Privacy Policy

This policy explains how crate collects, uses, and protects personal information when you use the Service. It should be read with our Terms of Service.

Account data (via Clerk): email, and any username, display name, or phone you provide for authentication. Profile data: username, display name, bio, avatar color, and your privacy settings. Your Content: audio files, cover art, lyrics, tags, crates, comments. Usage data: plays/listens, shares, messages, and basic device/log data needed to run and secure the Service.

To provide the Service (store, stream, and deliver your content), to power features you invoke (key/tempo analysis, lyric transcription, waveforms), to show owners listen analytics for their own tracks, to send transactional notifications, to secure the Service and prevent abuse, and to comply with law. We process data to perform our contract with you and based on our legitimate interest in operating a secure product.

We share limited data with vendors who process it on our behalf under contract: Clerk (authentication), Neon (Postgres database), Vercel (hosting + Blob file storage), and, only when you choose to generate lyrics with a cloud provider, OpenAI or Groq (speech-to-text). We do not sell personal information.

Audio is stored in private object storage and served only through authenticated, access-checked, expiring stream endpoints — we never expose a raw, permanent file URL. Access is enforced per request against ownership, shares, listening windows, and link locks. Data is encrypted in transit (TLS) and at rest by our storage providers.

In Settings you can control profile visibility, who may message you, whether your listen activity is shown, and the default sharing/permission behavior. You can edit or delete your content at any time, and delete your account, which removes your profile and content from active systems (residual backups are purged on our routine schedule).

Depending on where you live (e.g., under the CCPA/CPRA or GDPR), you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. We honor verified requests to privacy@crate.app and will not discriminate against you for exercising them. We do not “sell” or “share” personal information for cross-context behavioral advertising.

We keep personal information for as long as your account is active or as needed to provide the Service and meet legal obligations, then delete or anonymize it.

The Service is not directed to children under 13, and we do not knowingly collect their data. If you believe a child has provided us information, contact privacy@crate.app.

We may update this policy; material changes will be posted here with a new date. Contact: privacy@crate.app.