Privacy Policy

TonesMatch provides AI-generated guitar and bass tone settings adapted to the gear you actually own. This Privacy Policy explains what we collect when you use tonesmatch.com and the TonesMatch web application (together, the “Service”), how we use it, who we share it with, and the rights you have over your data.

We try to collect as little as we need to run the Service well. We do not sell your personal information, and we do not use your gear data or saved tones to train AI models.

Account information

When you sign up we collect your email address and an authentication identifier from Supabase. If you sign in with Google we also receive your Google profile name and avatar. You may optionally add a display name and profile picture.

Gear and tone data

To match tones to your rig we store the guitars, basses, amps, pedals, and multi-FX units you save to your profile, the songs and tones you adapt, and the tones you save or publish to the community library. You can edit or delete this data at any time from Settings.

Billing data

Subscriptions and refunds are processed by Creem. We receive a subscription identifier, plan tier, status, billing period, and refund events from Creem; we never see or store your full credit card number. Creem handles card data directly under their own privacy terms.

Usage and device data

Like most web applications, we automatically collect basic technical data when you use the Service: IP address, browser type, operating system, referring page, pages viewed, feature interactions, and timestamps. We use this for security, debugging, and product analytics.

Communications

When you contact us, submit feedback, or request missing gear, we keep the message and your contact details so we can respond and follow up.

• Provide and personalize tone recommendations for your gear.
• Authenticate you and keep your account secure.
• Process subscriptions, trials, refunds, and quota tracking.
• Send transactional and account emails (welcome, trial reminders, billing receipts, password resets).
• Improve match quality and the catalog of supported gear.
• Detect, investigate, and prevent abuse, fraud, and security incidents.
• Comply with legal obligations.

We do not sell your personal information, and we do not use your audio, gear data, or saved tones to train AI models.

We rely on the following processors to run the Service. Each is bound by contract to handle your data only on our instructions and consistent with this policy.

• Supabase — authentication and PostgreSQL database.
• Vercel — application hosting and edge delivery.
• OpenAI — generates tone research and gear-adapted settings. Your prompts are sent through the OpenAI API; OpenAI does not use API content to train its models.
• Creem — subscription billing, payment processing, and refunds.
• Resend — transactional and account email delivery.
• Google Analytics (Google LLC) — aggregated traffic and product analytics.
• Microsoft Clarity (Microsoft Corporation) — anonymized session replay and heatmaps used to debug UX issues.

We may share information with law enforcement or other parties when we reasonably believe disclosure is required to comply with a legal process, to enforce our Terms, or to protect the rights, property, or safety of TonesMatch, our users, or the public.

We use a first-party session cookie to keep you signed in. To understand how the Service is used and to debug UX issues we load Google Analytics and Microsoft Clarity, which set their own cookies and/or local storage on your device (for example _ga, _ga_*, and Clarity’s _clck / _clsk). Clarity may additionally record an anonymized replay of your visit (clicks, scrolls, keystrokes on non-input fields) to help us reproduce bugs; sensitive form fields are masked by default. We do not use third-party advertising cookies and we do not sell or share data for cross-context behavioral advertising. You can clear cookies and site data through your browser at any time, and you can opt out of Google Analytics with the Google Analytics opt-out add-on.

• Account, gear, and saved tones: retained while your account is active. Deleted or anonymized within 30 days of account deletion.
• Billing records: retained as long as required by tax and accounting law (typically up to 7 years), even after account deletion.
• AI job logs: we keep limited prompt and response metadata for up to 90 days for debugging and refund disputes, then delete.
• Email logs: retained up to 2 years to honor unsubscribe and prevent duplicate sends.
• Aggregated analytics: may be retained indefinitely once it can no longer identify you.

We use TLS in transit, encryption at rest where supported by our providers, row-level security on the database, and least-privilege access for our team. You are responsible for keeping your password and sign-in device secure. No system is perfectly secure, and we cannot guarantee absolute security; if a breach affects your personal information we will notify you within 72 hours of confirmation, where required by law.

You can access, edit, export, or delete your account data at any time from Settings. You can also opt out of marketing emails using the unsubscribe link in any such email; transactional messages (billing, security, account changes) will continue.

If you reside in the European Economic Area, the United Kingdom, or Switzerland, you have the right to access, correct, delete, restrict, or port your personal data, to object to processing, and to withdraw consent. Our legal bases are: performance of a contract (to provide the Service), our legitimate interests (security and product improvement), consent (for marketing emails), and compliance with legal obligations. To exercise your rights, email hello@tonesmatch.com; we will respond within 30 days.

California residents may request the categories and specific pieces of personal information we have collected about them in the past 12 months, request deletion or correction, and opt out of any sharing of personal information for cross-context behavioral advertising. We do not sell personal information and do not engage in such advertising sharing. To make a request, email hello@tonesmatch.com; we will respond within 45 days. We will not discriminate against you for exercising your rights.

The Service is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If we learn we have collected such data we will delete it promptly.

TonesMatch is operated from, and your data is processed by service providers located in, the United States and other countries. Where required, we rely on standard contractual clauses or other appropriate safeguards for transfers outside your home jurisdiction.

We may update this Privacy Policy as the Service evolves. When we make material changes we will update the “Last updated” date above and, where appropriate, notify you by email or in the application. Your continued use of the Service after the change takes effect constitutes acceptance.

Questions, requests, or complaints about this policy? hello@tonesmatch.com.