Privacy Policy

Last updated: June 2, 2026

1. Introduction

Umbral Audio, LLC ("Umbral Audio," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information when you use the Aether plugin (the "Plugin") and umbralaudio.com (the "Services").

2. Information we collect

a. Information you provide directly

• Account information: your email address and password (stored only as a salted hash by our auth provider, Supabase). You may also set a display name.
• Payment information: processed by our payment processor, Stripe. We do not store your full card details. We receive transaction metadata (Stripe transaction and customer IDs, amount, currency, billing country, and the email used at checkout) so we can issue your license.
• License key: issued on purchase and tied to your account.
• AI provider API keys (optional): if you choose to use your own AI provider keys, you enter them into the Plugin's settings. They are stored locally on your machine, and we never see, store, or transmit them.
• Prompts and parameters: when you use Aether to generate MIDI, your prompts and music parameters go directly from your computer to the AI provider you selected. We do not see or store them.
• Support requests: if you contact us, we collect your email and message.

b. Information collected automatically

• License activation and checks: the operating system name, the computer's name (the one you set in System Settings), and an opaque, locally-derived SHA-256 machine-ID hash, used to track activations against your device limit without storing identifying hardware information.
• Installer downloads: when you download Aether from your account, we record your account ID, license key, the plugin version and platform you downloaded, your IP address, and your browser or client User-Agent. These download logs let us enforce your license, detect abuse, and provide support.
• Update checks: the Plugin periodically asks our server whether a newer version is available, sending only its current version number and platform. The server sees the network request's IP address, used only to rate-limit the endpoint, and does not store it as part of your profile.
• Crash and diagnostic reports (opt-in only): if you opt in via Aether's Settings → General → Privacy, the Plugin sends crash reports (plugin version, host DAW, OS, hashed machine ID, stack trace, crash log) and diagnostic reports for AI generation failures (which may include the prompt and the AI provider's response, because that's what we need to diagnose the bug). Off by default; togglable any time.
• Website telemetry (with consent): Vercel Web Analytics and Speed Insights (aggregate, cookieless), and Sentry session replay on error only (with input/text masking enabled). Disabled until you accept via the cookie banner. Sentry continues to capture bare error events (no replay) under legitimate interest.

3. How we use your information

• To create and manage your account, issue License keys, and verify activations.
• To process purchases, refunds, and support requests through Stripe.
• To detect and prevent fraud, abuse, and license sharing.
• To diagnose crashes and fix bugs (only with your consent for the corresponding telemetry).
• To send essential service emails (purchase receipts, password resets, security notices).
• To comply with applicable laws.

4. Sharing your information with third parties

We do not sell your personal information. We share data with the following service providers strictly as needed to run the service:

• Stripe: payment processing, fraud screening, and refunds.
• Supabase: authentication and database hosting for accounts, licenses, and webhook records.
• Vercel: website and serverless hosting, plus consented Web Analytics and Speed Insights.
• Cloudflare: DNS, content delivery, and R2 object storage for plugin installer downloads.
• Sentry: error monitoring and (with consent) session replay.
• Resend: transactional email delivery (receipts, password resets, security notices).
• Legal authorities: if required by law or to protect our rights.

AI generation providers

Aether generates MIDI by sending your prompt to an AI provider that you choose and configure with your own API key. That traffic goes directly from your computer to the provider you selected. Umbral Audio does not proxy, see, or store your prompts or your keys. The cloud providers Aether can connect to are:

• OpenAI (ChatGPT)
• Anthropic (Claude)
• Google (Gemini)
• xAI (Grok)
• DeepSeek
• Hugging Face
• OpenRouter (a gateway that forwards your request to a model host you pick)

Each provider has its own privacy policy that governs what it does with your prompt. When you use OpenRouter, Aether adds an HTTP-Referer header of https://umbralaudio.com and an X-Title header of Aether so OpenRouter can attribute the request to the application. These identify the app, not you.

Aether also supports two local engines, Ollama and LM Studio, that run entirely on your own computer. When you use those, your prompts never leave your machine and are not sent to Umbral Audio or any third party.

5. Data security

We implement reasonable security measures, including encryption in transit, access controls, and managed authentication, to protect your information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data retention

We keep your account, license, and order records for as long as your account exists. Personal-data fields inside incoming Stripe webhook payloads are stripped automatically after 7 days. When you delete your account, your profile, your personal data, and any opt-in crash or diagnostic reports tied to your account are removed from our active database. The underlying order and transaction records are retained where required for tax, accounting, or fraud-prevention purposes.

7. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict the processing of your personal information, and to withdraw consent for processing that relies on it. You can delete your account at any time from the account settings page. To exercise any other right, email privacy@umbralaudio.com. We aim to respond within 30 days.

8. Children

Our service is not intended for children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. We will notify registered users by email of material changes before they take effect.

10. Contact us

Umbral Audio, LLC
c/o Northwest Registered Agent, LLC
8401 Mayland Dr, Ste A
Richmond, VA 23294, USA
privacy@umbralaudio.com

See also our Terms of Service and Refund Policy.