Back

Privacy Policy

Last Updated: March 11, 2026

1. Introduction

SelectedSongs ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes the information we collect, how we use it, the parties to whom it is disclosed, the methods of disclosure, and the security practices we have in place to safeguard your information. By using our Service, you consent to the data practices described in this policy.

Data Controller

SelectedSongs is the data controller responsible for your personal data. For questions about how we handle your data, contact us at info@selected10.com.

EU/EEA Representative (GDPR Article 27)

As SelectedSongs is established outside the European Economic Area, we are in the process of appointing an EU representative in accordance with Article 27 of the GDPR. In the interim, you may direct any data protection inquiries to info@selected10.com. We will update this page with the contact details of our formal EU-based representative once appointed.

2. Information We Collect

We collect the following categories of information:

Personal Information

  • Contact Information: Email address for order confirmations, delivery, and customer support
  • Payment Information: Processed securely through our payment processor; we do not store credit card numbers on our servers
  • Names: Recipient names and your name (if provided) for song personalization

Content Information

  • Memories and Stories: Personal stories, memories, and details you share for song creation
  • Sensitive / Special Category Information: Your stories may voluntarily include sensitive information such as health conditions, religious or philosophical beliefs, racial or ethnic origin, or other special category data (as defined by GDPR Article 9). We process this information only with your explicit consent and solely for the purpose of creating your personalized song. During the order process, you will be asked to provide explicit consent before submitting stories that may contain such information. You may withdraw this consent at any time by contacting info@selected10.com, though this may affect our ability to complete your order
  • Preferences: Genre, decade, voice, occasion, and style preferences
  • Generated Content: Lyrics and audio files created for your order

Technical Information

  • Device Information: Browser type, operating system, and device type
  • Usage Data: Pages visited, time spent on site, and interaction patterns
  • IP Address: For security, fraud prevention, and approximate geolocation purposes
  • Referral Data: How you found us (UTM parameters, referrer URLs)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To create and deliver your custom song
  • Communication: To send order confirmations, delivery notifications, remake updates, and respond to inquiries
  • Payment Processing: To process transactions securely through our payment provider
  • Service Improvement: To analyze usage patterns and improve our service
  • Security: To prevent fraud, unauthorized access, and other malicious activities
  • Legal Compliance: To comply with applicable laws and regulations
  • Marketing: To send promotional communications (with your consent, where required)
  • No AI Training: We do not use your stories, memories, or personal submissions to train public AI models. Your content is processed solely to create your personalized song and is not used to improve or train third-party AI systems

Automated Processing and Decision-Making

Our Service uses automated processing, including artificial intelligence, to generate lyrics and music based on the information you provide. This automated processing is essential to deliver the Service and is performed under the legal basis of contract performance. The automated processing does not produce decisions with legal or similarly significant effects on you -- it generates creative content based on your inputs. You always have the right to request human review of any aspect of your order by contacting info@selected10.com.

Legal Bases for Processing (GDPR)

For users in the European Economic Area, we process your data based on:

  • Contract Performance: Processing necessary to fulfill your order
  • Legitimate Interests: Improving our services, preventing fraud, marketing (where permitted)
  • Consent: For optional marketing communications
  • Legal Obligation: Compliance with applicable laws

4. Information Sharing and Disclosure

We share your information only with the parties listed below and only as necessary to provide our Service. We do not sell your personal information to third parties.

Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Third-Party Service Providers (Sub-Processors)

We share your information with the following third-party service providers to deliver our Service. Each provider is bound by a Data Processing Agreement (DPA) and is contractually obligated to protect your data in accordance with applicable data protection laws. These providers include:

  • Payment Processing (Stripe, Inc.): Processes payments securely. We never store or have access to your full credit card number. Stripe is PCI-DSS Level 1 certified and participates in the EU-US Data Privacy Framework. Data processed: email, payment details, transaction amount.
  • Lyric Generation (Google LLC -- Gemini AI): Your song details (recipient name, relationship type, occasion, personal stories/memories, qualities, and dedication message) are processed to generate personalized lyrics. Google participates in the EU-US Data Privacy Framework. Data processed: song request details, recipient information, personal stories.
  • Music Generation (Kie.ai / Suno): Generated lyrics and style preferences are processed to create original music and vocals. Data processed: lyrics, musical style, voice preference.
  • Email Delivery (Resend, Inc.): Sends order confirmations, song deliveries, and transactional emails. Data processed: email address, order details, song links.
  • Marketing Email (Klaviyo, Inc.): Manages marketing communications and abandoned cart emails (with your consent where required). Klaviyo participates in the EU-US Data Privacy Framework. Data processed: email address, order history, marketing preferences.
  • File Storage (Cloudflare, Inc. -- R2): Stores generated songs and related media securely with encryption at rest and in transit. Cloudflare participates in the EU-US Data Privacy Framework. Data processed: audio files, images.
  • Database Hosting (Neon, Inc.): Hosts our application database with encryption at rest and in transit. Data processed: all order and account data.
  • Application Hosting (Vercel, Inc.): Hosts our web application. Data processed: IP address, request logs.
  • Error Tracking (Sentry): Monitors application errors and performance. Data is anonymized where possible. Data processed: anonymized error logs, device information.
  • Experimentation (GrowthBook): Manages A/B testing to improve user experience. Data processed: anonymous visitor ID, experiment assignments.
  • Analytics (Google Analytics): Analyzes website usage patterns to improve the Service (subject to your cookie consent preferences). Data processed: anonymized usage data, device information, pages visited.

We maintain up-to-date Data Processing Agreements (DPAs) with all sub-processors listed above. We conduct regular reviews of our sub-processors' data protection practices. If you would like a copy of our sub-processor list or any applicable DPA, contact info@selected10.com.

6. Cookies and Tracking Technologies

Types of Cookies We Use

Essential Cookies (Required)

  • Session cookies for maintaining your order state during checkout
  • Authentication cookies for admin users
  • CSRF protection tokens

These cookies are necessary for the Service to function and cannot be disabled.

Analytics Cookies (Optional)

  • Google Analytics: We use Google Analytics to understand how visitors use our site, including pages visited, time on site, and referral sources. Google Analytics uses cookies and collects anonymized usage data. Google is a participant in the EU-US Data Privacy Framework.
  • GrowthBook: We use GrowthBook for A/B testing and feature experimentation to improve user experience. GrowthBook uses anonymous visitor IDs.

These analytics cookies help us improve user experience and are optional.

Marketing & Advertising Cookies (Optional, Consent Required)

  • Meta Pixel (Facebook/Instagram): Tracks conversions and enables remarketing. Only activated with your consent for advertising cookies.
  • TikTok Pixel: Tracks conversions from TikTok advertising. Only activated with your consent for advertising cookies.
  • Google Ads: Tracks conversions from Google advertising campaigns. Only activated with your consent for advertising cookies.

For users in the EU/EEA, marketing and advertising cookies are only placed with your prior opt-in consent. For users in the United States and other regions, these cookies may be placed unless you opt out through our cookie consent banner or your browser settings.

How to Manage Cookies

You can manage your cookie preferences through our cookie consent banner, which appears on your first visit. You can also change your preferences at any time through your browser settings. Refusing essential cookies may prevent you from completing orders.

Global Privacy Control (GPC) & Do Not Track

We honor Global Privacy Control (GPC) signals as a valid opt-out of "sale" or "sharing" of personal information under applicable state privacy laws. We also respect "Do Not Track" browser signals.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Order Data: Retained for 7 years after your last transaction for legal, tax, and accounting compliance purposes, after which it is anonymized or deleted. During this period you may continue to access your purchase.
  • Generated Songs: Stored for as long as your account or order record is active. You may request deletion at any time by contacting info@selected10.com. Songs associated with inactive orders will be reviewed for deletion after 7 years.
  • Personal Stories and User Content: Retained for the duration necessary to fulfill your order and any remake requests, then for up to 12 months for quality assurance purposes. After this period, personal story content is deleted from active systems (but may persist in encrypted backups for up to 90 additional days).
  • Support Conversations: Retained for 3 years after resolution
  • Marketing Data: Until you unsubscribe or request deletion. Inactive marketing contacts are automatically removed after 24 months of inactivity.
  • Technical Logs: Generally deleted after 90 days

You may request deletion of your data by contacting us at info@selected10.com.

8. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
  • Secure Payment: Credit card information is processed by our payment provider and never touches our servers
  • Database Security: Our database is hosted with encryption at rest and in transit
  • Access Control: Only authorized personnel have access to user data, on a need-to-know basis
  • Regular Audits: We regularly review and update our security practices
  • Environment Variables: Sensitive API keys and credentials are stored securely as environment variables

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Request your data in a portable format
  • Opt-out: Unsubscribe from marketing communications at any time (contact info@selected10.com or use the unsubscribe link in any marketing email)
  • Lodge a Complaint: File a complaint with your local data protection authority or consumer protection agency

To exercise any of these rights, please contact us at info@selected10.com. See the jurisdiction-specific sections below (Sections 10-13) for response timelines and your local supervisory authority.

10. Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):

Your GDPR Rights

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to be Forgotten: Request deletion of your data
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Data Protection Officer

While our current processing activities do not require the appointment of a Data Protection Officer under GDPR Article 37, we have designated a Data Protection contact to handle all privacy inquiries. You can reach our Data Protection contact at info@selected10.com.

How to Exercise Your Rights

Contact our Data Protection contact at info@selected10.com. We will respond within 30 days as required by GDPR. In exceptional circumstances, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for the delay within the initial 30-day period.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) where required, particularly for processing activities that involve AI-generated content, large-scale processing of personal data, or the use of new technologies. Our DPIAs are reviewed and updated regularly.

11. Your Rights Under CCPA (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your CCPA Rights

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale: We do not sell your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Categories of Information Collected (Past 12 Months)

  • Identifiers: Email address, name
  • Personal information (Cal. Civ. Code Section 1798.80): Name, address
  • Commercial information: Purchase history, order details
  • Internet activity: Pages visited, interaction with our site
  • Inferences: Preferences derived from the above

Sensitive Personal Information

We may collect sensitive personal information as defined by CPRA. You have the right to limit the use and disclosure of your sensitive personal information.

Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not "share" your personal information for cross-context behavioral advertising purposes, except where marketing cookies are activated with your consent. You may opt out of any "sharing" by declining marketing cookies in our consent banner or by enabling Global Privacy Control (GPC) in your browser.

How to Exercise Your Rights

Submit a request to info@selected10.com. We will verify your identity before processing requests. We will respond within 45 days of receiving your verifiable request. If we need more time (up to an additional 45 days), we will inform you in writing. You may designate an authorized agent to make requests on your behalf with proper written authorization.

12. Your Rights Under LGPD (Brazilian Users)

If you are located in Brazil, you have the following rights under the Lei Geral de Protecao de Dados (LGPD, Law 13.709/2018):

Your LGPD Rights

  • Confirmation and Access: Confirm whether we process your data and access it
  • Correction: Request correction of incomplete, inaccurate, or outdated data
  • Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with LGPD
  • Data Portability: Request portability of your data to another service provider
  • Deletion of Data Processed with Consent: Request deletion of data processed on the basis of your consent
  • Information on Sharing: Obtain information about public and private entities with which we share your data
  • Information on Consent: Obtain information about the possibility of not providing consent and the consequences of such refusal
  • Withdrawal of Consent: Withdraw your consent at any time
  • Opposition: Object to processing that does not comply with LGPD
  • Review of Automated Decisions: Request review of decisions made solely on the basis of automated processing of personal data that affect your interests, including decisions intended to define your personal, professional, consumer, or credit profile

Legal Bases (LGPD)

We process your personal data under the following legal bases provided by LGPD:

  • Contract Performance (Art. 7, V): Processing necessary to fulfill your order
  • Consent (Art. 7, I): For marketing communications, sensitive data, and optional cookies
  • Legitimate Interest (Art. 7, IX): For fraud prevention, service improvement, and security
  • Legal or Regulatory Obligation (Art. 7, II): For tax compliance and legal requirements

Encarregado (Data Protection Officer)

In accordance with LGPD Article 41, our designated Encarregado (Data Protection Officer) can be contacted at info@selected10.com. The Encarregado is responsible for receiving complaints from data subjects, providing guidance, and acting as a point of contact with the ANPD (Autoridade Nacional de Protecao de Dados).

How to Exercise Your Rights

Submit a request to info@selected10.com. We will respond within 15 days as required by LGPD. You also have the right to file a complaint with the ANPD (Autoridade Nacional de Protecao de Dados) at www.gov.br/anpd.

13. Your Rights in Mexico, Colombia, Argentina, Chile & Other Latin American Jurisdictions

Mexico (LFPDPPP)

If you are in Mexico, you have ARCO rights under the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP):

  • Acceso (Access): Request access to your personal data
  • Rectificacion (Rectification): Request correction of inaccurate data
  • Cancelacion (Cancellation): Request deletion of your data
  • Oposicion (Opposition): Object to the processing of your data

To exercise your ARCO rights, submit a request to info@selected10.com. We will respond within 20 business days as required by LFPDPPP. You may also file complaints with the INAI (Instituto Nacional de Transparencia, Acceso a la Informacion y Proteccion de Datos Personales).

Colombia (Law 1581/2012)

If you are in Colombia, you have rights under the Personal Data Protection Law (Law 1581/2012), including the right to: access your data, update and correct it, request deletion when not required by legal obligation, request proof of consent, file complaints with the SIC (Superintendencia de Industria y Comercio), and revoke consent. We will respond to requests within 10 business days (extendable by 5 additional days). Contact info@selected10.com.

Argentina (Law 25.326)

If you are in Argentina, you have rights under the Personal Data Protection Law (Law 25.326), including the right to: access your data (free of charge, at intervals of no less than 6 months), rectify, update, or suppress your data. You may file complaints with the AAIP (Agencia de Acceso a la Informacion Publica). We will respond within 10 calendar days. Argentina has been granted an adequacy decision by the European Commission. Contact info@selected10.com.

Chile (Law 19.628)

If you are in Chile, you have rights under the Law on Protection of Private Life (Law 19.628), including the right to: access, modify, cancel, and block your personal data. You may file complaints with the SERNAC (Servicio Nacional del Consumidor) or the competent courts. Contact info@selected10.com.

Other Jurisdictions

If you are located in Venezuela, Puerto Rico, or any other jurisdiction with data protection legislation, you may exercise your applicable data protection rights by contacting info@selected10.com. We will process your request in accordance with the applicable data protection laws of your jurisdiction.

14. International Data Transfers

SelectedSongs is based in the United States. Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

Transfer Mechanisms

For transfers from the EEA/UK/Switzerland to the United States, we rely on the following safeguards:

  • EU-US Data Privacy Framework (DPF): Where applicable, we use sub-processors that are certified under the EU-US Data Privacy Framework (including the UK Extension and Swiss-US DPF), as recognized by the European Commission's adequacy decision of July 2023
  • Standard Contractual Clauses (SCCs): For sub-processors not covered by the DPF, we use SCCs approved by the European Commission (and the UK International Data Transfer Agreement where applicable)
  • Data Processing Agreements (DPAs): All service providers are bound by DPAs that include appropriate technical and organizational safeguards
  • Adequacy Decisions: Where available, we rely on adequacy decisions issued by the European Commission for the recipient country

Your Consent

By using our Service, you consent to the transfer of your information to the United States and other jurisdictions that may have different data protection laws than your country of residence. Regardless of where your data is processed, we apply the same protections described in this Privacy Policy.

15. Data Breach Notification

In the event of a data breach that affects your personal information:

Notification Timeline

We will notify affected users within 72 hours of becoming aware of a breach that poses a risk to your rights and freedoms. We will also notify relevant supervisory authorities as required by law.

Notification Content

Our notification will include:

  • Description of the nature of the breach
  • Categories and approximate number of individuals affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact information for questions

How We Will Notify You

We will notify you via email to the address associated with your order, by a prominent notice on our website, and by other means as required by applicable law.

16. Children's Privacy

Our Service requires users to be at least 18 years of age (or the age of majority in your jurisdiction), as stated in our Terms of Service. The age thresholds below represent the regulatory floors under applicable children's privacy laws, below which heightened data protection requirements apply:

  • United States: 13 years of age (in accordance with COPPA)
  • European Union: 16 years of age (or the age set by your member state, which may be as low as 13 under GDPR Article 8)
  • United Kingdom: 13 years of age (under UK GDPR)
  • Brazil: 18 years of age, or 12 years of age with verifiable parental consent (under LGPD Article 14)
  • All other jurisdictions: The age of digital consent in your country of residence, or 16 years of age if no specific age is defined

We do not knowingly collect personal information from children below the applicable age threshold. If you are a parent or guardian and believe we have collected information from a child below the applicable age in your jurisdiction, please contact us immediately at info@selected10.com and we will take steps to delete such information promptly.

17. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

18. Marketing Communications

Types of Communications

  • Transactional Emails: Order confirmations, delivery notifications, change request links (required for service delivery - cannot be opted out)
  • Marketing Emails: Promotional offers, new features, company updates (optional)

Opt-In/Opt-Out

You can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting info@selected10.com. Transactional emails cannot be opted out as they are necessary for order fulfillment.

Abandoned Cart Emails

If you start an order and provide your email address but do not complete checkout, we may send a limited number of reminder emails. The legal basis for these emails is our legitimate interest in completing transactions that you initiated (GDPR Article 6(1)(f)). We have conducted a balancing test and limit abandoned cart emails to a maximum of three (3) emails over a seven (7) day period. You can opt out at any time using the unsubscribe link. For users in jurisdictions that require prior consent for marketing emails (including the EU/EEA under ePrivacy rules), abandoned cart emails are sent only under the "soft opt-in" exception where applicable, or with your prior consent.

19. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. We will provide notice of significant changes by updating the "Last updated" date.

20. Contact Us

If you have any questions about this Privacy Policy, our data practices, or would like to exercise your rights, please contact us:

  • Privacy Inquiries: info@selected10.com
  • General Support: info@selected10.com

We aim to respond to all inquiries within 30 days.