Privacy Policy

Last updated: 5 April 2026

This Privacy Policy explains how Melodreams (“Melodreams”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use our Service. It is incorporated by reference into our Terms of Service.

We are strongly committed to privacy by design. We collect the absolute minimum data necessary, do not track visitors to public pages, run zero analytics or advertising tools, and never sell your data.

1. Controller & Contact

Data Controller: Melodreams
Legal inquiries: legal@melodreams.com
Privacy inquiries: privacy@melodreams.com

If you are in the European Union, you also have the right to lodge a complaint with your local supervisory authority.

2. Information We Collect

2.1 Information You Provide

Email address (for account creation and essential notices)
Chosen username
Password (stored only as a secure, salted hash)
Optional public profile content (bio, links, description, profile image, themes)

2.2 Automatically Collected Technical Data

For security and functionality only:

sb-access-token and sb-refresh-token
Non-reversible device fingerprint (browser type, screen resolution, canvas signature) used solely to prevent account takeover and limit simultaneous logins

We do not log IP addresses on public profile pages and do not collect any visitor data from your public Melodreams page.

2.3 Payment Information

We do not store full payment card details. All payments are processed securely by our third-party payment provider(s). Only a payment token and subscription status are stored with us.

2.4 What We Explicitly Do Not Collect

No analytics or tracking tools (Google Analytics, Meta Pixel, Plausible, etc.)
No advertising or marketing cookies
No behavioral tracking or profiling
No data from visitors to public pages
No IP logging on public profiles
No selling, renting, or sharing of personal data with third parties for marketing

3. Legal Basis for Processing (GDPR)

We only process your data when we have a valid legal basis:

Performance of contract – to provide the Service you subscribed to
Legitimate interests – security, fraud prevention, and service improvement (device fingerprint, session management)
Legal obligation – when required by law (e.g., law enforcement requests or tax obligations)

4. How We Use Your Information

Your data is used only to:

Create and secure your Account
Display your public page (if you choose to make one)
Manage your Subscription and billing
Protect the platform against abuse and unauthorized access
Send essential service announcements (e.g., security alerts, price changes, legal notices)

5. Cookies & Local Storage

We use only strictly necessary cookies for authentication and security:

Cookie	Purpose	Duration
`sb-access-token`	Encrypted session token	Session (deleted on logout)
`sb-refresh-token`	Encrypted refresh token	Up to 30 days

All cookies are HttpOnly, Secure, and SameSite=Lax. We store your cookie-preference choice only in LocalStorage. No other tracking or analytics cookies are used.

6. Sharing & Third-Party Processors

We do not sell or share your personal data. We only share data with trusted service providers who are contractually bound to protect it and process it only on our behalf:

Hosting and infrastructure providers (data stored in EU-compliant regions where possible)
Payment processors (Stripe or equivalent – they never receive your full profile data)
Legal or regulatory authorities when required by law

7. International Data Transfers

Some processing may occur outside the EU/EEA. Where this happens, we ensure appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions, or other GDPR-compliant mechanisms).

8. Data Retention

We keep your data only as long as necessary:

Active accounts: as long as your Subscription is active
After cancellation/deletion: all identifiable personal data is permanently deleted within 30 days (except where law requires us to keep logs for security or compliance)

9. Security

We use industry-standard protections including database encryption at rest, secure password hashing, multi-device session limits, rate limiting, and strict internal access controls. While no system is 100% secure, we take every reasonable measure to protect your data.

10. Your Rights (GDPR & Applicable Laws)

You have the following rights regarding your personal data:

Right to access – request a copy of your data
Right to rectification – correct inaccurate data
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent (where applicable)

To exercise any of these rights, simply email privacy@melodreams.com. We will respond within one month (free of charge in most cases).

11. Children’s Privacy

Melodreams is not intended for anyone under 16 years of age. We do not knowingly collect data from children. If we discover data belonging to a child under 16, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy. Material changes will be notified by email or in-Service notice at least 30 days before they take effect. Continued use after the effective date means you accept the updated Policy.

13. Contact Us

Any questions or requests regarding your privacy?

Melodreams Privacy Office
Email: privacy@melodreams.com