← Back to MIDY

Privacy Policy

1. Introduction

MIDY ("we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website midy.nighthink.com and use our services (the "Service"). By accessing or using our Service, you agree to be bound by the terms described herein.

2. Information We Collect

We may collect information about you in a variety of ways:

• Account Information: When you create an account to use AI Compose, we collect your email address and a hashed (encrypted) version of your password. We never store your password in plain text.
• Usage Data: We automatically collect certain information about your device, including your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of your visits.
• Payment Information: When you purchase credits, payment is processed by Stripe. We do not store your credit card details. We only receive confirmation of the transaction and your email address from Stripe.
• Cookies: We use cookies and similar tracking technologies to track activity on our Service and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

3. Use of Your Information

We use the information we collect for various purposes, including:

• To provide and maintain our Service, including account management and credit tracking
• To process payments and deliver purchased credits to your account
• To gather analysis or valuable information so that we can improve our Service
• To monitor the usage of our Service
• To detect, prevent, and address technical issues
• To display advertisements via third-party services like Google AdSense

4. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context in which we collect it. We may process your personal data because:

• We need to perform a contract with you (e.g., to provide your purchased credits)
• You have given us permission to do so
• The processing is in our legitimate interests and it is not overridden by your rights
• To comply with the law

5. Data Storage and Security

Your account data (email address, hashed password, credit balance) is stored securely in a PostgreSQL database hosted by Supabase. Passwords are hashed using bcrypt and are never stored in plain text. We implement industry-standard security measures to protect your data against unauthorized access.

6. Retention and Transfer of Data

We will retain your personal data for as long as your account is active or as needed to provide you services. You may request deletion of your account and associated data at any time by contacting us. Your information may be stored on servers located outside your country of residence.

7. Disclosure of Your Information

We may disclose your information to third parties in certain situations, such as:

• To comply with a court order, law, or legal process.
• To enforce our terms and conditions.
• If we believe disclosure is necessary to protect the rights, property, or safety of our company, our customers, or others.

8. Third-Party Services

• Stripe: We use Stripe to process payments. When you purchase credits, you are redirected to a Stripe-hosted payment page. Stripe collects and processes your payment information in accordance with their Privacy Policy. We receive only a transaction confirmation and your email address.
• OpenAI: The AI Compose feature sends your selected parameters (mood, key, tempo, style) to OpenAI's API to generate melodies. No personal information is sent to OpenAI. Data is handled according to OpenAI's Privacy Policy.
• Google AdSense: We use Google AdSense to display advertisements. Google AdSense uses cookies to serve ads based on a user's prior visits to our website or other websites. You can opt-out of Google's use of cookies by visiting the Google Advertising Opt-out Page.
• Microsoft Clarity: We use Microsoft Clarity to understand how users interact with our website to improve usability. All data is handled in accordance with the Microsoft Privacy Statement.
• Supabase: We use Supabase to store account data. Data is handled in accordance with Supabase's Privacy Policy.

9. Your Data Protection Rights under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights, including the right to access, correct, or delete your personal data. To exercise these rights, please contact us at dev@nighthink.com.

10. Your Data Protection Rights under CPRA

If you are a resident of California, you have certain data protection rights under the California Privacy Rights Act (CPRA), including the right to know, delete, and opt-out of the sale or sharing of your personal information. To exercise your CPRA rights, please contact us.

11. Age Restriction

Our Service is intended for users aged 18 and older. We do not knowingly collect personally identifiable information from anyone under the age of 18.

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be effective immediately upon posting the revised Privacy Policy on our website.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at dev@nighthink.com.