Privacy Policy

Songlar ("we", "us", or "our") operates the Songlar web application (songlar.com). This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

By using Songlar, you agree to the collection and use of information in accordance with this policy.

Account Information

When you create an account, we collect your email address and name. If you sign up via Google OAuth, we receive your basic profile information from Google.

API Keys

Songlar uses a Bring Your Own Key (BYOK) model. You provide your own API keys for third-party services such as fal.ai, MiniMax, Replicate, and Bunny CDN. These keys are encrypted using AES-256-GCM encryption before being stored in our database. We never transmit your API keys to any party other than the respective service provider for which the key was issued.

Generated Content

We store metadata about the music tracks and voice clones you create (such as titles, prompts, and generation parameters). Audio files are stored either temporarily on our servers or on Bunny CDN if you choose to save them permanently using your own CDN key.

Payment Information

Payments are processed by Stripe. We do not store your credit card details. We retain your Stripe customer ID and transaction records for billing purposes.

• To provide and maintain the Songlar service
• To authenticate your account and manage your session
• To securely relay your API keys to third-party AI providers on your behalf
• To process payments and manage your platform access
• To communicate service updates or respond to support requests

When you generate music or clone voices, your requests are sent to third-party AI services using your own API keys. These services have their own privacy policies:

• fal.ai — AI model hosting and inference
• MiniMax — Music generation
• Replicate — Voice model training
• Bunny CDN — Audio file storage
• Stripe — Payment processing
• Google — OAuth authentication (optional)

We encourage you to review the privacy policies of these services. Since you use your own API keys, your usage of these services is also governed by your own agreements with them.

We take data security seriously. Your API keys are encrypted at rest using AES-256-GCM encryption with a unique initialization vector for each key. Authentication sessions are managed securely, and all traffic is served over HTTPS.

However, no method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

We retain your account information and generated content for as long as your account is active. You can delete your API keys at any time from the Settings page. If you wish to delete your account entirely, please contact us.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your data in a portable format
• Withdraw consent for optional data processing

To exercise any of these rights, please contact us at the email address listed below.

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party analytics services.

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page.

If you have any questions about this Privacy Policy, please contact us at support@songlar.com.