Privacy Policy
Exactly what data we collect, why, and how long we keep it.
Last updated: July 6, 2026
The short version
- • We never sell your data or use your audio to train AI.
- • Free-tier files are automatically deleted 24 hours after upload.
- • We collect only what's needed to run your account, process payments, and prevent abuse.
- • Sign in with Google gives us your email, name, and profile picture — nothing else.
- • Email teylersf@gmail.com any time to see or delete your data.
Who this policy applies to
This Privacy Policy covers your use of freepodcastmastering.com and freemusicmaster.com (collectively the “Service”), operated by Teyler. Contact: teylersf@gmail.com.
2. What we collect and why
Account information. When you create an account we store the email address you used, the display name and profile picture (if you signed in with Google), and a randomly-generated internal user id. We use this to sign you in, deliver notifications, and associate your masters with your account.
Uploaded audio. When you upload a file, we send it to our AI mastering backend, process it, and return the mastered result. Free-tier files are automatically deleted 24 hours after upload. Files kept in the Unlimited plan's 5Â GB cloud storage stay as long as your subscription is active.
Payment information. Payments are processed by Stripe. Stripe stores your card details; we only store the Stripe customer, subscription, and payment intent IDs we need to record your subscription status and pay-as-you-go credits. We never see your full card number.
Referral data. Each account gets a shareable referral code. When you use someone else's code, we record the code (from the pm_ref cookie) so we can credit them if you become a paying customer.
Anti-fraud signals. To keep the pricing and referral system honest, we store a one-way SHA-256 hash of your IP address at signup time. This lets us detect same-network referrals without ever storing the raw IP. If we enable device fingerprinting in the future, the same policy applies.
Usage records. Each master creates a small log row (user id, timestamp, mastering job id) so we can enforce the 1-per-day quota and show you what you've mastered.
Feedback you send us. When you use the “Feedback” button in the corner, we receive your message, the category (bug / feature / etc.), an optional email if you provide one, the page URL you were on, and technical metadata (user-agent, hashed IP) that helps us reproduce the issue.
3. Sign in with Google
If you choose to sign in with Google, we request only two scopes:
- Email address (
userinfo.email) — used as your login and for delivering notifications. - Name and profile picture (
userinfo.profile) — used for your dashboard display and referral attribution.
We do not request access to your Google Drive, Gmail, contacts, calendar, or any other Google product. We do not post to your account or read messages on your behalf.
We use and transfer information received from Google APIs to any other app in accordance with the Google API Services User Data Policy, including the Limited Use requirements.
4. Who we share your data with (processors)
We don't sell your data. We do use a small set of trusted third-party services (“processors”) to run parts of the platform. Each only receives the specific data it needs.
- Hexclave (formerly Stack Auth) — identity and session management. Receives your email, name, profile picture, and OAuth tokens.
- Modal — runs the AI mastering job. Receives the audio file you upload for the duration of processing, then it's deleted per our retention windows below.
- Vercel Blob — cloud storage for Unlimited subscribers' mastered files. Receives the mastered output file only.
- Stripe — payment processor. Receives your card details, billing email, and the amount charged.
- Resend — email delivery. Receives your email address and the notification content when we send you a mastering-complete email.
- Linode — database host. Stores our Postgres database (accounts, subscriptions, referrals, usage logs).
- Vercel — website hosting and analytics. Receives standard server-access logs and aggregate page-view counts.
- Google Ads — used only to measure conversion of paid ads back to the site. No raw personal data is shared beyond what Google's pixel collects.
We may also disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of the Service or its users.
5. How long we keep it
- Free-tier audio files — deleted 24 hours after upload.
- Unlimited-plan files — kept as long as your subscription is active; deleted 30 days after cancellation.
- Account records (email, subscription status, referral code, usage counts) — kept while your account is active. Deleted within 30 days of account deletion, except where we're required to keep billing records for tax and accounting purposes.
- Email delivery logs — kept for 90 days for troubleshooting.
- Payment records — retained per Stripe's and applicable tax-law requirements (typically 7 years).
6. Cookies and local storage
We use only the cookies and local-storage entries we actually need:
pm_ref— remembers a referral code you arrived with, for 30 days.- Session cookies — set by Hexclave to keep you signed in.
- Theme preference — stored in your browser's local storage.
- Pending-download cache — stores a reference to your last mastered file in local storage so you can complete a sign-up-and-download flow that starts before you sign in. Cleared on click.
- Google Ads pixel — a conversion pixel from
googletagmanager.com, used only to measure ad conversions.
7. Your rights
You have the right to:
- Request a copy of the personal data we hold about you.
- Ask us to correct information that's inaccurate.
- Ask us to delete your account and associated data.
- Withdraw permission you previously granted (for example, by revoking Sign in with Google access from your Google Account settings).
- Opt out of Sign in with Google by revoking access at myaccount.google.com/connections.
- Lodge a complaint with a data-protection authority in your jurisdiction.
To exercise any of these rights, email teylersf@gmail.com. We aim to respond within 30 days.
8. Security
All traffic between your browser and our servers is encrypted in transit (HTTPS/TLS). Database credentials, API secrets, and OAuth client secrets are stored as environment variables in Vercel and never appear in our code repositories.
No system is perfectly secure. If we ever discover a breach that affects your data, we'll notify you and any relevant authorities as required by law.
9. Children
The Service is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us data, contact us and we will delete it.
10. Changes and contact
We may update this Policy from time to time. Material changes will be announced on this page and reflected in the “Last updated” date at the top.
Privacy questions? Email teylersf@gmail.com.