images and other project-related files. Storage takes place in a Google Cloud Storage bucket provisioned via the Replit infrastructure. Files are served via time-limited, signed URLs. Access to files takes place only within the app functions or via deliberately activated share pages.

7. AI Features (OpenAI and Google Gemini)

For individual AI features initiated by the user, content is transmitted to external AI providers. The providers are OpenAI and Google Gemini. Transmission takes place exclusively for the purpose of providing the respective feature:

  • AI song analysis: The audio file of the song is transmitted to OpenAI for content analysis, together with optional style context (e.g. saved prompts). The technical detection of BPM and musical key, by contrast, is performed locally on the Service's own server infrastructure, without any external transmission.
  • AI lyrics: Song metadata (e.g. title, genre, mood, theme, language) and style prompts are transmitted to OpenAI.
  • Cover generation and editing: Prompt texts (including title, artist name, genre, mood, lyrics excerpts, analysis texts) and, where applicable, selected reference images are transmitted to OpenAI or Google Gemini, depending on the selected model.

Users should not enter or upload content for the processing of which by AI services they do not have authorization. The privacy policies of OpenAI and Google additionally apply.

8. AI Mastering

AI mastering (analysis and audio processing of audio files) is performed entirely locally on the Service's own server infrastructure. No audio data or personal data is transmitted to external AI providers or other third parties in the process.

9. Suno and Flow Import

When a song is imported via a Suno or Flow share link, the server retrieves the publicly accessible share page of the respective provider and transfers content such as the audio file, cover art, title and lyrics into the Service's own storage. No personal data of the user is transmitted to Suno or Flow in the process; these providers are exclusively the source of the imported content, not recipients of user data.

10. Public Song and Album Share Pages

Users may create public share pages for individual songs and for albums. These pages are accessible without login to anyone who knows the link. Only the content selected for sharing is displayed, e.g. cover art, primary audio, release lyrics, genre and language. The user activates and deactivates the share themselves; deactivated shares are no longer publicly accessible. Share pages may contain a notice "Shared via AI Music Organizer".

11. Newsletter and Email Delivery (Resend)

System emails (e.g. confirmation and welcome emails) and the newsletter are sent via Resend. Newsletter sign-up uses a double opt-in procedure: delivery only begins after confirmation via a link sent by email. The email address, sign-up and confirmation timestamps as well as confirmation tokens are stored. Users may unsubscribe from the newsletter at any time.

12. Server Logs and Security

When the Service is accessed, technical data such as IP address, timestamps, pages visited and browser information is recorded in server logs. This data is used exclusively for error analysis, security, abuse prevention and the operation of the Service, and is stored only for as long as necessary for these purposes.

13. Cookies and Local Storage

The Service uses technically necessary cookies and local storage for login, security and UI states. These are required for the operation of the Service.

We currently do not use external web tracking or advertising cookies.

14. Purposes and Legal Bases

Personal data is processed for the following purposes on the following legal bases:

  • Account, login and provision of the app — Article 6(1)(b) GDPR (performance of a contract)
  • Paid subscription and payment processing — Article 6(1)(b) GDPR
  • File and project storage — Article 6(1)(b) GDPR
  • AI features (song analysis, lyrics, cover art) — Article 6(1)(b) GDPR (provision of the feature initiated by the user)
  • AI mastering — Article 6(1)(b) GDPR
  • Public share links — Article 6(1)(b) GDPR (feature activated by the user)
  • Support and system emails — Article 6(1)(b) GDPR
  • Newsletter — Article 6(1)(a) GDPR (consent, may be withdrawn at any time)
  • Security, error and server logs — Article 6(1)(f) GDPR; legitimate interests: secure operation, abuse and fraud prevention, error analysis and stability of the Service
  • Statutory retention of invoice and payment data — Article 6(1)(c) GDPR

15. Provision of Personal Data

An email address or a supported login method is required to create an account; without this data, no account can be created and the Service cannot be used. For a paid subscription, payment data is additionally required, which is entered directly with Stripe; without it, no subscription can be concluded.

All further information and content (e.g. uploaded files, lyrics, notes, newsletter sign-up) is voluntary. There is no statutory obligation to provide data.

16. Retention Periods and Erasure

Data is stored for as long as the user account exists or processing is necessary for the operation of the Service. Users may delete their content at any time. The entire account may be deleted by the user via the settings. Upon account deletion via the app, the project, audio, cover and metadata stored in the app, the associated files in cloud storage, the newsletter entry, the Stripe customer account and the login account at Clerk are deleted.

Payment and billing data may be retained for longer periods due to statutory retention obligations (e.g. pursuant to Sections 147 of the German Fiscal Code (AO) and 257 of the German Commercial Code (HGB)), including after account deletion. Server logs are deleted on a delayed basis as part of infrastructure operations.

If the login account is deleted directly with the login service (Clerk) without using the account deletion in the app, the content stored in the app is not automatically deleted as a result. In that case, a message to support@ai-music-organizer.com is sufficient to arrange complete erasure. There is currently no automatic deletion in the event of extended inactivity.

17. Recipients and Third-Party Providers

In the course of operating the Service, data is passed to the following third-party providers to the extent required for the respective function:

  • Clerk, Inc. (USA) — authentication and user management (account and login data)
  • Stripe Payments Europe, Ltd. (Ireland) with transfers to Stripe, LLC (USA) — payment processing (payment and subscription data)
  • Replit, Inc. (USA) — hosting, infrastructure and provision of cloud storage (technical data, server logs, stored files); Google Cloud is used as a sub-processor for file storage
  • OpenAI (contracting entity for the EEA: OpenAI Ireland Limited, Ireland) — AI song analysis, AI lyrics and cover generation (transmitted content as described in Section 7)
  • Google (Google LLC, USA) — cover generation and editing via Gemini (transmitted content as described in Section 7)
  • Resend (USA) — delivery of system emails and newsletters (email address, delivery data)

Data is not passed on to further third parties for advertising purposes.

18. Data Transfers to Third Countries

Some of the providers mentioned process data in the USA or other third countries outside the EU/EEA. Depending on the provider, the transfer is based on the following safeguards:

  • Clerk, Inc. — active certification under the EU-U.S. Data Privacy Framework (DPF)
  • Stripe — the contracting entity is Stripe Payments Europe, Ltd. (Ireland); transfers to Stripe, LLC (USA) are safeguarded by its DPF certification
  • Replit, Inc. — EU Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR
  • Google LLC (cloud storage as a sub-processor, Gemini) — active certification under the EU-U.S. Data Privacy Framework (DPF)
  • OpenAI — the contracting entity for the EEA is OpenAI Ireland Limited (Ireland); transfers to the USA are based on EU Standard Contractual Clauses (SCCs)
  • Resend — active certification under the EU-U.S. Data Privacy Framework (DPF)

19. Rights of Data Subjects

Under the GDPR, users have in particular the following rights:

  • Access to stored data (Article 15 GDPR)
  • Rectification of inaccurate data (Article 16 GDPR)
  • Erasure of data (Article 17 GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Objection to processing (Article 21 GDPR)
  • Withdrawal of consents given (e.g. newsletter)
  • Complaint to a data protection supervisory authority

To exercise these rights: support@ai-music-organizer.com

20. Withdrawal and Right to Lodge a Complaint

Consents given may be withdrawn at any time with effect for the future. The right to lodge a complaint with a competent data protection supervisory authority remains unaffected — in particular with the authority in the EU Member State of habitual residence or place of work.

The supervisory authority responsible for the Controller is:
Bavarian State Office for Data Protection Supervision
(Bayerisches Landesamt für Datenschutzaufsicht)
Promenade 18
91522 Ansbach
Germany

21. Changes to the Privacy Policy

This Privacy Policy may be updated in the event of material changes to the Service or the legal situation. The date of the last amendment is indicated above. Users will be informed of material changes.