Privacy Policy

We treat your data the way we'd want our own treated. We collect what we genuinely need, never sell it, and give you simple ways to see, correct, export, or delete it. The full mechanics are below.

1. What we collect

Account: email, display name, and authentication identifier (from Google Sign-In or email/password). Optional profile fields (city, business name, avatar) only when you provide them.

Usage: tracks you play, skip, save, like, follow, or block. Schedule + station configs. Listening session timestamps. We use this to power personalization and improve track quality. Aggregated + anonymized usage may be used for product analytics.

Payment: Stripe (web) or Apple (iOS IAP) hold your card details — we never see them. We store your subscription status, plan tier, billing source ("apple" / "stripe" / "trial" / "free"), and your last four digits + brand for receipt display.

Device: for multi-device sync and fraud prevention, we record device fingerprint, name, last public IP address, and last heartbeat timestamp for each device tied to your account. IP is used to detect unauthorized multi-location usage on a single-location plan and is not shared.

Cookies: a single essential authentication cookie. No tracking cookies, no advertising cookies, no third-party analytics that identify you.

2. How we use your data

• Authenticate your account + maintain your session.
• Personalize your music: recommendations, scheduling, multi-device sync.
• Process subscriptions, per-track licenses, and refunds.
• Send transactional email (welcome, trial reminders, receipts, license PDFs).
• Detect abuse — multi-location usage on a single-location plan, suspicious device behavior.
• Improve track quality through aggregated + anonymized listening signals. We never tie improvements back to you individually.

We do not sell your data, share it with advertisers, or train external AI models on it. We do not build behavioral profiles for ad targeting.

3. Subprocessors (third-party services)

We use these subprocessors to operate Puana. Each is bound by their own privacy and data-protection terms:

• Supabase — authentication, database, file storage. Region: US.
• Stripe — payment processing for web subscriptions and per-track licenses. PCI DSS Level 1.
• Apple — iOS in-app purchase processing for users who subscribe through the App Store.
• Cloudflare — audio CDN delivery via R2 + edge cache.
• Vercel — web application hosting + edge runtime.
• Google — Sign-In authentication (only when you choose Google as your login).
• Resend — transactional email delivery.
• Anthropic + Google Gemini — AI-assisted vibe matching and onboarding (your prompts are processed but not retained for model training under our enterprise contracts).

We update this list within 30 days of adding or removing a subprocessor.

4. Your rights

You have these rights regardless of where you live, and we honor them at no cost:

• Access — request a copy of the personal data we hold about you.
• Correction — fix inaccurate or incomplete data.
• Erasure — delete your account + associated data. Available in-app: iOS Settings → Delete Account, or web Settings → Account → Delete Account.
• Portability — receive your data in a portable JSON format.
• Objection / Restriction — object to processing or ask us to restrict it.
• Withdraw consent — at any time, with no effect on prior lawful processing.

EU/UK residents (GDPR): these rights are guaranteed under Articles 15–22 of the GDPR. Lawful basis is performance of contract, legitimate interest, or your consent (depending on the processing). You may also complain to your supervisory authority.

California residents (CCPA/CPRA): you have the right to know, delete, correct, opt out of "sale" or "sharing" (we don't do either), and limit use of sensitive personal information. We don't process sensitive personal info for purposes other than providing the service.

To exercise any right, email privacy@puana.app. We respond within 30 days of a verified request.

5. Data retention

Account data is retained while your account is active. After you delete your account, we erase associated data within 30 days, with these exceptions:

• Per-track commercial licenses you've purchased are preserved indefinitely as required for licensing audit and tax purposes.
• Financial records (invoices, refund records) are retained for 7 years to comply with tax law.
• Anonymized aggregate analytics with no personal identifiers may be retained without time limit.

6. Security and breach notification

We protect your data with row-level security on every database table, encryption in transit (TLS 1.2+) and at rest, and least-privilege access controls.

In the event of a personal data breach, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware, in compliance with GDPR Article 33 — or sooner where required by US state law.

7. International data transfers

Our infrastructure is hosted in the United States. If you access Puana from outside the US, your data is transferred to and processed in the US. For EU/UK users, we rely on Standard Contractual Clauses (SCCs) with our subprocessors and on our subprocessors' approved transfer mechanisms.

8. Children

Puana is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

9. Changes

We update this policy as the service evolves. We post the effective date and version at the top, and email registered users when changes materially affect their rights.

10. Contact

Privacy questions, data requests, or breach notifications: privacy@puana.app.

EU/UK representative inquiries: same address; we will forward to our designated representative within 5 business days.