Effective date: May 2, 2026  ·  Last updated: May 2, 2026

This Privacy Policy explains how [OPERATOR LEGAL NAME], a sole proprietorship organized under the laws of the Commonwealth of Pennsylvania, doing business as “Aether EQ” (“we,” “us,” or “our”), collects, uses, discloses, and protects information about you (“you”) when you use the Aether EQ web application, the API, and related services (collectively, the “Service”). It is incorporated into our Terms of Service. If you do not agree, do not use the Service.

1. Information We Collect

We collect only what we need to operate the Service.

• Google account information, received from Google Sign-In: your Google user ID (UID), display name, email address, and profile photo URL. We do not receive or store your Google password.
• Account data, stored in Cloud Firestore: a chosen public username (3–32 lowercase letters, digits, or underscores), creation timestamp, last login timestamp, and subscription status.
• EQ profiles you create, including profile name, the 10-band EQ values, and metadata such as the headphone you selected.
• Guided-EQ prompts, meaning the text you submit to the guided EQ generator (free-form prompts, headphone selection, and game-genre tag), the EQ JSON returned, and the system prompt used to produce it.
• Community content, if you post to the community feed: post title, body, preset label, preset text, your authoring identifiers, and timestamps.
• Subscription data, received from Stripe: your Stripe customer ID, plan key, subscription status, current period end, cancel-at-period-end flag, and the last four digits of your card via Stripe’s portal. We never receive or store your full card number, CVV, or bank credentials.
• Usage and rate-limit data, including the IP address that contacts our API, User-Agent string, and per-month guided-EQ usage counts, used to enforce Pro quotas and to throttle abuse.
• Local-device data, stored in your browser: minimal preferences in localStorage such as a saved API base override and locally-cached profiles. We do not use third-party advertising cookies.
• Server logs, including timestamps, request paths, status codes, and error messages, retained for a limited period for security and debugging.

2. How We Use Your Information

We use the information described above to:

• Create and authenticate your account;
• Generate guided EQ outputs in response to your prompts;
• Save and synchronize your EQ profiles across devices;
• Process payments and operate paid plans;
• Enforce rate limits, subscription quotas, and Acceptable Use;
• Detect and prevent fraud, abuse, and security incidents;
• Improve the Service, including through anonymized aggregate analysis of guided-EQ inputs and outputs;
• Communicate with you about your account, security, and material changes to the Service or these policies;
• Comply with legal obligations and enforce our agreements.

3. Lawful Bases (EU/EEA/UK Users)

Where the GDPR or UK GDPR applies, we rely on the following lawful bases:

• Contract (Art. 6(1)(b)): to provide the Service you request, including authentication, EQ generation, profile sync, and payment processing.
• Legitimate interests (Art. 6(1)(f)): security, fraud prevention, abuse throttling, and improving the Service.
• Legal obligation (Art. 6(1)(c)): tax, accounting, and responses to lawful requests.
• Consent (Art. 6(1)(a)): where you opt in to receive non-essential communications.

4. Guided-EQ Prompts and OpenAI

Guided-EQ prompts are sent to OpenAI’s API for inference and may, at our option, be appended to a local training-log file used to fine-tune our own EQ model. We do not include your Google email, UID, or display name in the text sent to OpenAI. Your interaction with OpenAI is also subject to OpenAI’s data-handling terms, which OpenAI publishes at openai.com.

5. Who We Share Information With

We do not sell or rent your personal information. We share it only with:

• Google / Firebase platform (Authentication, Firestore, Cloud Functions, Hosting). Google is our primary infrastructure provider and a sub-processor of personal data.
• Stripe, Inc. for payments and subscription management. Stripe acts as a payment processor and as an independent controller of payment-related personal data.
• OpenAI, L.L.C. for guided-EQ inference, as described in Section 4.
• Service providers we engage to host or support the Service, bound by written confidentiality and security obligations.
• Successors in the event of a merger, acquisition, or sale of substantially all of our assets, subject to a privacy notice no less protective than this one.
• Authorities when required by valid legal process, to protect rights, safety, or property, or to enforce our agreements.

6. International Transfers

We are based in the United States. When you use the Service, your information may be transferred to and processed in the United States and other countries that may have data-protection laws different from your country. For users in the European Economic Area, the United Kingdom, or Switzerland, transfers are made in reliance on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or another approved transfer mechanism, as published by our sub-processors.

7. Retention

We keep personal information for as long as is reasonably necessary to provide the Service and comply with our legal obligations:

• Account, EQ-profile, and community data: until you delete the data or your account, plus a short backup-rotation window.
• Payment metadata (not card numbers): up to seven (7) years for tax and accounting purposes.
• Server logs: typically up to ninety (90) days, or longer as needed to investigate a security incident.

8. Your Privacy Rights

Subject to applicable law and to verifying your identity, you have the following rights with respect to your personal information:

• Access: request a copy of personal information we hold about you;
• Correction: ask us to correct information that is inaccurate;
• Deletion: ask us to delete your account and associated personal information;
• Portability: receive your information in a structured, commonly-used, machine-readable format;
• Restriction or objection: ask us to restrict or stop processing of certain personal information;
• Withdraw consent where we rely on consent;
• Lodge a complaint with your local data-protection authority.

California residents (CCPA/CPRA). California law gives you additional rights to know what personal information we collect, to delete it, to correct it, to limit the use of sensitive personal information, and to be free from discrimination for exercising your rights. We do not “sell” or “share” personal information for cross-context behavioral advertising as those terms are defined under California law.

To exercise any right, email aether.eq.app@gmail.com with the subject “Privacy Request” and the email associated with your account. We will respond within the time required by applicable law (typically 30–45 days). You may designate an authorized agent to act on your behalf where the law permits, with proof of authorization.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us and we will delete it promptly.

10. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including TLS in transit, access controls on infrastructure, signed-token authentication, and least-privilege Firestore security rules. No system is perfectly secure; we cannot guarantee that information will never be accessed, disclosed, altered, or destroyed by breach of our safeguards. Notify us immediately at the address in Section 13 if you suspect unauthorized access to your account.

11. Cookies and Local Storage

We use cookies and similar local-storage mechanisms only as needed to operate the Service: Firebase Authentication uses cookies and IndexedDB to keep you signed in; the app uses localStorage to remember small preferences (e.g., locally-cached EQ profiles, an optional API base override). We do not use third-party advertising cookies, third-party analytics that build cross-site profiles, or session-replay tools.

12. Changes to This Policy

We may update this Privacy Policy. The version in effect at the time of your use governs that use. For material changes, we will give at least thirty (30) days’ advance notice by email or in-app notice. The “Last updated” date at the top reflects the most recent revision.

13. Contact

Cross-references: Terms of Service  ·  Refund Policy  ·  Back to dashboard