Last Updated: April 2, 2026
Welcome to Soundsta.sh ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
By using Soundsta.sh, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.
We collect information that you voluntarily provide to us when you:
When you use Soundsta.sh, the following information is collected automatically:
We do not read or store IP addresses, device fingerprints, or other identifying request metadata in our own application code. Standard server and CDN infrastructure (Vercel, Cloudflare) may process IP addresses at the network level as part of routing and security, but this data is not stored or accessible to us directly.
When you upload audio files to Soundsta.sh, we store metadata about these files (filename, size, upload date) and the files themselves. Depending on your setup, files may be stored on:
We use the information we collect for the following purposes:
We use Clerk for authentication and user management. Clerk processes your account information according to their privacy policy.
Subscription fees are processed securely through Stripe. We do not store your complete credit card information on our servers.
Track Store purchases are processed through PayPal. When you buy a track from a user's store, your payment details (including name and email) are handled directly by PayPal and shared with the seller as part of the transaction. Soundsta.sh does not access or store buyer payment credentials. PayPal's own privacy policy governs how they process that data.
When you connect Google Drive or Dropbox, Soundsta.sh uses OAuth authorization to create and manage a dedicated "Soundsta.sh" folder in your connected account. Access is strictly limited to this managed folder — we do not browse, read, or modify any other files or folders in your external storage. Their respective privacy policies apply.
When you choose to connect your Dropbox account, Soundsta.sh requests the following OAuth permissions:
What we do NOT do with your Dropbox data: We do not read, copy, store, or process any Dropbox files or metadata other than what is strictly necessary to provide the features described above. We do not share your Dropbox data with any third party. Non-audio files in your Dropbox are never accessed.
Token security: Your Dropbox access and refresh tokens are encrypted at rest using AES-256-GCM before being stored in our database. They are decrypted only when needed to make an API call on your behalf.
Retention and deletion: Your Dropbox tokens and all associated cached metadata are stored only for as long as you keep Dropbox connected. When you disconnect Dropbox from your account settings, the managed "Soundsta.sh" folder and all audio files it contains are permanently deleted from your Dropbox account. Your access token is then immediately revoked via the Dropbox API and permanently deleted from our database. No residual Dropbox data is retained.
Your control: You can disconnect Dropbox at any time from the Storage section of your account settings. You may also revoke Soundsta.sh's access directly from your Dropbox account's Connected Apps page at dropbox.com/account/connected_apps.
When you choose to connect your Google Drive account, Soundsta.sh requests the following OAuth permission:
drive.file scope) – limited to files and folders created by Soundsta.sh within your Drive. This allows Soundsta.sh to automatically create a dedicated "Soundsta.sh" folder, upload audio files to it, read file content and metadata for playback and sharing, and delete files when you explicitly remove them from your library within Soundsta.sh. No access to any pre-existing files or folders in your Drive is granted.What we do NOT do with your Google Drive data: We do not read, copy, store, or process any Google Drive files or metadata beyond what is strictly necessary for the features described above. We do not share your Google Drive data with any third party. Non-audio files in your Drive are never accessed. Deletion only occurs when you explicitly trigger it within Soundsta.sh.
Token security: Your Google OAuth refresh token is encrypted at rest using AES-256-GCM before being stored in our database. It is decrypted only when needed to make an API call on your behalf. We do not store your Google account password or any other Google credentials.
Retention and deletion: Your Google Drive refresh token and all associated cached metadata are stored only for as long as you keep Google Drive connected. When you disconnect Google Drive from your account settings, the managed "Soundsta.sh" folder and all audio files it contains are permanently deleted from your Google Drive. Your refresh token is then immediately revoked via Google's OAuth revocation endpoint and permanently deleted from our database. No residual Google Drive data is retained.
Your control: You can disconnect Google Drive at any time from the Storage section of your account settings. You may also revoke Soundsta.sh's access directly from your Google account's permissions page at myaccount.google.com/permissions.
Files uploaded to Soundsta.sh's own storage are hosted on Cloudflare infrastructure. Cloudflare acts as a data processor on our behalf and their data processing terms apply.
We use Google Analytics to understand how users interact with the service. Currently, Google Analytics tracks page views and standard session metrics (session duration, device type, approximate location). Google Analytics may set cookies to distinguish returning visitors.
All data collection requires your analytics consent and can be withdrawn at any time via cookie settings. When consent is not granted, Google Analytics operates in consent-denied mode and does not set tracking cookies or collect identifiable data.
We use Meta Pixel (Facebook Pixel) to measure the effectiveness of our advertising campaigns and to build audience segments for ads on Meta platforms (Facebook, Instagram). Currently, Meta Pixel tracks only page views (PageView event) once marketing consent has been granted.
This service only activates after you explicitly grant consent for marketing cookies. You may withdraw consent at any time via cookie settings, at which point Meta Pixel is revoked and stops sending data to Meta.
Soundsta.sh provides a Track Store feature that allows eligible users ("sellers") to sell audio tracks to buyers. When a buyer completes a purchase, the transaction is processed exclusively through PayPal. As part of that payment flow, PayPal shares the buyer's name and email address with the seller to fulfill the order (e.g., to issue a download token). Soundsta.sh does not receive, store, or process buyer payment card data. Purchase metadata (such as transaction IDs, timestamps, and download token status) is stored in our database solely to facilitate delivery and detect misuse. PayPal's privacy policy governs the collection and use of payment information during checkout.
We do not sell or rent your personal information. We may share your information in the following circumstances:
We share information with third-party service providers who perform services on our behalf, including hosting, authentication, payment processing, and analytics.
We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders, government investigations).
If Soundsta.sh is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
When you share audio files via Soundsta.sh's sharing feature, recipients can access those files according to the sharing settings you configure (time limits, download permissions, etc.).
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.
We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:
When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.
Depending on your location, you may have the following rights:
You can request access to your personal information and receive a copy in a portable format.
You can update or correct your personal information through your account settings.
You can request deletion of your personal information by deleting your account.
You can opt out of marketing communications at any time.
If you are in the European Economic Area (EEA), you have additional rights including the right to object to processing, restrict processing, and lodge a complaint with a supervisory authority.
California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information (which we do not do).
We use cookies and similar tracking technologies to track activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. You can also manage your cookie preferences at any time via the cookie settings on our website.
We use the following types of cookies:
All non-essential cookies (analytics and marketing) are disabled by default. They are only activated after you explicitly accept them via our cookie consent banner.
Soundsta.sh is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.
Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using Soundsta.sh, you consent to the transfer of your information to these locations.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.
Changes to this Privacy Policy are effective when they are posted on this page. Continued use of the service after changes are posted constitutes your acceptance of the revised policy.
If you have any questions about this Privacy Policy, please contact us: