Privacy Policy
Last Updated: November 11, 2025
TL;DR: We only store metadata about your music files, not the files themselves. Your actual media files stay on your device and stream directly from there. We don't sell your data to third parties.
1. Introduction
Welcome to Toldya. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our service.
Information We Collect
Understanding what data we gather
2.1 Account Information
When you create an account, we collect:
- Email address - For account creation and communication
- Full name - To personalize your experience
- Password - Stored securely using industry-standard hashing
- Subscription plan - To manage your service level
2.2 OAuth Authentication
If you sign in using third-party services (Google, Apple, Instagram, TikTok), we collect:
- Your email address from the OAuth provider
- Your name from the OAuth provider
- A unique identifier from the OAuth provider
Note: We do not receive or store your passwords from OAuth providers.
2.3 Media Metadata
When you use the Toldya Companion software, we collect metadata about your media files:
- Song titles, artists, albums, genres
- File sizes, durations, bitrates
- Album artwork URLs
- File hash (for deduplication)
Important: We do NOT store your actual media files on our servers. Files remain on your local device and are streamed directly from there.
2.4 Usage Information
We automatically collect certain information about how you use the Service:
- Login times and activity logs
- Features used and preferences
- Device information (browser type, operating system)
- IP address and general location
2.5 Payment Information
If you subscribe to a paid plan:
- Payment processing is handled by Stripe (our payment processor)
- We do not store your full credit card numbers
- We store only the last 4 digits and card type for reference
How We Use Your Information
Understanding our data practices
We use the collected information for the following purposes:
| Purpose | Data Used |
|---|---|
| Provide the Service | Account info, media metadata, usage data |
| Authenticate users | Email, password, OAuth tokens |
| Process payments | Payment information via Stripe |
| Send notifications | Email address |
| Improve the Service | Usage data, feedback |
| Customer support | Account info, usage logs |
Data Storage and Security
How we protect your information
4.1 Where We Store Data
- Database: User accounts and metadata stored in secure MySQL database
- Local Storage: Your media files remain on your device
- Cookies: Authentication tokens stored in browser cookies (30-day expiration)
4.2 Security Measures
We implement industry-standard security measures:
- Passwords hashed using bcrypt
- HTTPS encryption for all data transmission
- Secure authentication tokens
- Regular security audits and updates
- Access controls and monitoring
4.3 Data Retention
- Active accounts: Data retained while account is active
- Deleted accounts: Data deleted within 30 days of account deletion
- Inactive accounts: Accounts inactive for 2+ years may be deleted
- Legal requirements: Some data may be retained longer if required by law
Your Rights and Choices
Control over your personal data
6.1 Access and Control
You have the right to:
- Access: View all personal data we have about you
- Update: Correct or update your account information
- Delete: Request deletion of your account and data
- Export: Download your data in a portable format
- Opt-out: Unsubscribe from marketing emails
6.2 How to Exercise Your Rights
To exercise any of these rights:
- Visit your Account Settings page
- Contact us at privacy@toldya.com
- We will respond within 30 days
7. Cookies and Tracking
We use cookies and similar technologies for:
- Authentication: Keep you logged in (30-day cookie)
- Preferences: Remember your settings
- Analytics: Understand how you use the Service
You can control cookies through your browser settings, but this may affect Service functionality.
Additional Policies
Important information about privacy
8. Children's Privacy
Toldya is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.
10. Changes to This Privacy Policy
We may update this privacy policy from time to time. We will notify you of any material changes by:
- Posting the new policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes
11. Contact Us
If you have questions or concerns about this privacy policy or our data practices, please contact us:
Email: privacy@toldya.com
Website: www.toldya.com
Response Time: We aim to respond within 48 hours
Regulatory Compliance
CCPA and GDPR rights
12. Your California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to say no to the sale of personal information
- Right to access your personal information
- Right to equal service and price
13. GDPR Compliance (EU Users)
If you are in the European Union, you have rights under the General Data Protection Regulation (GDPR):
- Right to access your data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing