Signals & Sorcery

Privacy Policy

Last updated: April 7, 2026

Signals & Sorcery ("we", "us", "the app") is built and operated by Steve Hiehn as an independent software developer. We take your privacy seriously and aim to collect as little information as possible. This policy explains what we collect, why, and what your rights are.

Summary (the short version)

  • We collect the minimum information needed to run your account, bill your subscription, and power the AI features inside the app.
  • We do not sell, rent, or share your personal information with advertisers.
  • You can cancel your subscription and delete your account at any time, no questions asked.
  • Payments are processed by Stripe. We never see or store your full credit card details.
  • AI generation requests (musical contracts, prompts) are sent to Google Cloud (Gemini and Lyria) to produce MIDI and audio output.

Information We Collect

1. Account Information

When you create an account or sign in, we collect:

  • Your email address (used to identify your account and send service-related emails)
  • A Google account identifier if you sign in with Google

2. Payment Information

When you subscribe, payment is processed by Stripe, Inc. We never receive or store your full credit card number, CVC, or bank credentials. From Stripe we receive only:

  • A subscription status (active, canceled, past due)
  • The last four digits and brand of your card (for display on receipts)
  • Billing country (for tax purposes, where applicable)

Stripe's own privacy policy applies to the payment data they process: https://stripe.com/privacyopen in new window

3. AI Generation Data

When you use the app's AI features, the musical contract you define (key, chords, tempo, bars, and any text prompts) is sent to Google Cloud so that Gemini can generate MIDI and Lyria can generate audio. Google's handling of this data is governed by the Google Cloud Privacy Notice: https://cloud.google.com/terms/cloud-privacy-noticeopen in new window

We do not retain copies of your prompts on our servers beyond what is required to deliver the response back to the app.

4. Basic Usage & Crash Data

The app may collect anonymous usage statistics and crash reports to help us find and fix bugs. This data is not linked to your identity and is not used for advertising.

5. Information We Do NOT Collect

  • We do not collect the contents of your local audio projects, samples, or recordings.
  • We do not track your location.
  • We do not read files on your computer other than those you explicitly open in the app.
  • We do not use third-party advertising or tracking cookies on the app itself.

How We Use Your Information

We use the information above only to:

  1. Provide, maintain, and improve the app
  2. Authenticate you and manage your account
  3. Process your subscription payments
  4. Deliver AI-generated MIDI and audio back to the app
  5. Respond to your support requests
  6. Detect and fix crashes and security issues

We do not use your information for advertising, profiling, or resale.

Who We Share Information With

We share the minimum necessary information with the following service providers:

ProviderPurposeData Shared
StripeSubscription billingEmail, subscription status
Google Cloud (Gemini / Lyria)AI MIDI & audio generationMusical contract and prompt data
Google Analytics (website only)Anonymous website traffic statsStandard web analytics (IP, page views)

We do not sell your data to anyone, ever.

We will only disclose information to law enforcement if required by a valid legal process (e.g., a subpoena or court order).

How We Protect Your Information

  • All network traffic between the app and our services is encrypted with HTTPS/TLS.
  • Payment data is handled exclusively by Stripe, a PCI-DSS Level 1 certified processor — we never see or store it.
  • Account credentials and authentication tokens are stored securely and never shared with third parties.
  • We use reputable cloud providers (Google Cloud, Stripe) that maintain industry-standard security practices.

No system is 100% secure, but we make a good-faith effort to protect your information and will notify you promptly if we ever become aware of a breach that affects your data.

Your Rights

You can, at any time:

  • Cancel your subscription — directly from the app or by emailing us. No questions asked, no retention offers, no dark patterns.
  • Request a copy of the personal information we hold about you.
  • Request deletion of your account and associated personal information.
  • Correct any inaccurate information.

To exercise any of these rights, email stevehiehn@gmail.com and we will respond within a reasonable time (typically within a few business days).

If you are in the European Economic Area (EEA), United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, and CCPA respectively. You may exercise these rights through the same email address above.

Children's Privacy

Signals & Sorcery is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

International Users

The app and its service providers are located in the United States. By using the app, you understand that your information may be processed in the United States and other countries where our providers operate.

Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date above and, where appropriate, notify you via the app or email. Continued use of the app after a change means you accept the updated policy.

Contact

Questions about this Privacy Policy? Email us:

Steve Hiehn Email: stevehiehn@gmail.com Website: https://signalsandsorcery.comopen in new window

Last Updated:
Contributors: shiehn