Skip to content

Privacy Policy

Last updated: 2026-05-18

EasyJam ("EasyJam", "we", "us", or "our") operates the website at easyjam.ai and the applications and APIs hosted under that domain (collectively, the "Service"). This Privacy Policy explains what personal information we collect when you use the Service, how we use and share that information, what choices you have about it, and how we protect it. By creating an account or using the Service you confirm that you have read and understood this policy.

EasyJam is operated as a sole-developer project. If you have any privacy question that is not answered by this policy, write to us at privacy@easyjam.ai and we will respond within a reasonable period.

1. What we collect

We collect the following categories of personal information directly from you:

  • Account information — your email address and a hashed password when you register. Optionally a display name. We do not require, store, or process government identifiers.
  • Authentication tokens — a short-lived JSON Web Token access credential held in memory by your browser and a longer-lived refresh token delivered as an HttpOnly secure cookie. These are necessary to keep you signed in across page loads.
  • Billing information — if you upgrade to a Pro subscription, all card data is collected and stored by Stripe. We never see your card number, CVC, or full billing address. We retain only your Stripe customer identifier, the subscription status, the price identifier you selected, and the timestamps that govern your subscription lifecycle.
  • User-generated content — saved licks, riffs, melodies, exercises, practice notes, generated backing tracks, transcription artefacts, and any other material you create or upload while using the Service.
  • Audio uploads — short audio clips you submit to features such as transcription or audio-lick generation. These are processed transiently and either discarded immediately after the response or retained as part of the artefact you saved.
  • Support correspondence — messages you send us by email or via the in-app feedback form, including any rating, free-text comment, and the email address from which the message was sent.

We collect the following categories automatically:

  • Usage telemetry — pages visited, features invoked, session duration, broad device class, browser family, and approximate timezone. We use this to operate, debug, and improve the Service.
  • Analytics events — anonymised page view and interaction events sent to Google Analytics 4.
  • Advertising signals — if you are on the Free plan and you have consented, Google AdSense sets cookies on your device to deliver and measure advertising.

We do not knowingly collect personal information from children under the age of 13. If you believe a child has registered for the Service, contact us and we will delete the account.

2. How we use your information

We use the information described above to:

  • Provide and operate the Service, including authenticating you, saving your work, and rendering the user interface tailored to your account.
  • Generate music content on your behalf using AI providers (Anthropic, Replicate, kie.ai, ElevenLabs) where features require an external generative model. We pass only the prompt and any parameters required to fulfil the request; we do not transmit your email address or password.
  • Transcribe audio you submit using YourMT3 hosted on Modal.com, or BS-RoFormer for stem separation. The audio is sent over an encrypted connection for processing and is not retained by the transcription service beyond the immediate processing window.
  • Store generated audio artefacts in Cloudflare R2 object storage with restricted access.
  • Bill you for Pro subscriptions through Stripe, including issuing receipts and processing renewals or cancellations.
  • Send transactional email — email verification, password reset, invitation acceptance, billing receipts — via the Resend email service.
  • Detect and prevent abuse, including rate limiting, fraud detection, and account-takeover detection.
  • Comply with legal obligations and respond to lawful requests from competent authorities.
  • Communicate with you about material changes to the Service or to this policy.

We do not sell your personal information. We do not use your personal information to train any third-party machine-learning models. We do not run advertising profiling on signed-in account data — advertising cookies operate only on the AdSense platform and only when you have consented.

3. Third-party processors

The following third-party services receive personal data on our behalf, each acting as a processor under our instructions:

  • Stripe, Inc. — payment processing. Subject to Stripe's privacy policy at stripe.com/privacy.
  • Resend — transactional email delivery.
  • Cloudflare, Inc. — content delivery, DDoS protection, and R2 object storage for audio artefacts.
  • Render Services, Inc. — backend application hosting.
  • Modal Labs — on-demand GPU execution for music transcription (YourMT3+) and stem separation (BS-RoFormer).
  • Replicate — on-demand inference for audio-lick generation, MusicGen-Chord backing tracks, and AI sample generation.
  • kie.ai — Suno-powered backing-track generation when you use the AI Jam feature.
  • ElevenLabs — alternative backing-track and audio generation provider.
  • Anthropic PBC — AI Music Teacher chat and AI lick explanations.
  • Google LLC — Google Analytics 4 for anonymised analytics and Google AdSense for advertising on the Free plan.

We have data-processing agreements or equivalent contractual safeguards with each processor where required. Where a processor is located outside the European Economic Area, transfers rely on Standard Contractual Clauses or an equivalent transfer mechanism.

4. Cookies and similar technologies

We use two categories of cookies and local storage:

  • Strictly necessary — an HttpOnly refresh-token cookie that keeps you signed in, and a small amount of local-storage preference data such as your selected instrument, theme, and last-used scale. These do not require consent.
  • Analytics and advertising — Google Analytics 4 and, on the Free plan, Google AdSense. These load only after you have accepted the cookie consent banner, and you can withdraw consent at any time from the same banner or from your account settings.

You can additionally manage Google's use of advertising cookies at adssettings.google.com, opt out of third-party vendor cookies for personalised advertising at aboutads.info/choices (US) and youronlinechoices.eu (EU), and read how Google uses data from sites that use its services at policies.google.com/technologies/partner-sites. Where you have not consented, AdSense serves non-personalised ads only.

5. Data retention

We retain personal data for as long as you have an active account. When you delete your account, we permanently delete account data, saved licks, saved riffs, and stored audio artefacts within 30 days. Anonymised analytics events may be retained longer in aggregate form. Shared public artefacts (for example, a public share URL for a lick) are decoupled from your account and may persist after deletion unless you request individual removal.

Stripe retains billing records for the period required by financial-services regulations, regardless of your account deletion.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction or deletion of inaccurate or unlawfully processed data.
  • Object to or restrict processing based on legitimate interests.
  • Receive a portable copy of your data in a machine-readable format.
  • Withdraw any consent you have previously given (including cookie consent).
  • Lodge a complaint with the supervisory authority in your country.

To exercise any of these rights write to privacy@easyjam.ai. We will respond within 30 days. If the request is complex or numerous we may extend this period by a further 60 days and will tell you why.

For users resident in California: you have the right to know what categories of personal information we collect, the right to delete personal information we have collected, the right to opt out of any sale or sharing of personal information (we do not sell or share for cross-context behavioural advertising), and the right to non-discriminatory treatment for exercising these rights.

7. Security

We protect personal information using HTTPS in transit, encryption at rest where the underlying storage supports it, hashed passwords (using a modern key-derivation function), short-lived access tokens, and HttpOnly secure refresh-token cookies. Access to production systems is limited to the developer using multi-factor authentication. If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware of it, as required by applicable law.

8. International transfers

Our infrastructure runs on hosts located in the United States and the European Union. Where personal data is transferred outside your country of residence, the transfer is protected by Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, or equivalent safeguards.

9. Changes to this policy

We may update this policy from time to time. If we make a material change we will notify registered users by email and post a banner on the Service. The "Last updated" date at the top of the document reflects the most recent version. Continued use of the Service after the effective date of a change constitutes acceptance of the revised policy.

10. Contact

Privacy questions, deletion requests, data-portability requests, and general feedback: privacy@easyjam.ai.