ToneFinder

Privacy Policy

Last updated: April 13, 2026

1. Introduction

This Privacy Policy explains how ToneFinder ("ToneFinder", "we", "us", or "our") collects, uses, shares, and protects personal information when you access or use our websites, applications, and related services (collectively, the "Service"). We act as the data controller of the personal information we process in connection with the Service. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We collect only the information we need to provide the Service. The categories of personal information we process are:

  • Account information: the identifiers you provide when you register, such as name and email address, and, if you choose to sign in through a federated identity provider, the basic profile information that provider returns to us.
  • Content you submit: the photographs, text, chat messages, signal chain configurations, and other materials you upload or create while using the Service.
  • Billing information: your subscription plan, billing status, and transaction records. Payment card details are collected and processed directly by our payment processor; we do not store full payment-card numbers.
  • Usage information: aggregate metrics about your use of the Service, such as feature usage counts and quota consumption, which we use to enforce plan limits and improve the Service.
  • Technical information: limited log and device data collected automatically when you interact with the Service, such as IP address, browser type, operating system, approximate location derived from your IP address, and timestamps. We use this information for security, diagnostics, and abuse prevention.
  • Communications: messages you send to us (for example, support requests) and our responses.

3. How We Use Your Information

We process personal information in order to:

  • provide, operate, and maintain the Service, including authenticating you and delivering the features you request;
  • generate AI-assisted output based on the content you submit;
  • process payments and manage your subscription;
  • communicate with you about the Service, including service announcements, security notices, and responses to your enquiries;
  • monitor and analyze the use of the Service in order to improve, secure, and optimize it;
  • detect, prevent, and investigate fraud, abuse, security incidents, and violations of our Terms of Service; and
  • comply with applicable legal, regulatory, and accounting obligations.

We do not sell your personal information, and we do not use the content you submit to train third-party artificial intelligence or machine-learning models for our own commercial benefit.

4. Legal Bases for Processing

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar requirements, we rely on the following legal bases under applicable data protection law: (i) performance of a contract, where processing is necessary to provide the Service you have requested; (ii) our legitimate interests in operating, securing, and improving the Service, where those interests are not overridden by your rights and freedoms; (iii) compliance with a legal obligation to which we are subject; and (iv) your consent, where required, which you may withdraw at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. Sharing and Disclosure

We share personal information only with the following categories of recipients, and only to the extent necessary:

  • Service providers and sub-processors acting on our behalf for functions such as hosting, authentication, storage, payment processing, email delivery, analytics, customer support, and security. These providers are contractually required to protect your information and to process it only for the purposes we specify.
  • AI model providers to whom we transmit the content and prompts necessary to generate the AI-assisted output you request. We select providers that contractually commit not to use your inputs or outputs to train their models for general commercial use.
  • Legal, regulatory, and law-enforcement authorities, where we are required or permitted by applicable law or legal process, or where disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.
  • Parties to a corporate transaction, such as a merger, acquisition, financing, reorganization, or sale of all or part of our business, in which case personal information may be transferred as part of that transaction, subject to the protections of this Privacy Policy.

We do not sell or rent personal information to third parties, and we do not share personal information for cross-context behavioral advertising. A list of our current sub-processors is available on request.

6. International Data Transfers

Our primary infrastructure is located within the European Union. Some of our service providers may process personal information in countries outside your jurisdiction, which may not offer the same level of data protection as your own. Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country that is not subject to an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with supplementary measures where necessary. A copy of the relevant safeguards is available on request.

7. Data Retention

We retain personal information only for as long as necessary for the purposes set out in this Privacy Policy. Account information and content you create are retained for as long as your account remains active. Photographs you upload for AI processing are retained only for as long as needed to perform the requested processing and are deleted shortly thereafter. Billing and transaction records are retained for as long as required by applicable tax, accounting, and anti-fraud laws. Log and security data are retained for a limited period sufficient to detect and investigate incidents. When you close your account, we delete or anonymize your personal information within a reasonable period, except where retention is required by law or is necessary to establish, exercise, or defend legal claims.

8. Your Rights

Subject to applicable law, you have the following rights in relation to your personal information:

  • the right to access the personal information we hold about you and to receive a copy in a portable format;
  • the right to have inaccurate or incomplete information corrected;
  • the right to request the deletion of your personal information;
  • the right to restrict or object to certain processing, including processing based on our legitimate interests;
  • the right to withdraw any consent you have provided, without affecting the lawfulness of prior processing;
  • the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you; and
  • the right to lodge a complaint with your local data protection supervisory authority.

You can exercise most of these rights directly from your account settings, including by deleting your account and the personal information associated with it. You may also contact us using the details at the end of this policy. Residents of California and of certain other U.S. states may exercise equivalent rights under applicable state privacy laws; we do not discriminate against users who exercise their privacy rights.

9. Cookies and Similar Technologies

We use a small number of cookies and similar technologies that are strictly necessary to authenticate you, remember your preferences, and keep the Service secure. Where required by applicable law, we also use analytics cookies to measure aggregate usage of the Service; these are set only with your consent and you may withdraw consent at any time through your browser settings or the in-product cookie controls. We do not use cookies for advertising, retargeting, or cross-site tracking.

10. Security

We implement appropriate technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption of data in transit and at rest, access controls, logging, and regular review of our security practices. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

11. Children

The Service is not intended for, and we do not knowingly collect personal information from, children under the age of sixteen (16), or a higher age of digital consent where applicable in your jurisdiction. If we learn that we have collected personal information from a child without the required consent, we will delete it without undue delay.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will provide reasonable prior notice through the Service or by email. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

13. Contact

If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us at privacy@tonefinder.io.