Privacy Policy

Effective Date: April 25, 2026 · Last Updated: April 25, 2026 · Supersedes prior version dated April 9, 2026

I. Information We Collect

We collect the following categories of information. Where information can be linked to an identifiable individual, we treat it as Personal Information.

A. Information You Provide

We collect the following Personal Information directly from you when you register for an account or otherwise interact with the Service:

• Email address. Used as your account identifier, for transactional communications (e.g., password reset codes), and for legally required notices.
• Account credentials. If you sign up using email and password, we store your password as a salted hash — we never store the plaintext. If you sign in with Apple, Apple provides us a stable opaque identifier and (optionally) a relayed-email address; we do not receive your Apple ID password.
• Date of birth, month and year only. At account creation we collect the month and year of your date of birth (we do not collect day) for two purposes only: (i) to confirm that you are at least 13 years old, which is the minimum age to use the Service; and (ii) to derive an "is under 18" flag that determines whether to apply the privacy-protective defaults described in §IV.B. We do not use date of birth for personalization, marketing, or any other purpose. See §VI for retention.
• Display name and avatar selection. If you choose to set a display name, you may enter any short string. We recommend not entering your real name. The avatar, if any, is selected from a fixed Louder-provided set; you cannot upload a photograph.
• Communications. If you contact us at support@getlouder.ai, privacy@getlouder.ai, or legal@getlouder.ai, we receive the contents of your message together with your email address.

We do not currently collect payment or billing information, because the Service is offered free of charge in version 1.0. If we introduce paid features, all billing will be processed by Apple's In-App Purchase system; we will not receive your payment-card number.

B. Information Collected Automatically

When you access or use the Service, we (or our sub-processors, on our behalf) automatically collect:

• Device and connection information. Device type, operating system and version, App version, screen size, time zone, language, and a coarse approximation of country derived from your IP address. We do not collect precise location, GPS coordinates, or background location.
• Log and diagnostic data. IP address (used for security and abuse prevention), access timestamps, request paths, and error / crash reports. Crash reports may include the App's stack trace at the moment of the crash; we scrub user-identifying values before they are sent to our crash-monitoring sub-processor.
• Usage data, only for accounts not subject to minor defaults. For accounts whose date of birth indicates the holder is 18 or older, and only for those accounts, we record what tracks were played and for how long, in order to surface recently played tracks and to power general analytics about which tracks listeners engage with most. Accounts whose date of birth indicates the holder is under 18 do not have listening history recorded; see §IV.B.
• Derived state. We compute and store an "age_verified_at" timestamp (the time you completed the date-of-birth attestation) and a derived "is_minor" flag (true while the account's date of birth indicates the holder is under 18, false otherwise). The "is_minor" flag is forwarded to our feature-flag sub-processor (LaunchDarkly) so that it can return the appropriate minor-aware variant of features to the App; no other identifier is forwarded.

Where any of the foregoing can be linked to an identifiable individual, we treat it as Personal Information for purposes of this Policy.

C. Information We Do Not Collect

To make our practices unambiguous, we expressly do not collect any of the following:

• Personal information of anyone under the age of 13. We do not knowingly collect, solicit, or maintain any Personal Information from a child under 13. If an account holder declares an age under 13 at the date-of-birth attestation screen, we reject the signup attempt, do not provision an account, and purge any user-scoped data associated with the attempt within 24 hours of the attestation. See §IV.A.
• Precise (GPS) or background location, or any device-level location services.
• Photographs, voice recordings, biometric identifiers, or government-issued IDs.
• Contact lists, calendar data, or content from other apps.
• Information from advertising networks, identity-resolution services, or data brokers. We do not buy data about you from third parties.
• Any information we have not described in §I.A or §I.B of this Policy.

D. Listener Profile Information

The Service allows you, as an account holder, to create one or more “Listener Profiles” within your account. A Listener Profile is a per-listener container that lets you tailor music selection — for example, a calm bedtime profile for one listener and an upbeat playtime profile for another. You may create, edit, rename, or delete Listener Profiles at any time from within the App.

For each Listener Profile, we store only the following two fields, both supplied by you:

• A display name, which is a short string (up to 40 characters) that you type into the App. We recommend you do not use a real legal name; if you use a real first name or a nickname, you do so at your discretion.
• An avatar, which is a selection from a fixed Louder-provided set of icons. You cannot upload a photograph or any other custom image.

We do not ask for, present a field for, or otherwise solicit any other information about a listener-subject when you create or edit a Listener Profile. In particular, we do not collect, in connection with any Listener Profile: a real legal name, an exact birthdate or exact age, an age range or age bucket of the listener-subject, a photograph, voice recording, or other biometric identifier, contact information, location data, or any government-issued identifier.

Provided by the account holder. All Listener Profile information is created and edited by you, the account holder, on your own behalf or on behalf of another listener (such as a member of your household) for whom you have authority to provide that information. You represent and warrant that (i) the information you enter does not, by itself or in combination, enable identification of any minor in any way that creates privacy risk for that minor, (ii) you have the authority to provide it on behalf of any third-party listener, and (iii) you will not enter information that violates the rights of any third party. For purposes of this Policy, the account holder — not the listener-subject — is the data subject in respect of Listener Profile information.

How we treat Listener Profile data. Listener Profile information is treated as the account holder's User Content under the Terms of Service and is governed by this Policy. It is stored under your account, is not enriched against external data sources, is not sold, is not used for targeted advertising, and is not used to train third-party AI models. The display name and avatar are not used to derive any behavioral, demographic, or inferred profile of the listener-subject.

Listening history within Listener Profiles. If your account is subject to the privacy-protective minor defaults described in §IV.B (i.e., the account holder's date of birth indicates the holder is under 18), no listening history is recorded for any Listener Profile under that account. If your account is not subject to those defaults, listening history may be recorded against the active Listener Profile in order to surface recently played tracks; this history is account-scoped, is governed by §I.B, and is purged on account deletion.

Deletion. Deleting a Listener Profile from within the App removes its display name, avatar, and any associated listening history (if any was recorded under §I.B) from our active production systems. Deleting your account deletes every Listener Profile on the account along with all other user-scoped data, on the schedule described in §VI.

II. How We Use Your Information

We use the information we collect solely for the following purposes:

• To provide, maintain, and improve the Service
• To process transactions and send related information, including confirmations and invoices
• To create and manage your account
• To communicate with you, including responding to your inquiries and sending service-related notices
• To detect, prevent, and address technical issues, fraud, and security concerns
• To comply with legal obligations and enforce our Terms of Service
• To conduct analytics and research to improve the Service (using aggregated or de-identified data where possible)

We do NOT use your Personal Information for targeted advertising. We do NOT sell, rent, or trade your Personal Information to third parties for their marketing purposes.

III. How We Share Your Information

We do not sell your Personal Information. We may share your information only in the following limited circumstances:

A. Service Providers (Sub-Processors)

We share information with third-party service providers ("sub-processors") who perform services on our behalf. Each sub-processor is bound by a written data processing agreement that limits their use of Personal Information to the specific service we engage them for, prohibits use of your data for their own purposes, and requires them to apply security controls at least as protective as those described in this Policy. As of the Effective Date of this Policy, our sub-processors are:

• Supabase, Inc. (United States) — primary backend. Provides authentication (email + password and Sign in with Apple), the PostgreSQL database that stores account records (email, hashed password, month/year of birth, derived is_minor flag, and, for non-minor accounts only, listening history), and Edge Functions used to perform account deletion. Receives all Personal Information described in §I.A and §I.B of this Policy.
• Functional Software, Inc. d/b/a Sentry (United States) — error and performance monitoring. Receives crash reports, stack traces, and scrubbed diagnostic context. We do not forward your email address, password, date of birth, or listening history to Sentry. We use Sentry's PII-scrubbing features.
• LaunchDarkly, Inc. (United States) — feature-flag delivery. Receives an opaque per-user identifier, platform/version metadata, and the derived is_minor flag described in §I.B. The is_minor flag enables the server to return the privacy-protective minor variant of features. We do not forward your email address, your date of birth, your name, or any content you have interacted with.
• Vercel Inc. (United States) — static hosting for our public website at getlouder.ai (this page, the Terms of Service, and the marketing page). Receives standard HTTP request metadata (IP address, user agent) only for the duration needed to serve the page. Vercel does not have access to App data.
• Apple Inc. (United States) — App Store distribution, Sign in with Apple authentication, and (in any future paid version) In-App Purchases. Apple's processing is governed by Apple's own privacy policy.
• Google LLC (United States) — delivery of the Google Fonts typography used on our public website. Receives standard HTTP request metadata only; no account data is shared. Google Fonts is not used inside the App.

We will update this list when we add, remove, or materially change sub-processors. We do not share Personal Information with any third party for that third party's own advertising, analytics, or marketing. We do not use any analytics sub-processor (e.g., Google Analytics, Amplitude, Mixpanel) in version 1.0 of the App.

B. Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to: (a) comply with a legal obligation, court order, or legal process; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of Users or the public; or (e) protect against legal liability.

C. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service prior to such a transfer and before your Personal Information becomes subject to a different privacy policy. You will have the opportunity to opt out of having your information transferred to the acquiring entity where legally required.

D. With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

E. Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, for purposes such as industry analysis, research, and Service improvement.

IV. Children's and Teens' Privacy

A. Users Under 13: COPPA Compliance

The Service is not directed to children under the age of 13. We do not knowingly collect, solicit, or maintain Personal Information from any user under the age of 13. We comply with the U.S. Children's Online Privacy Protection Act ("COPPA") (15 U.S.C. §§ 6501–6506) and its implementing regulation (16 C.F.R. Part 312).

To enforce that floor in operation:

• At account creation, we present an age-attestation screen that requires the prospective account holder to enter the month and year of their date of birth before any account is provisioned.
• If the entered date of birth indicates that the prospective account holder is under 13, we (i) do not provision an account, (ii) display an inline message explaining that we are not able to create an account with those details, and (iii) initiate an asynchronous purge of any user-scoped data that may have been written to our backend during the signup attempt (for example, an authenticated session, an empty accounts row, or a draft profile). The purge is best-effort and runs within 24 hours of the rejected attestation.
• We do not retain the attempted user's email address, the entered date of birth, or any associated session token after the purge completes.

If you are a parent or guardian and believe that your child under the age of 13 has provided us with Personal Information notwithstanding the controls described above (for example, by misstating their age at signup), please contact us at privacy@getlouder.ai with the email address you believe was used. We will promptly verify, delete the account, and purge the associated user-scoped data.

B. Users Aged 13–17: California Age-Appropriate Design Code Defaults

The California Age-Appropriate Design Code (Cal. Civ. Code § 1798.99.28 et seq., the "AADC") imposes heightened privacy obligations on online services accessed by users under 18. Without conceding that the AADC applies to a given account, we have elected to apply the following privacy-protective defaults to every account whose date of birth indicates the holder is under the age of 18, and to every unauthenticated session, regardless of geographic location:

• No listening-history retention. We do not record what tracks were played, how long they were played, or when. The "Recently Played" surface in the App is hidden for these accounts.
• No personalized recommendations. The "For You" feed and any other personalized surface defaults to a generic curated set of popular tracks. We do not build, train, or apply any behavior-derived profile for these accounts.
• No behavioral profiling for advertising or marketing. We do not use information about these accounts for advertising or marketing of any kind.
• Minor-aware feature delivery. The derived is_minor flag described in §I.B is forwarded to LaunchDarkly so that any feature gated by LaunchDarkly returns its minor-safe variant. The flag is not used for any other purpose and is not forwarded to any other sub-processor.
• Default highest-privacy posture. Where a privacy-affecting setting is offered, the default for these accounts is the most privacy-protective option. The account holder may opt to relax a default, but we do not relax defaults automatically.

When an account holder's birthday causes the account to cross from "under 18" to "18 or older," the privacy-protective defaults remain in effect until the account holder affirmatively opts in to a less privacy-protective setting. Crossing the 18-year threshold does not retroactively create a listening-history record for the period during which one was not maintained.

A parent or legal guardian of an account holder under the age of 18 may, at any time, contact us at privacy@getlouder.ai to request access to, correction of, deletion of, or restriction of processing of, that account holder's information. We will treat such a request with the same priority and within the same timeframes as a request from the account holder.

V. Your Rights Regarding Your Personal Information

Depending on your jurisdiction, you may have certain rights with respect to your Personal Information. We honor the following rights for all Users, regardless of location, to the maximum extent practicable:

A. Right to Access

You have the right to request a copy of the Personal Information we hold about you.

B. Right to Correction

You have the right to request correction of any inaccurate Personal Information we hold about you.

C. Right to Deletion

You have the right to request that we delete your Personal Information, subject to certain legal exceptions (e.g., where retention is required by law).

D. Right to Data Portability

You have the right to request a copy of your Personal Information in a structured, commonly used, and machine-readable format.

E. Right to Restrict Processing

You have the right to request that we restrict the processing of your Personal Information in certain circumstances.

F. Right to Object

You have the right to object to our processing of your Personal Information, including for direct marketing purposes.

G. Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

H. Right to Opt Out of Sale

We do not sell your Personal Information. However, to the extent any future practice could be construed as a "sale" under applicable law (including the California Consumer Privacy Act), you have the right to opt out.

I. Right to Non-Discrimination

We will not discriminate against you for exercising any of the rights described above.

To exercise any of these rights, please contact us at privacy@getlouder.ai. We will respond to your request within the timeframes required by applicable law (generally within 30 days, or 45 days under the CCPA). We may require verification of your identity before processing your request.

VI. Data Retention

We retain Personal Information only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When your information is no longer needed, we will securely delete or anonymize it.

Specifically:

• Account information (email, hashed password, month/year of birth, display name, derived flags) is retained for the duration of your account and for up to 30 days thereafter to allow for account recovery.
• Listening history (where collected at all — see §I.B and §IV.B, collected only for accounts whose date of birth indicates the holder is 18 or older) is retained for no more than 12 months in identifiable form, after which it is aggregated or deleted.
• Crash and diagnostic data sent to Sentry is retained according to Sentry's default retention period (currently 90 days).
• Communications you send to us at our published email addresses are retained for as long as needed to resolve the inquiry and to maintain our records of our handling of the inquiry.
• Attempted under-13 signup data. If a prospective account holder attests to a date of birth indicating they are under the age of 13, we initiate an asynchronous purge of any user-scoped data written during the signup attempt within 24 hours of the attestation. See §IV.A.
• Account deletion. Upon your request to delete your account — available in-app from Account → Delete Account, or by emailing privacy@getlouder.ai — we delete your account row, listening history (if any), profile data, and all other user-scoped data from our active production systems within 30 days. Backups taken before the deletion request may retain residual copies for up to 90 days, after which they are overwritten in the normal course of backup rotation.
• Payment records. We do not currently collect payment records. If we introduce paid features, payment records will be retained as required by applicable tax and financial regulations.

VII. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., pixels, local storage) to operate and improve the Service. The types of cookies we use include:

• Strictly Necessary Cookies: Required for the Service to function (e.g., authentication, security). These cannot be disabled.
• Analytics Cookies: Help us understand how Users interact with the Service so we can improve it. These are only placed with your consent where required by law.

We do NOT use advertising or third-party tracking cookies. We do not allow third-party advertisers to place cookies through our Service.

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Service. Where required by applicable law, we will obtain your consent before placing non-essential cookies.

We honor "Do Not Track" browser signals and Global Privacy Control (GPC) signals, treating them as valid opt-out requests under applicable privacy laws.

VIII. How We Protect Your Information

We implement industry-standard administrative, technical, and physical security measures to protect your Personal Information from unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee access limitations on a need-to-know basis
• Incident response procedures for data breaches

While we strive to use commercially reasonable means to protect your Personal Information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected Users and applicable regulatory authorities in the event of a data breach, as required by applicable law.

IX. International Data Transfers

Louder Technology, Inc. is based in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

Where we transfer Personal Information from the European Economic Area ("EEA"), the United Kingdom, or Switzerland to a country that has not received an adequacy decision from the relevant authority, we will implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure that your Personal Information is adequately protected.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we operate, subject to the protections described in this Privacy Policy.

X. Additional Rights for EEA, UK, and Swiss Users

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following additional provisions apply:

A. Legal Basis for Processing

We process your Personal Information on the following legal bases under the General Data Protection Regulation ("GDPR"):

• Contract: Processing necessary to perform our contract with you (i.e., providing the Service).
• Legitimate Interests: Processing necessary for our legitimate interests (e.g., improving the Service, security), provided those interests are not overridden by your rights.
• Consent: Where you have given explicit consent (e.g., for non-essential cookies).
• Legal Obligation: Where processing is necessary to comply with a legal obligation.

B. Data Protection Officer

For any questions regarding our data protection practices, please contact us at privacy@getlouder.ai.

C. Supervisory Authority

If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your Personal Information violates applicable law.

XI. Additional Rights for California Residents

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"):

• Right to Know: You may request disclosure of the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we have shared it.
• Right to Delete: You may request deletion of your Personal Information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate Personal Information.
• Right to Opt Out of Sale/Sharing: We do not sell or share your Personal Information for cross-context behavioral advertising. Should this change, we will provide a clear opt-out mechanism.
• Right to Limit Use of Sensitive Personal Information: We only use sensitive Personal Information as necessary to provide the Service.

To exercise these rights, contact us at privacy@getlouder.ai. We will not discriminate against you for exercising your CCPA/CPRA rights. We may verify your identity before fulfilling your request. You may designate an authorized agent to make a request on your behalf.

In the preceding 12 months, we have collected the following categories of Personal Information: identifiers (name, email address), commercial information (transaction records), and internet or network activity information (usage data). We have not sold Personal Information to any third party.

XII. Links to Other Websites and Services

The Service may contain links to third-party websites, applications, or services that are not owned or controlled by Louder Technology, Inc. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We strongly encourage you to review the privacy policy of every site you visit. This Privacy Policy applies solely to information collected through our Service.

XIII. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will notify you by: (a) sending an email to the address associated with your account, and (b) posting a prominent notice on our Site and/or App, at least 30 days before the changes take effect. Non-material changes or clarifications will take effect immediately upon posting.

Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the revised terms. If you do not agree with the revised Privacy Policy, you must stop using the Service and may request deletion of your account and Personal Information.

We encourage you to periodically review this page for the latest information on our privacy practices.

XIV. Governing Law and Dispute Resolution

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions, except where overridden by mandatory local law (including the GDPR for EEA/UK Users).

Any disputes arising out of or relating to this Privacy Policy shall be resolved through binding arbitration in Santa Clara County, California, in accordance with the rules of the American Arbitration Association, except where prohibited by applicable law. Nothing in this section shall prevent either party from seeking injunctive or equitable relief in a court of competent jurisdiction.

XV. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Louder Technology, Inc.
Attn: Privacy Officer
200 Infinity Way, Suite 2239
Mountain View, CA 94043
United States
Email: privacy@getlouder.ai
Phone: (919) 830-8627

We will endeavor to respond to all inquiries within 30 days of receipt.