Remixy.AI

Privacy Policy

Last updated: May 17, 2026

Remixy.AI ("we", "us", "our") operates the AI music generation service at remixy.ai. This Privacy Policy describes what personal information we collect, how we use it, and the choices you have. By using Remixy.AI you agree to this policy.

1. Data we collect

  • Account data. Email address, a salted bcrypt hash of your password (we never see the plaintext), display name, avatar, handle, optional bio and banner.
  • OAuth profile data. If you sign in with Google, Apple, Discord, or Facebook, we receive your email, name, profile picture URL, and a stable provider user ID. We do not request access to friends, contacts, posts, or any other resource.
  • Generation data. The prompts, lyrics, style tags, and audio you generate on Remixy, along with metadata (duration, model used, timestamps).
  • Usage & technical data. IP address at signup (for anti-fraud rate limiting), last sign-in timestamp, basic server logs.
  • Payment data. Handled by Stripe. We store only a Stripe customer ID, the plan you are subscribed to, and a credit ledger. Card numbers never touch our servers.

2. How we use your data

  • To create and operate your account, authenticate you, and recover access.
  • To send your prompts to our AI generation provider and return the resulting audio.
  • To bill you for paid plans and credit top-ups via Stripe.
  • To prevent fraud (signup IP rate limiting, referral cap enforcement).
  • To send transactional emails (verify email, welcome, generation failure, receipts).
  • To improve the product through aggregated, non-identifying usage analytics.

We do not sell your personal data. We do not use your prompts or generated audio to train third-party models on your behalf.

3. Third parties we share data with

  • SunoAPI — receives your prompt, lyrics, style, and selected model parameters to produce audio. Their privacy policy: sunoapi.org
  • OpenAI — receives your lyric prompt when you use the Lyrics Writer tool.
  • Stripe — receives your email and the amount you pay, and stores card details on their PCI-compliant infrastructure. We never see card numbers.
  • SendGrid (Twilio) — receives your email address and the email body to deliver verify links, receipts, and notifications.
  • OAuth providers (Google / Apple / Discord / Facebook) — only when you actively choose to sign in with them.

4. Retention

We retain your account data and generated audio as long as your account exists. Server logs with IP addresses are retained for up to 90 days for security and abuse investigation. Stripe payment records are retained for the period required by tax and accounting regulations (typically up to 7 years).

5. Your rights

You may at any time:

  • Access the personal data we hold about you by emailing the address below.
  • Correct your profile data through your Settings page.
  • Delete your account and personal data — see our Data Deletion page.
  • Export your generated audio (download links on each track).
  • Withdraw consent for any optional data processing at any time.

Residents of the EU/UK have rights under GDPR; California residents under CCPA. Contact us to exercise any of these.

6. Security

Passwords are stored as bcrypt hashes (cost factor 12). Sessions use signed JWTs over HTTPS. Database access is restricted to the application server. We make commercially reasonable efforts to protect your data but no internet service is 100% secure.

7. Children

Remixy.AI is not intended for children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

8. Changes

We may update this policy. Material changes will be announced via email or an in-app banner at least 14 days before they take effect.

9. Contact

Questions or requests: support@remixy.ai.