Legal

Privacy Policy

Last updated: 2026-04-19

This Privacy Policy explains what personal data Melogen.ai (“we”, “us”) collects when you use the service available at this website, why we collect it, and what rights you have over it. We aim to keep this short and readable.

1. Who we are

The service is operated by Yannick Daniel Gibson, a sole proprietor based in Czechia (EU).

For any privacy-related question, contact us at hi@melogen.ai.

2. What data we collect

  • Account data. Email address and a salted hash of your password if you sign up with credentials. If you sign in with Google, we also receive your Google profile name and email.
  • Subscription data. Payments are processed by Stripe. We never see or store your card details. We store your Stripe customer ID, current subscription status, and timestamps so we can grant you Pro access.
  • Usage analytics. If you accept analytics cookies, we use PostHog to record page views, UI interactions, and product events (e.g. how many melodies you generate). These events are tied to a random visitor ID, plus your account ID once you log in.
  • Technical data. Standard server logs (IP address, user agent, timestamp) kept for short-term security and abuse prevention.

3. Legal basis (GDPR Art. 6)

  • Performance of a contract — for account, login, and subscription processing.
  • Consent — for analytics cookies (PostHog). You can withdraw consent at any time by clearing your browser's site data; the consent banner will reappear on your next visit.
  • Legitimate interest — for short-lived security logs, fraud prevention, and keeping the service operational.

4. Who we share data with

We do not sell your personal data. We share the minimum necessary with the following processors:

  • Stripe (payments) — under their Privacy Policy.
  • Google (OAuth sign-in, when used) — under Google's Privacy Policy.
  • PostHog (product analytics, only after consent) — under their Privacy Policy.
  • Hosting and infrastructure providers that operate our servers under standard data processing terms.

5. How long we keep it

  • Account data: until you ask us to delete it, or after a long period of inactivity.
  • Subscription records: as long as required by accounting and tax law (typically 10 years in Czechia).
  • Analytics events: up to 12 months, after which they are aggregated or deleted.
  • Server logs: typically 30 days.

6. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased (“right to be forgotten”).
  • Receive a copy of your data in a portable format.
  • Withdraw consent for analytics cookies at any time.
  • Lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, uoou.cz) or your local supervisory authority.

To exercise any of these rights, email us at hi@melogen.ai. We respond within 30 days.

7. International transfers

Some of our processors (notably Stripe, Google, and PostHog) may process data outside the European Economic Area. They do so under Standard Contractual Clauses or equivalent safeguards published by the European Commission.

8. Changes to this policy

We may update this Privacy Policy occasionally. The “Last updated” date at the top reflects the most recent change. Material changes will be highlighted in the app or via email.