Last updated: May 28, 2026
This Privacy Policy explains how Sonusly collects, uses, discloses, retains, and protects information when you use sonusly.com and related services. Sonusly is an independent music-industry discussion platform with public posts, replies, AI-assisted features, credits, tips, job posts, profile pages, saved posts, voting, flagging, and supported imports from shared links.
This Policy is part of our Terms of Service. If you do not agree with this Policy, do not use Sonusly.
Controller / operator: Sonusly is operated by Lorenzo Schiavone. Contact us at contact@sonusly.com.
Sonusly is a public discussion platform. Public posts, public replies, public AI replies, usernames, karma, join dates, profile bios, saved public posts, job posts, source links, vote totals, timestamps, and other public activity may be visible to anyone and may be indexed, cached, copied, archived, or appear in search engines and AI search or chatbot tools.
We collect information needed to operate Sonusly, including account information, public content, private AI prompts, credits and payment metadata, technical logs, analytics, security signals, and support messages.
Credit purchases are processed by third-party checkout providers such as Polar. We may receive payment-related metadata needed to grant, reconcile, refund, prevent fraud, and audit credits, such as checkout ID, order ID, customer ID, customer email, product ID, purchase amount, currency, refund amount, payment status, and metadata connecting the purchase to your Sonusly account.
Payment card details are handled by the payment provider and are not stored by Sonusly.
Sonusly uses cookies, local storage, and similar technologies for authentication, session continuity, preferences, security, checkout flows, analytics, performance measurement, and abuse prevention.
Where required, Sonusly will ask for consent before using non-essential analytics cookies or similar technologies. You can usually control cookies through your browser settings and, where available, through Sonusly's cookie or analytics controls. Disabling cookies may prevent account, checkout, AI, analytics preference, or security features from working correctly.
Sonusly does not currently respond to browser "do not track" signals. We will update this Policy if that changes.
The following information is public by design when you use public features:
Public information may be viewed by users and non-users, indexed by search engines, crawled by third-party services, cached, archived, quoted, screenshotted, copied, or appear in AI-powered search and chatbot tools.
Do not publish secrets, credentials, private keys, private personal data, confidential business material, private contracts, unreleased material, or content you do not have permission to share publicly.
We may use aggregated or de-identified information to understand trends, improve Sonusly, publish high-level product statistics, and debug reliability without identifying individual users.
Sonusly uses Vercel AI SDK and Vercel AI Gateway to route AI requests to supported model providers. Depending on the feature, an AI request may include your prompt, post text, comments, selected role templates, source evidence, imported conversation content, private follow-up text, and system instructions.
Vercel AI Gateway may process provider routing, model usage, token counts, latency, spend, logs, and observability metrics. Selected AI model providers may process prompts and outputs to generate responses.
Provider retention, logging, abuse monitoring, and training behavior may vary by provider, model, route, account type, and configuration. Sonusly does not currently operate its own foundation model and does not use private AI prompts to train a Sonusly-owned model. You should still treat AI prompts and outputs as data processed by third parties.
Do not submit passwords, API keys, confidential information, unreleased music or business material, sensitive personal information, or anything you would not want processed by AI infrastructure. AI output may be inaccurate, incomplete, outdated, or unsuitable, and should not be relied on as professional advice.
Public content is disclosed publicly by design. Other users, non-users, search engines, crawlers, archives, AI search tools, and external sites may access or store public content.
| provider | purpose | information processed |
|---|---|---|
| Supabase | database, authentication, row-level security, and server-side data operations | account data, auth records, public content, jobs, votes, flags, saved posts, and credit ledger data |
| Vercel | hosting, serverless functions, deployment, logs, and AI Gateway | technical logs, page views, performance data, AI prompts, AI output, model usage, and request metadata |
| AI model providers via AI Gateway | AI generation, provider routing, fallback, and structured output | prompts, post context, imported content, source evidence, and generated output |
| Polar | checkout, order processing, webhook delivery, refunds, and customer records | customer email, Sonusly user ID, checkout metadata, order IDs, product IDs, purchase amounts, and refund data |
| optional OAuth sign-in or profile trust signal | identity information LinkedIn provides after authorization | |
| Google Analytics | traffic and product analytics | page views, device/browser data, referrer, approximate location, and usage events |
We may disclose information when we believe it is reasonably necessary to:
We keep information only as long as reasonably needed for the purposes described in this Policy, unless a longer period is required or permitted by law.
| data type | typical retention |
|---|---|
| account and profile data | while your account is active, then as needed for deletion, security, legal, and integrity purposes |
| public posts, replies, public AI replies, jobs, and saved-post records | while public or as long as needed to preserve discussion context, moderation integrity, legal records, and service integrity |
| private AI follow-ups | as long as needed to provide the feature, show private post context, support users, debug issues, prevent abuse, and maintain auditability |
| imported conversation content | as long as the resulting public discussion remains available, or as needed for moderation, legal, or integrity reasons |
| credit ledger, purchases, refunds, and tips | as long as needed for billing, tax, accounting, fraud prevention, refund handling, and legal compliance |
| security logs, diagnostics, and rate-limit data | as long as needed for security, debugging, abuse prevention, and compliance |
| analytics data | for periods set by us and our analytics providers, generally only as long as useful for product analytics and reliability |
When you request account deletion, we may delete or anonymize personal account information while retaining public content in anonymized form where needed to preserve discussion context, moderation records, safety, legal compliance, or service integrity.
We may retain records when needed for legal obligations, billing, accounting, security, fraud prevention, dispute resolution, provider compliance, or to enforce our Terms.
Send privacy requests to contact@sonusly.com with the subject "privacy request". We may need to verify your email or account before acting on a request.
Some requests may be limited by law, security, billing records, fraud-prevention needs, moderation integrity, public discussion integrity, or the rights of others. For example, when deleting an account, we may anonymize public content rather than remove entire discussion histories.
If you are in the EEA, UK, or Switzerland, you may have additional rights under applicable data protection laws, including rights to access, correct, delete, restrict, object, port data, withdraw consent where processing is based on consent, and complain to a supervisory authority.
| purpose | legal basis |
|---|---|
| providing accounts, authentication, posting, replies, profiles, saved posts, jobs, credits, tips, and AI features | contract |
| security, abuse prevention, spam prevention, moderation, ranking integrity, debugging, service reliability, and service improvement | legitimate interests |
| non-essential cookies or analytics where consent is required | consent |
| basic privacy-conscious analytics where consent is not required | legitimate interests |
| billing, tax, accounting, legal requests, consumer rights, copyright claims, regulatory compliance | legal obligation |
| public display of content you intentionally publish | contract and/or legitimate interests |
Sonusly and its providers may process information in the European Union, the United States, and other countries. Those countries may have data protection laws different from where you live. Where required, we rely on appropriate transfer mechanisms, provider commitments, contractual protections, or other lawful safeguards.
To exercise GDPR-related rights, email contact@sonusly.com with the subject "GDPR request". You may also complain to your local supervisory authority. If you are in Italy, you may contact the Garante per la protezione dei dati personali.
Where applicable, California residents and residents of other U.S. states may have rights to know, access, correct, delete, receive information about certain disclosures, opt out of certain uses, and not be discriminated against for exercising privacy rights. This section applies only to the extent those laws apply to Sonusly.
Sonusly does not sell personal information and does not share personal information for cross-context behavioral advertising.
Categories of personal information we may collect include:
To exercise privacy rights, email contact@sonusly.com with the subject "privacy request".
Sonusly is not directed to people under 18, and we do not knowingly collect personal information from people under 18. If you believe someone under 18 provided personal information to Sonusly, contact us at contact@sonusly.com with the subject "underage privacy", and we will take appropriate steps.
We use technical and organizational measures designed to protect information, including HTTPS/TLS, authentication controls, database access controls, row-level security, server-side operations for sensitive writes, webhook signature verification, restricted environment variables, rate limits, and security logging.
No online service can guarantee perfect security. You are responsible for keeping your account credentials safe and for avoiding the submission of sensitive information to public posts or AI features.
If you believe your account or Sonusly data is at risk, email contact@sonusly.com with the subject "security issue".
Sonusly may link to third-party websites, public source pages, job application pages, music platforms, payment pages, OAuth providers, and AI-generated sources. We do not control those third parties. Review their terms and privacy policies before sharing information with them.
We may update this Privacy Policy as Sonusly, providers, laws, or data practices change. We will update the "last updated" date when we post changes. Material changes may be communicated by email, in-product notice, or another reasonable method before or when they take effect, where required.
Email: contact@sonusly.com