SONG.ZERO
$ sign_in
Song Zero

Privacy Policy

Effective Date: 2026-05-08 · Last Updated: 2026-05-08

This Privacy Policy explains how Lucid North LLC("Lucid North," "we," "us," or "our") collects, uses, shares, and protects information when you use the Song Zero application at song-zero.appand related services (the "Service"). By using the Service, you agree to the practices described here.

1. Who We Are

Lucid North LLC operates Song Zero. For privacy questions or to exercise your rights, contact us at:

Email: support@song-zero.app
Website: https://lucid-north.com
Mailing address: 6 Honeysuckle Ct., Brick, NJ 08724, United States

2. Scope

This Policy applies to information processed when you visit our website, create an account, generate Runs, subscribe to a paid plan, order Print Products, or otherwise interact with the Service. The Service is currently offered to users physically located in the United States only. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

3. Information We Collect

3.1 Information You Provide

  • Account Information. Email address. If you sign in with Google, we receive your name, email, and Google account ID. If you sign in via magic link, we receive only your email.
  • User Inputs. Anchor song (artist + title) and configuration parameters you submit to generate Runs.
  • Payment Information. When you subscribe, buy run credits, or order Print Products, Stripe, Inc. processes your payment. We do not store your full card number, CVC, or bank details. We receive a Stripe customer ID, the last four digits of your card, card brand, billing email, and subscription status.
  • Print Product Order Information. If you order a Print Product, we collect a shipping name, shipping address, and contact information necessary to fulfill the order, which we share with our print-on-demand fulfillment provider.
  • Communications. Messages you send to us (e.g., support emails).

3.2 Information We Generate or Derive

  • Generations. Playlists, written blurbs, genealogy visualizations, and metadata produced by our pipeline in response to your User Inputs.
  • Run Telemetry. Run ID, timestamps, status, model usage, estimated cost, stage timings, and error logs.
  • Audit Log. Records of administrative actions and certain account events (e.g., subscription changes, ToS acceptance with version hash).

3.3 Information Collected Automatically

  • Device and Usage Data. IP address, browser type, operating system, referring URLs, pages visited, timestamps, and similar log data.
  • Cookies and Similar Technologies. Session cookies for authentication (set by Supabase Auth) and analytics cookies (Google Analytics 4). See §8.

3.4 Information from Third Parties

  • Spotify. When generating playlists, we query Spotify's public API for track metadata (title, artist, album, release year, popularity). We do not access your personal Spotify account, library, or listening history. Playlists are created on Lucid North's own Spotify account and embedded for your use; we never act on your behalf within Spotify.
  • AI Providers. We send your User Inputs and intermediate prompts to Anthropic (Claude models) and Google (Gemini models) for inference. Per our agreements with these providers, your inputs are not used to train their foundation models.

3.5 Sensitive Personal Information

We do not knowingly collect "sensitive personal information" as defined under the California Privacy Rights Act (CPRA), including precise geolocation, racial or ethnic origin, religious beliefs, health information, or contents of mail/email/messages. We do not collect biometric or genetic data.

4. How We Use Information

We use the information described above to:

  • Operate, maintain, and improve the Service.
  • Authenticate users and protect accounts.
  • Generate, deliver, and store Runs.
  • Process subscriptions, pay-per-run credits, refunds, and Print Product orders.
  • Enforce usage tiers and prevent abuse (including detecting multi-account evasion).
  • Operate the public Song Zero Archive. Successful Runs are automatically submitted to our internal curator queue for editorial review and possible publication on the public Archive. See §6.
  • Communicate with you about your account, billing, security, Print Product fulfillment, and Service updates.
  • Monitor cost, performance, and reliability of the pipeline.
  • Comply with legal obligations and enforce our Terms.

4.1 Legal Bases (where applicable)

We process information to perform our contract with you (Terms of Use), to comply with legal obligations, and based on our legitimate interests in operating and securing the Service.

5. AI Processing Disclosure

User Inputs and pipeline-generated intermediate content are sent to third-party AI providers (Anthropic, Google) for inference. These providers process the data under their respective enterprise terms, which prohibit using submitted content to train foundation models. AI-generated output may contain inaccuracies, hallucinations, or fabricated facts; do not rely on Generations as factual without independent verification.

6. Public Archive Submission

Every successful Run is automatically submitted to the Song Zero Archive curator queue.If selected by editorial review, your Generation may be published on the public Song Zero website and shared via Lucid North's marketing channels. The anchor song you submitted (artist + title) will be publicly visible on any published Archive entry.

Published Archive entries do not include your email address or other directly identifying account information unless you separately consent. You authorize this use by initiating a Run (see Terms of Use §5).

7. How We Share Information

We share information only with the following categories of recipients:

RecipientPurposeData Shared
StripePayment processing, subscription management, Print Product checkoutEmail, name, payment method, billing details
SupabaseDatabase, auth, storage hostingAll Service data, encrypted at rest
VercelApplication hosting and edge deliveryApplication traffic and logs
InngestPipeline orchestrationRun metadata and event payloads
AnthropicLLM inferenceUser Inputs and intermediate prompts
Google (Gemini)LLM inference (fact-checking stage)Intermediate prompts
Google (OAuth)Sign-inOAuth tokens, email
Google Analytics 4Aggregate usage analyticsIP address, device data, page views
SpotifyTrack metadata lookup; embedded player deliveryTrack titles and artist names from your Run
ResendTransactional email deliveryEmail address, message content
Print-on-demand provider(s)Print Product fulfillment and shippingName, shipping address, contact info, design files

A current list of subprocessors is maintained at song-zero.app/subprocessors.

We may also disclose information:

  • To comply with law, such as in response to a subpoena or court order.
  • To protect rights and safety, including to prevent fraud, abuse, or imminent harm.
  • In a business transfer, such as a merger or acquisition (with notice to you).
  • With your consent.

We do not sell your personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under the California Privacy Rights Act.

8. Cookies, Analytics, and Opt-Out Signals

  • Session cookies for authentication. These are essential for the Service.
  • Google Analytics 4 to understand aggregate usage. You may opt out by installing the Google Analytics Opt-out Browser Add-on or by selecting "Reject Non-Essential Cookies" in our cookie banner.

We honor the Global Privacy Control (GPC) browser signal as a valid opt-out request for purposes of the California Privacy Rights Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and other state laws that recognize universal opt-out mechanisms. When we detect a GPC signal from your browser, we will treat it as an opt-out of any sale or share of personal information and disable non-essential analytics for your session.

We do not honor "Do Not Track" headers because no industry consensus exists on their interpretation; GPC supersedes DNT for our purposes.

9. Data Retention

We retain information for as long as your account is active and as needed to provide the Service. Specifically:

  • Account and subscription data: retained until account deletion plus up to 7 years for tax and audit purposes.
  • Pipeline run data and Generations: retained for as long as the Service or the public Archive is operational, subject to your right to request deletion under §12.
  • Audit log entries: retained for at least 2 years.
  • Stripe webhook events: retained for at least 7 years for idempotency, tax, and reconciliation purposes.
  • Print Product order records: retained for at least 7 years for tax and consumer protection purposes.
  • Backups: rolling backups retained for up to 30 days.

When you delete your account, we delete or anonymize personally identifying information within 30 days, except where retention is required by law or for fraud prevention. Generations submitted to or featured in the public Archive may persist after account deletion but will be disassociated from your identifying information.

10. Security

We use industry-standard technical and organizational measures to protect information, including TLS in transit, encryption at rest (Supabase), Row Level Security policies, scoped service-role access, Stripe webhook signature verification, and audit logging of administrative actions. No system is perfectly secure; we cannot guarantee absolute security.

11. Children's Privacy

The Service is not directed to children under 18, and we require all users to be at least 18 years of age (see Terms of Use §1). We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a person under 18, contact support@song-zero.appand we will delete it. We do not knowingly collect personal information from children under 13 within the meaning of the Children's Online Privacy Protection Act (COPPA).

12. Your Choices and Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated personal information.
  • Object to or restrict certain processing.
  • Port your data to another service.
  • Withdraw consent where processing is based on consent.
  • Opt out of any sale or sharing of personal information (we do not sell or share, but you may submit the request).
  • Be free from retaliation for exercising any of these rights.

To exercise these rights, email support@song-zero.app from the address associated with your account. We will respond within 45 days (or as required by applicable law). We may verify your identity before fulfilling certain requests.

You may also designate an authorized agentto make a request on your behalf by submitting written authorization signed by you, along with proof of the agent's identity. We may contact you to verify the request before fulfilling it.

If you believe we have not adequately addressed your privacy rights, you may lodge a complaint with the U.S. Federal Trade Commission, your state Attorney General, or, where applicable, your state's privacy regulator (e.g., the California Privacy Protection Agency).

12.1 California Residents (CCPA / CPRA)

If you are a California resident, you have the rights listed above plus the right to opt out of any "sale" or "sharing" of personal information as defined under the CCPA/CPRA. We do not sell or share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes that would trigger the right to limit such use.

The categories of personal information we collect, the purposes for collection, and the categories of recipients are described in §§3, 4, and 7 of this Policy. We have not sold or shared personal information in the preceding 12 months.

12.2 Other U.S. State Rights

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with effective comprehensive privacy laws — may have rights similar to those listed above. To exercise any such right, contact support@song-zero.app.

13. International Users and Geographic Restriction

The Service is operated from the United States and is intended for users physically located in the United States only. We do not offer the Service in the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions outside the United States, and we do not target the Service to residents of those jurisdictions. If you access the Service from outside the United States, you do so on your own initiative and at your own risk, and you consent to the transfer of your information to and its processing in the United States under U.S. law, which may not provide the same level of data protection as the laws of your country.

14. Third-Party Links

The Service may link to or embed third-party websites and services (e.g., Spotify, social platforms). We are not responsible for the privacy practices of those sites. Embedded Spotify players are governed by Spotify's privacy policy.

15. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 daysbefore taking effect. The "Last Updated" date at the top reflects the most recent revision.

16. Contact Us

Lucid North LLC — Privacy
Email: support@song-zero.app
Website: https://lucid-north.com
Mailing address: 6 Honeysuckle Ct., Brick, NJ 08724, United States

For DMCA copyright notices, see Terms of Use §8.