Privacy Policy

How HumToBeats handles information

This Privacy Policy explains what information HumToBeats collects, how we use it, when we share it, how long we keep it, and what choices you may have.

Effective Date

April 28, 2026

Public Contact

support@humtobeats.com

Current Model

Public website and beat-creation service

1. Scope

This Privacy Policy applies to the HumToBeats website, including the landing page, create studio, result and remix pages, signup and login pages, subscribe pages, contact page, and APIs or embedded services used to power those product surfaces.

2. Information we collect

A. Information you choose to provide

  • If you contact us, we may receive your email address and any information you include in your message.
  • If you create an account, log in, or recover your password, we may collect the details you submit.
  • If you start a paid upgrade flow, we may collect plan-selection and checkout-related metadata.

B. Information stored locally in your browser for product operation

  • Your selected locale via the `NEXT_LOCALE` cookie.
  • An authenticated session cookie after successful login or signup.
  • In the current create studio, locally persisted project data such as hum recordings, tap timing, selected style, remix controls, generation count, and generated audio data may be stored in your browser so the experience can be restored across reloads.

C. Important note about the current create flow

In the current browser-based create flow, recording a hum, tapping a rhythm, generating a beat, saving the local project snapshot, and downloading the generated WAV file are primarily handled in your browser. Those locally persisted assets are not intentionally uploaded to our servers merely because you use the on-page beat creation flow.

Other actions, such as authentication, paid checkout, support contact, and abuse prevention, do involve server or third-party processing as described below.

D. Information sent to our servers

  • Signup, login, logout, password recovery, and session-authentication requests.
  • Account identifiers, verification state, and session ownership needed to maintain account access.
  • Plan and billing-cycle selections when you start a paid checkout.
  • Checkout request identifiers and the account email needed to associate a successful payment-provider checkout with your user account.
  • Operational request metadata used for debugging, security, and rate-limiting.

E. Security and anti-abuse data

  • The signup flow uses Cloudflare Turnstile. When that feature loads or verifies, Cloudflare may collect device, browser, IP, and interaction information according to its own policies.
  • Server logs and abuse-prevention records may include IP-related request metadata and verification status.

F. Billing and provider-operation data

  • Paid checkout flows currently use the payment provider you select at checkout, including Creem, PayPal, or Dodo Payments. When you start a paid checkout, limited account and billing context such as your selected plan, billing cycle, account email, and internal checkout request identifiers may be shared with that provider so it can create, confirm, and manage the checkout or subscription.
  • Infrastructure or service providers may process limited data necessary to deliver authentication email, storage, or backend operations.

3. How we use information

  • To create and maintain user accounts and authenticated sessions.
  • To restore product state and keep the create experience coherent across reloads.
  • To process signup, login, verification, support, and paid checkout flows.
  • To prevent spam, bots, fraud, abuse, and security misuse.
  • To troubleshoot, monitor performance, and improve product quality.
  • To respond to messages you send us.

4. When we share information

We may share information in the following circumstances:

  • With vendors and infrastructure providers that help operate HumToBeats.
  • With anti-abuse providers such as Cloudflare Turnstile.
  • With billing or subscription providers when you start or confirm a paid checkout.
  • When required by law, legal process, or to protect rights, safety, and security.
  • In connection with a merger, financing, sale, or transfer of all or part of the business.

If you use native browser sharing or export content into other apps or platforms, those later destinations are outside HumToBeats and are governed by their own policies.

5. Third-party processors and embedded services

Depending on configuration, HumToBeats may use providers such as Cloudflare Turnstile, authentication email delivery vendors, selected billing providers for hosted checkout and subscription billing, and cloud infrastructure services. These services may process data necessary to deliver their part of the product.

Their handling of data is governed by their own privacy notices and terms, so you should review those providers if you want more detail about their practices.

6. Retention

We retain information for as long as reasonably necessary to operate the service, maintain security, support debugging, satisfy legal obligations, manage subscriptions, or protect against abuse.

Browser-local project data may remain on your device until you clear it, overwrite it, or your browser removes it. Server-side authentication or billing records may persist longer when needed for security, compliance, or account operations.

7. Security

We use reasonable technical and organizational measures to help protect information, but no system is completely secure. You should not send highly sensitive information to HumToBeats unless it is clearly required by a live feature and appropriate safeguards are in place.

8. Your choices and rights

  • You can clear local browser storage and cookies through your browser settings.
  • You can stop using the site at any time.
  • You can contact us to request access, correction, or deletion where applicable.
  • If local law gives you specific privacy rights, we will handle requests in line with applicable legal requirements.

To make a privacy request, contact support@humtobeats.com.

9. Children's privacy

HumToBeats is not intended for children under 13, and we do not knowingly seek to collect personal information from children under 13 through the public website.

10. International processing

HumToBeats and its service providers may process information in countries other than your own. By using the service, you understand that information may be transferred to and processed in jurisdictions with different privacy laws than the laws of your home country.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version here and update the effective date at the top of the page.

12. Contact

Questions about this Privacy Policy can be sent to support@humtobeats.com.

You should also review our Terms of Use for the rules that apply to use of HumToBeats.