Privacy Policy

Last updated: January 22, 2025

1. Introduction

Plugin Library ("we," "us," or "our") operates the Plugin Library website and service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, and password when you create an account. If you sign up using a social login (Google, GitHub, etc.), we receive your name and email from that service.
• Plugin Library Data: Information about the audio plugins you add to your library, including plugin names, manufacturers, categories, your notes, ratings, and custom tags.
• Session Information: Project descriptions and context you provide when using the session feature for personalized recommendations.
• Uploaded Content: Screenshots of your DAW or plugin manager that you upload for automatic plugin detection.
• Payment Information: When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card information. We do not store complete card numbers on our servers.
• Communications: If you contact us for support or feedback, we collect the content of your communications.

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including:

• Usage Data: Pages visited, features used, search queries, AI recommendation requests, and how you interact with the Service.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, referring URLs, and error logs.
• Cookies and Similar Technologies: See our Cookie Policy for details.

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Improve the Service

• Create and manage your account
• Store and organize your plugin library data
• Generate personalized AI recommendations based on your library and session context
• Process uploaded screenshots to detect plugins
• Process payments and manage subscriptions
• Respond to your inquiries and provide customer support

3.2 Personalization

• Improve the AI recommendation system based on usage patterns
• Customize search results and suggestions
• Remember your preferences and settings

3.3 Analytics and Improvement

• Understand how users interact with the Service
• Identify and fix bugs and technical issues
• Develop new features based on usage patterns
• Measure the effectiveness of our Service

3.4 Communication

• Send transactional emails (account verification, password reset, payment receipts)
• Send service-related announcements and updates
• Send marketing communications (with your consent, and you can opt out at any time)

3.5 Legal and Security

• Comply with legal obligations
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and other policies

4. Third-Party Services

We use third-party services to help us provide and improve the Service. These services may have access to your information as described below:

4.1 Authentication (Clerk)

We use Clerk for user authentication. Clerk processes your login credentials and manages your session. See Clerk's Privacy Policy.

4.2 Payments (Stripe)

We use Stripe to process payments. When you subscribe, Stripe collects and processes your payment information. We do not have access to your complete card number. See Stripe's Privacy Policy.

4.3 AI Services (Anthropic, OpenAI)

We use AI services to power our recommendation features and screenshot analysis. When you use these features:

• Your plugin library data and session context may be sent to AI providers to generate recommendations
• Uploaded screenshots are processed by AI vision services for plugin detection
• We do not send your personal account information (name, email) to AI services
• AI providers may retain data according to their policies for service improvement

See Anthropic's Privacy Policy and OpenAI's Privacy Policy.

4.4 Email (Resend)

We use Resend for transactional and marketing emails. Your email address and name may be shared with Resend for email delivery purposes. See Resend's Privacy Policy.

4.5 Hosting and Infrastructure (Cloudflare, Neon)

Our Service is hosted on Cloudflare infrastructure, and our database is hosted by Neon. These providers may have access to your data as necessary to provide their services.

4.6 Analytics

We may use analytics services to understand how users interact with the Service. These services collect anonymized or aggregated data about your usage.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active. After account deletion, we may retain certain data for up to 90 days for backup and recovery purposes.
• Plugin Library Data: Retained while your account is active. You can export your data at any time before deleting your account.
• Usage Data: Typically retained for 24 months for analytics purposes, then aggregated or deleted.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years).
• Support Communications: Retained for 2 years after resolution.

6. Your Rights and Choices

6.1 Access and Export

You can access your plugin library data through the Service at any time. You can export your complete library data in standard formats through your account settings.

6.2 Correction

You can update your account information and plugin library data directly through the Service.

6.3 Deletion

You can delete your account at any time through your account settings. Upon deletion:

• Your plugin library data will be permanently deleted
• Your account information will be deleted or anonymized
• Some data may be retained as required by law or for legitimate business purposes

6.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or updating your preferences in your account settings. Note that you cannot opt out of transactional emails related to your account.

6.5 Cookies

You can control cookies through your browser settings. See our Cookie Policy for details.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls limiting who can access your data
• Secure password hashing

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers.

9. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing of your data
• Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.

Legal Basis for Processing: We process your data based on:

• Contract performance (to provide the Service)
• Legitimate interests (to improve and secure the Service)
• Consent (for marketing communications)
• Legal obligations (for tax and regulatory compliance)

10. CCPA Rights (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about what personal data we collect and how we use it
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt out of the "sale" of your personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at [email protected] or use the tools in your account settings.

Categories of Information: In the past 12 months, we have collected:

• Identifiers (name, email, IP address)
• Commercial information (subscription history)
• Internet activity (usage data, search queries)
• Inferences (AI recommendations based on your library)

11. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending you an email notification for significant changes
• Displaying a notice in the Service

Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

• Email: [email protected]
• Support: [email protected]

For GDPR inquiries, you may also contact our Data Protection representative at the same address.