Privacy Policy

• Mastering & Anti-AI processing run locally in your browser. AI detection scanning sends a temporary upload that's deleted immediately after analysis (see “Your Audio Files” below).
• We collect only what we need: Google account info (if you sign in), credit balance, and transaction history.
• We do not sell your data. We do not run third-party advertising trackers.
• You can request deletion of your account and all data at any time.

We do not upload, store, or process your audio files on our servers. All mastering, Anti-AI processing, and AI detection analysis runs entirely in your browser using WebAssembly.

The only thing we receive related to your audio is the AI detection score (a number between 0 and 1) when our scanner runs against the SpecTTTra service — and even that is computed from a temporary upload that is deleted immediately after analysis. The audio itself is never persisted, never logged, and never reviewed by humans.

We collect the following categories of information:

Account information. When you sign in with Google, we receive and store: your Google account ID, email address, display name, and profile photo URL.

Billing information. Credit balance, subscription status, and transaction history (PayPal order IDs, amounts, dates). We never receive or store your payment card details — those are handled exclusively by PayPal.

Technical logs. Standard server logs including IP address, user agent, request paths, response status codes, and timestamps. Used for security monitoring, abuse prevention, and debugging.

Support correspondence. If you email us or use the contact form, we store the message content and your reply address so we can help you.

We use the data we collect only to:

• Operate the Service (authenticate you, track credit balance, deliver downloads)
• Process payments and issue refunds
• Respond to support requests
• Detect and prevent abuse, fraud, and security incidents
• Comply with legal obligations

We do not use your data for advertising profiling, machine-learning model training, or any purpose unrelated to operating the Service.

We use a small number of cookies and browser storage entries — only what is necessary to operate the Service:

• Session cookie — keeps you signed in. HTTP-only, SameSite=Lax, secure.
• CSRF token — protects against cross-site request forgery on form submissions.
• Local storage — stores your UI preferences (language toggle, last-used preset). Never sent to our servers.

We do not use third-party analytics cookies (Google Analytics, Facebook Pixel, etc.) or advertising trackers.

We share limited data with the following third-party processors, only as required to operate the Service:

• Google — for OAuth sign-in. Google receives a request from you to authenticate; we never share data with Google beyond what their OAuth flow requires.
• PayPal — for payment processing. PayPal receives the order amount and your PayPal account email. We never see your card details.
• Cloudflare — for CDN, DDoS protection, and TLS termination. Cloudflare may log standard request metadata (IP, user agent, path).
• Hetzner — our hosting provider. Server logs are stored on infrastructure they operate.
• Email provider — for transactional email (receipts, support replies). We use a provider that processes email content only as needed to deliver it.

We do not sell, rent, or trade your personal data to any third party.

We retain your account data for as long as your account is active. After you delete your account, we remove personal information within 30 days, except where a legal obligation (tax records, dispute resolution) requires longer retention.

Server logs are retained for up to 30 days, then automatically deleted. Support correspondence is retained for 12 months by default.

If you are located in the European Union, United Kingdom, California, or another jurisdiction with comprehensive privacy law, you have the following rights:

• Access — request a copy of the data we hold about you
• Correction — ask us to fix inaccurate data
• Deletion — ask us to delete your data (“right to be forgotten”)
• Portability — receive your data in a machine-readable format
• Objection — object to certain types of processing
• Withdraw consent — for any processing based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

California residentsadditionally have the right to opt out of the “sale” of personal information under the CCPA. We do not sell personal information, so this right does not apply, but you may still contact us with any concerns.

We protect your data with industry-standard measures: TLS 1.3 for all traffic, encrypted storage at rest, principle-of-least-privilege access controls, and regular security review.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at [email protected].

Anti-AI Master is operated from infrastructure located in Europe. If you access the Service from outside the European Economic Area, your data may be transferred to, stored, and processed in countries with different data protection laws than your own. We rely on Standard Contractual Clauses or equivalent legal mechanisms to ensure adequate protection during international transfers.

The Service is not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it. If you believe a child has provided us with personal information, please contact us at [email protected].

We may update this Privacy Policy from time to time. We will post the revised policy at this URL with an updated effective date. For material changes, we will make reasonable efforts to notify active users by email.

For privacy questions, data requests, or to report a concern: