Privacy Policy

Effective May 17, 2026

This Privacy Policy explains what personal information CrazySound.ai collects when you use our website, generate audio with our tools, or contact our team, how we use that information, who we share it with, how long we keep it, and the choices you have. It applies to crazysound.ai and any subdomains, our APIs, and any feature labeled as part of the CrazySound platform.

1. Who we are

CrazySound.ai is operated by the team building the CrazySound brand (“CrazySound,” “we,” “us,” or “our”). For users in the European Economic Area, the United Kingdom, and Switzerland, CrazySound is the data controller for the information described in this policy unless we are acting as a processor under a written agreement with our business customer (see Data Processing Addendum).

2. Information we collect

2.1 Information you provide

  • Account information. When you sign up we collect your name, email address, and authentication identifiers from our third-party identity provider. We do not see or store your password.
  • Billing information. Payments are processed by a PCI DSS Level 1 third-party payment processor. We receive limited transaction data (amount, currency, last four digits, country, status) but we never receive or store your full card number, CVC, or bank credentials.
  • Content you submit. Prompts, business descriptions, edited scripts, voice selections, music selections, custom recording text, and any other inputs you provide to generate audio.
  • Communications. Messages you send to our support team, survey responses, and feedback.

2.2 Information we collect automatically

  • Usage data. Pages viewed, features used, generation counts, timestamps, and aggregated performance metrics. We use this to operate the service and improve product quality.
  • Device and connection data. Browser type and version, operating system, IP address (used briefly for security and abuse prevention), language preference, and approximate country (resolved from IP for currency and locale defaults — never stored as a precise location).
  • Cookies and similar technologies. See our Cookie Policy for details.

2.3 Information from third parties

  • Identity providers. If you sign in through a single sign-on (SSO) provider, our identity-and-authentication subprocessor relays your name, email, and a unique identifier to us.
  • Payment processor. Our payment processor shares transaction metadata and fraud signals.
  • Public sources. If you supply a business name in a prompt, our AI may reference publicly available information about that business to generate the script. We do not query private databases.

3. How we use information

We use personal information to:

  • Provide, operate, and maintain the service.
  • Generate the audio outputs you request (which requires sending prompts and selections to our AI subprocessors listed in Section 5).
  • Process payments and prevent fraudulent transactions.
  • Communicate with you about your account, billing, security events, and material changes to the service.
  • Improve the product through aggregate analytics (e.g., median render time, error rates by route).
  • Enforce our Terms of Service and Acceptable Use Policy, including investigating reports of abuse.
  • Comply with legal obligations.
We do not train AI models on your content.Prompts and generated audio are sent to our AI inference subprocessors under enterprise terms that prohibit those vendors from training their models on our customers' content. We do not ourselves train any model on customer content.

4. Legal bases (EEA, UK, Switzerland)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract for account creation, generation, billing, and core service delivery.
  • Legitimate interests for product analytics, fraud prevention, and operational security. Our legitimate interests are balanced against your privacy rights and you can object at any time.
  • Consent for optional marketing communications and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation for tax, accounting, and mandatory disclosures.

5. Subprocessors and sharing

We share personal information with vetted subprocessors only as necessary to operate the service. We use the following categories of subprocessor, all of which are bound by written data-processing terms no less protective than this policy and hold current third-party security attestations:

  • Cloud infrastructure providers. Edge hosting, DDoS protection, content delivery, and object storage. Hold SOC 2 Type II, ISO 27001, and PCI DSS Level 1 attestations.
  • Managed database provider. Hosts the primary relational database in the United States. SOC 2 Type II.
  • Identity and authentication provider. Account creation, sign-in, MFA, and SSO. SOC 2 Type II.
  • Payment processor. Card processing, tax calculation, and fraud prevention. PCI DSS Level 1 and SOC 2 Type II. We never receive or store your card number, CVC, or bank credentials.
  • AI inference providers.Large-language-model inference, text-to-speech, translation, and music generation. Bound by enterprise data-processing terms that prohibit training their models on our customers' content.
  • Email and transactional messaging provider. Account, billing, and security notifications.

A current, named list of our subprocessors with their jurisdictions and the categories of personal data each processes is provided to Customers under our Data Processing Addendum, or on written request to legal@crazysound.ai under a mutual non-disclosure agreement.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We may disclose information to comply with valid legal process, to enforce our agreements, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets (with notice to affected users).

6. International transfers

We are headquartered in the United States and most of our subprocessors are US-based. When we transfer personal data from the EEA, UK, or Switzerland to the US, we rely on the European Commission's Standard Contractual Clauses (and the UK addendum where applicable), supplemented by additional technical measures including encryption in transit and at rest.

7. Retention

  • Account data. Retained while your account is active and for up to 24 months after deletion to satisfy tax, accounting, and dispute-resolution obligations.
  • Generated content. Stored while your account is active. You can delete individual projects from your library at any time; deleted projects are purged from primary storage within 30 days and from backups within 90 days.
  • Payment records. Retained for 7 years as required by US and EU tax law.
  • Server logs. Retained for up to 90 days for security and debugging, then deleted or anonymized.

8. Your rights

Depending on where you live, you may have the right to: access the personal information we hold about you; correct inaccurate information; request deletion; restrict or object to certain processing; receive a portable copy of your data; and lodge a complaint with a supervisory authority. California residents have additional rights under the CCPA/CPRA including the right to know, delete, correct, and opt out of certain sharing.

To exercise any of these rights, email privacy@crazysound.ai. We respond within 30 days (45 days for complex requests, with notice). We will verify your identity through your registered email before acting on the request.

9. Children

CrazySound is not intended for and is not directed at children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it promptly.

10. Security

We take reasonable and appropriate technical and organizational measures to protect personal information. See our Security page for current practices. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you and the relevant authorities within the timeframes required by applicable law.

11. Changes to this policy

We may update this policy from time to time. When we make material changes we will notify registered users by email and post a notice on the site at least 14 days before the change takes effect. The “Effective” date at the top of this page reflects the most recent revision.

12. Contact

Questions about this policy, or to exercise a privacy right, email privacy@crazysound.ai. General legal inquiries: legal@crazysound.ai.