Back to Melodio

Privacy Policy

Last Updated: March 18, 2026

This Privacy Policy explains how Melody Box Limited (“Melodio,” “we,” “us,” or “our”), a company registered in England and Wales, collects, uses, discloses, and protects your personal information when you visit or use our website at https://melodio.co (the “Site”) and our AI-powered personalised song generation services (the “Service”).

By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Site.

1. Information We Collect

1.1 Information You Provide to Us

  • Account Information. When you register for an account using Google OAuth, we receive your name, email address, and profile picture from your Google account. We do not receive or store your Google password.
  • Payment Information. When you purchase credits or subscriptions, payment is processed by our third-party payment processor, Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe may collect your name, billing address, and payment card details. Please refer to Stripe's Privacy Policy for more information.
  • Song Prompts and Content. When you use our Service, you provide text prompts describing the person, occasion, or theme for your personalised song. We process this information to generate lyrics and audio content on your behalf.
  • Communications. If you contact us at support@melodio.co, we collect the content of your messages, your email address, and any other information you choose to provide.

1.2 Information Collected Automatically

  • Device and Usage Information. When you visit the Site, we automatically collect information about your device and browsing activity, including your IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and other standard web log data.
  • Cookies and Similar Technologies. We use cookies and similar tracking technologies to operate and improve the Site. See Section 6 (Cookies) below for details.

1.3 Information from Third Parties

  • Google OAuth. When you sign in with Google, we receive basic profile information as described above, in accordance with Google's data sharing policies.
  • Meta Pixel. We use Meta Pixel (Facebook Pixel) for advertising analytics and conversion tracking. Meta may collect data about your interactions with the Site in accordance with Meta's Data Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide the Service. Processing your song prompts through our AI systems to generate personalised lyrics and audio content; managing your account and credit balance; delivering purchased content.
  • To Process Payments. Facilitating credit and subscription purchases through Stripe; sending purchase confirmations and invoices.
  • To Communicate with You. Responding to your enquiries and support requests; sending service-related notifications (e.g., account updates, subscription changes).
  • To Improve the Service. Analysing usage patterns and trends to enhance our Site and Service; diagnosing technical issues and maintaining security.
  • To Comply with Legal Obligations. Meeting our regulatory and legal requirements; responding to lawful requests from authorities.
  • For Advertising and Analytics. Measuring the effectiveness of our advertising campaigns via Meta Pixel; understanding how users discover and interact with the Site.

3. Legal Bases for Processing (UK GDPR)

If you are located in the United Kingdom or the European Economic Area, we rely on the following legal bases under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:

  • Performance of a Contract. Processing your data to provide the Service, manage your account, and process transactions (Article 6(1)(b)).
  • Legitimate Interests. Improving our Service, conducting analytics, preventing fraud, and ensuring Site security, where these interests are not overridden by your rights (Article 6(1)(f)).
  • Consent. Where required, for placing non-essential cookies (such as Meta Pixel) and sending marketing communications (Article 6(1)(a)). You may withdraw consent at any time.
  • Legal Obligation. Processing required to comply with applicable laws (Article 6(1)(c)).

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers. We share data with trusted third-party service providers who assist us in operating the Site and delivering the Service, including providers of payment processing, website hosting, cloud storage, authentication, AI content generation, and advertising analytics. These providers are contractually obligated to use your data only as necessary to perform services on our behalf and in compliance with applicable data protection laws.
  • Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or governmental request.
  • Business Transfers. In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With Your Consent. We may share your information for other purposes with your explicit consent.

5. International Data Transfers

Your information may be transferred to and processed in countries outside the United Kingdom, including the United States, where our service providers operate. Users in Canada and Australia should note that their data may also be transferred internationally. When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or reliance on adequacy decisions where applicable.

6. Cookies

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help us operate the Site and understand how you interact with it.

6.2 Cookies We Use

  • Essential Cookies. Required for the Site to function, including authentication session cookies and security tokens. These cannot be disabled.
  • Analytics and Advertising Cookies. Meta Pixel places cookies to track conversions from our advertisements and to build advertising audiences. These cookies are set only with your consent where required by law.

6.3 Managing Cookies

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may impair your ability to use the Site. For more information about cookies, visit allaboutcookies.org.

You can opt out of Meta's advertising cookies at: facebook.com/settings.

7. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide the Service. Specifically:

  • Account Data. Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements.
  • Generated Content. Songs and associated data are retained in your account until you delete them or request account deletion.
  • Payment Records. Transaction records are retained as required by applicable tax and accounting laws (typically 6 years in the UK).
  • Log Data. Automatically collected technical data is retained for up to 12 months.

8. Your Rights

8.1 UK and EEA Residents (UK GDPR / EU GDPR)

  • Right of Access. Request a copy of the personal data we hold about you.
  • Right to Rectification. Request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to Be Forgotten”). Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction. Request restriction of processing in certain circumstances.
  • Right to Data Portability. Receive your data in a structured, machine-readable format.
  • Right to Object. Object to processing based on legitimate interests, including for direct marketing purposes.
  • Right to Withdraw Consent. Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise these rights, contact us at support@melodio.co. We will respond within one month, as required by law. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose.
  • Request deletion of your personal information.
  • Opt out of the “sale” or “sharing” of your personal information. We do not sell personal information. Meta Pixel may constitute “sharing” under the CCPA; you can opt out via cookie settings.
  • Non-discrimination for exercising your rights.

To exercise these rights, contact us at support@melodio.co.

8.3 Canadian Residents (PIPEDA)

If you are a Canadian resident, under the Personal Information Protection and Electronic Documents Act (PIPEDA) you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
  • Challenge our compliance by filing a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Your personal information may be transferred to and processed in countries outside Canada, including the United States and the United Kingdom. To exercise your rights, contact us at support@melodio.co.

8.4 Australian Residents (Privacy Act 1988)

If you are an Australian resident, the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) provide you with the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate, out-of-date, incomplete, or misleading information.
  • Complain about a breach of the APPs.

Your personal information may be disclosed to overseas recipients located in the United States, the United Kingdom, and the European Union in connection with the service providers described in Section 4. By using the Service, you consent to such overseas disclosure. We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs.

If you are not satisfied with our handling of your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise your rights, contact us at support@melodio.co.

9. Account Deletion

You may request deletion of your account and all associated data by contacting us at support@melodio.co. Upon receiving your request:

  1. We will initiate the deletion process within 14 days.
  2. You will have a 14-day window from the initiation date to cancel the deletion request.
  3. If no cancellation is received, your account and all associated data (including generated songs) will be permanently deleted within 30 days from the original request date.

Certain data may be retained where required by law (e.g., transaction records for tax compliance).

10. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/SSL), secure authentication via Google OAuth, and access controls on our infrastructure. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at support@melodio.co.

12. Third-Party Links

The Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will update the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Melody Box Limited
Email: support@melodio.co
Website: https://melodio.co

This document is provided for informational purposes. We recommend consulting with a qualified attorney for legal advice specific to your situation.