Privacy Policy
Last updated 2026-04-19 · Beta preview copy, pending legal review.
1. Data we store
- Account data (email, ID) via Clerk.
- Uploaded media (songs, images, reference videos) in encrypted object storage.
- Project + session metadata (segments, prompts, director history, generated variants).
- Billing records: Stripe customer ID, wallet balance, transaction history. Card details remain with Stripe.
- Operational logs (request traces, error events) retained up to 30 days.
2. Third-party processors
- Clerk — authentication.
- Stripe — payments.
- FAL.ai — model inference. Uploaded media is sent to FAL for processing and cached for up to 24h.
- OpenRouter / Azure / Fireworks — LLM inference for the director and song analyzer.
- Resend — transactional email.
- Render — hosting + managed Postgres.
3. Use of your data
We use your data to operate the service. We do NOT train our own models on your uploads or generated outputs. Third-party model providers may retain prompts and responses per their own policies — see FAL.ai and your chosen LLM provider for specifics.
4. Retention + deletion
You can delete your account and all associated project data at any time. Billing transaction records are retained for 7 years for tax and audit purposes; all other data cascades on deletion.
Initiate deletion by emailing privacy@wavhook.com or calling the DELETE /api/user/me endpoint from an authenticated session.
5. Your rights (GDPR / CCPA)
Residents of the EU, UK, and California may request access to, correction of, or deletion of their personal data. Email the privacy contact above; we respond within 30 days.
6. Cookies
We use only essential cookies required for session auth (Clerk) and CSRF protection. No third-party analytics or advertising trackers.
7. Contact
Privacy team: privacy@wavhook.com. Terms of service: /terms.