Privacy Policy

Last updated: 5/6/2026 Effective date: 5/6/2026

This Privacy Policy describes how GlassVoid LLC ("Company," "we," "us") collects, uses, and shares personal data when you use Noiserator (the "Service"). It applies to the website at noiserator.com, the web application at noiserator.app, and any related desktop or native applications.

1. Personal Data We Collect

1.1 Data You Provide

Account data: email address, password (stored hashed), display name, avatar.
Profile and onboarding data: any information you choose to add to your profile or provide during onboarding.
User Content: prompts, source images, videos, audio, designs, project files, and other materials you upload or generate. See Terms of Service §4.
Payment data: if you purchase a paid plan, our payment processor (see §3) collects your billing information directly. We receive a token, the last four digits of your card, billing country, and transaction metadata — we do not store full card numbers.
Support and communications: information you provide when you contact us, respond to surveys, or participate in our community channels.

1.2 Data Collected Automatically

Device and connection data: IP address, browser type, operating system, device identifiers, language, referrer URL.
Usage data: pages and features visited, actions taken, timestamps, performance metrics.
Cookies and similar technologies: see our Cookie Notice.

1.3 Data from Third Parties

If you sign in via a third-party provider (e.g., GitHub, Google), we receive the basic profile information you authorize that provider to share.

2. How We Use Personal Data

We use personal data to:

(a) provide, secure, and maintain the Service;
(b) authenticate you and protect your account;
(c) process payments and manage subscriptions;
(d) communicate with you about the Service, including service announcements, security notices, and support;
(e) understand how the Service is used and improve it;
(f) detect, prevent, and respond to fraud, abuse, or violations of our Acceptable Use Policy;
(g) comply with legal obligations and enforce our agreements.

We do not sell personal data, and we do not train generative models on your User Content without your explicit opt-in.

We share personal data only with the categories of recipients below, and only as needed.

Recipient	Purpose	Location
Supabase	Authentication, database, file storage.	United States
PostHog	Product analytics (only if you opt in).	United States / EU (configurable)
Affonso	Referral / affiliate attribution (only if you opt in to marketing cookies).	—
Discord	Newsletter signup forwarding via webhook; community channels you choose to join.	United States
Hosting provider (Hostinger / `srv1169432.hstgr.cloud`)	Static site hosting.	EU
Stripe	Subscription billing, invoice generation, and payment-method storage. We never see or store your full card number.	United States
Government, law enforcement, or other parties	Where required by law, legal process, or to protect rights, safety, or property.	Varies
Acquirer	In the event of a merger, acquisition, or asset sale, with appropriate safeguards.	Varies

4. Legal Bases (EEA / UK Users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

Contract — to provide the Service to you (Article 6(1)(b)).
Legitimate interests — to secure the Service, prevent abuse, and improve our product (Article 6(1)(f)).
Consent — for non-essential cookies and any direct-marketing communications (Article 6(1)(a)).
Legal obligation — to comply with applicable law (Article 6(1)(c)).

5. International Transfers

We are based in the United States, and our processors operate in the United States and other jurisdictions. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or recipient certification under an approved framework.

6. Retention

We keep personal data only as long as needed for the purposes described in this Policy:

account data: until you delete your account, then up to 90 days for backups;
User Content: until you delete it, then up to 90 days for backups;
billing records: as required by tax and accounting law (typically 7 years);
security and abuse logs: up to 18 months;
analytics data: aggregated or de-identified after 14 months.

7. Your Rights

Depending on where you live, you may have rights to:

access the personal data we hold about you;
correct inaccurate data;
delete your data ("right to erasure");
restrict or object to processing;
receive your data in a portable format;
withdraw consent at any time, without affecting processing already carried out;
lodge a complaint with your local data-protection authority.

Submit a request to privacy@noiserator.com. We will verify your identity before acting and will respond within the period required by applicable law.

California residents have additional rights under the CCPA / CPRA, including the right to opt out of "sharing" for cross-context behavioral advertising. We do not sell or share personal data as those terms are defined under the CCPA.

8. Security

We use administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit, encryption at rest for sensitive fields, access controls, and audit logging. No system is perfectly secure; if we learn of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

9. Children

The Service is not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact privacy@noiserator.com and we will delete it.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be announced as described in the Terms of Service. The "Last updated" date reflects the most recent revision.

11. Contact

GlassVoid LLC 1500 N Grant St., Ste N, Denver, CO 80203 privacy@noiserator.com