Last updated: October 22, 2025

Privacy Policy

Next Song

Introduction

Thank you for using Next Song (the "App") and visiting our websites, including nextsong.ai and any web dashboards or web apps we operate (collectively, the "Website").

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our services (the "Services"), and describes your rights.

Short version: We collect the minimum data needed to authenticate you, run subscriptions and coins, provide song recognition and AI-powered suggestions, keep the Services reliable and secure, and, if you consent, measure usage and show ads. We never sell your data.

1) Who we are (Data Controller)

Controller: Next Song ("we", "us")

Registered location: Lausanne, Switzerland

Contact: contact@nextsongai.com

If you are in the EEA/UK, we rely on standard contractual clauses with processors outside your region. If required by law, we may appoint an EU/UK representative; details will appear here when applicable.

2) Scope

This Policy applies to:

  • The mobile apps published on the Apple App Store and Google Play.
  • The Website and any sub-pages (including marketing pages and authenticated dashboards).
  • Customer support interactions, emails, and feedback channels.

This Policy does not apply to third-party services you access independently (for example, Spotify or Apple Music) under their own privacy terms.

3) The data we collect

We collect data in three ways: (A) you provide it, (B) we collect it automatically, and (C) we receive it from third parties.

A. Data you provide

  • Account data: Email address (or Apple/Google account identifiers), display name (optional), profile image (optional). Managed primarily via Firebase Authentication.
  • Subscriptions and entitlements: Purchase receipts, product identifiers, entitlement status, platform IDs. Managed via RevenueCat (which reads App Store or Play purchase receipts).
  • Requests and support: Messages you send to us (for example, email or in-app forms), bug reports, and any attachments.
  • Preferences and consent: Language, notification preferences, cookie or consent settings.

B. Data collected automatically

  • Usage data: Screens opened, features used, session timestamps, in-app events (for example, coins spent, suggestion flows). Typically aggregated or pseudonymous via Firebase Analytics or similar.
  • Device and app data: App version, OS, device model, timezone, approximate location from IP (city or region level), resettable ad IDs (IDFA/AAID) when available and consented.
  • Diagnostics: Crash logs, performance traces, and limited contextual state at the time of a crash via Firebase Crashlytics (and/or equivalent tools).
  • Cookies and similar tech (Website): HTTP cookies, local storage, session storage, and SDKs used for authentication, analytics, fraud prevention, and, if consented, marketing or ads. See section 10 for details.

C. Data from third parties

  • Store platforms: Apple and Google provide purchase or receipt data for subscription validation.
  • RevenueCat: Subscription status, product identifiers, sandbox vs. production, cancellation or refund indicators.
  • Ad networks (if enabled): For example, Google AdMob or Unity Ads, which may receive your ad ID and coarse device info to deliver ads (personalized only with your consent in EEA/CH/UK). See section 9.
  • Music and metadata services: We use recognition and metadata providers (for example, ShazamKit on iOS, Spotify for track metadata) to identify the current song and fetch artwork or metadata. We do not receive your streaming account credentials.
  • AI providers: We send prompt context (for example, recognized track, genres, and language) to OpenAI to generate suggestions. We do not send raw audio. We minimize personal data in prompts.

Special categories: We do not intentionally collect sensitive data (for example, health, biometric, or political opinions).

4) Purposes and legal bases

We use personal data for the purposes below, with the following legal bases:

  • Provide and operate the Services: Authentication, session management, coins balance, song recognition, suggestions, entitlements. Legal basis: Contract (Art. 6(1)(b) GDPR).
  • Payments and subscriptions: Validate purchases via platform receipts or RevenueCat; handle upgrades and downgrades. Legal basis: Contract; Legal obligation (tax or audit).
  • Analytics and product improvement: Feature adoption, crash analysis, performance, A/B tests. Legal basis: Consent where required; otherwise Legitimate interests.
  • Advertising (if enabled): Show ads (personalized only with consent in EEA/UK/CH); frequency capping, fraud prevention. Legal basis: Consent (for personalized or identifier-based ads).
  • Security and abuse prevention: Detect fraud, abuse, and service misuse; protect accounts. Legal basis: Legitimate interests; Legal obligation.
  • Communications: Support replies, service notices, policy changes. Legal basis: Contract; Legitimate interests.

Where we rely on consent, you can withdraw it at any time (see section 11). Where we rely on legitimate interests, we balance them against your rights (see section 12).

5) How we use AI providers safely

We share only what is necessary for the feature (for example, track metadata, genre context, and language) with OpenAI to generate suggestions. We avoid including direct identifiers about you. OpenAI may process data in the U.S. and other regions. We use contractual safeguards and data minimization.

6) Data sharing and recipients

We do not sell your personal data. We share it only with:

  • Infrastructure and analytics: Google Firebase (Auth, Firestore, Functions, Analytics, Crashlytics, Remote Config), managed hosting or CDN, logging and monitoring providers.
  • Monetization: RevenueCat (entitlements), Apple App Store or Google Play (billing), ad networks or mediation (for example, Google AdMob, Unity Ads) if ads are enabled in your region and consented.
  • Music and metadata services: ShazamKit (on-device recognition on iOS), Spotify for metadata or artwork.
  • AI: OpenAI for suggestion generation (see section 5).
  • Customer support and comms: Email and helpdesk tools we use to respond to requests.
  • Professional advisors and authorities: Accountants, auditors, legal counsel; regulators or law enforcement when required by law.

Each recipient acts either as our processor (under contract) or a separate controller (for example, Apple or Google for store purchases). We require processors to protect data appropriately.

7) International transfers

We may transfer data to countries outside Switzerland, the EEA, or the UK (for example, the United States) where our processors are located. When we do so, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions. Copies of relevant SCCs can be requested (subject to redactions) via contact@nextsongai.com.

8) Data retention

We retain personal data only as long as needed for the purposes described or as required by law:

  • Account and subscription records: Kept while your account is active and for up to 6 years thereafter for tax, audit, or legal compliance (jurisdiction-dependent).
  • Usage and analytics data: Typically aggregated or pseudonymized; raw event data retained for a limited window consistent with analytics defaults and operational needs.
  • Coins, sessions, and results: Operational data retained only as needed to provide the feature and prevent abuse; ephemeral sessions and caches expire automatically.
  • Crash logs: Rotating retention to diagnose and fix issues.
  • Support tickets: For as long as necessary to address your request and maintain auditability.

When data is no longer needed, we delete or irreversibly anonymize it.

9) Advertising and tracking

  • In the EEA, UK, and Switzerland, we obtain your consent before using identifiers (for example, IDFA or AAID) for personalized ads or non-essential cookies or SDKs. You can refuse or withdraw consent without affecting core features.
  • If you do not consent, you may still see non-personalized or contextual ads (which do not use your ad ID for profiling).
  • On iOS, you can control ad tracking via Settings → Privacy and Security → Tracking. On Android, see Settings → Google → Ads.

10) Cookies and similar technologies (Website)

We use:

  • Strictly necessary cookies: Security, authentication, and load balancing.
  • Analytics cookies or SDKs: For example, Firebase or GA, with your consent in applicable regions.
  • Advertising cookies or SDKs: Only if you consent.

You can manage cookie preferences via our cookie banner at first visit and anytime thereafter (link in footer). Browser settings can also block or delete cookies; doing so may affect site functionality.

11) Your choices and controls

  • Consent management: Use the in-app or website privacy settings or the cookie banner to grant or withdraw consent.
  • Email preferences: Unsubscribe links are provided in non-essential emails.
  • Ad preferences: Reset your ad ID and adjust OS-level ad or tracking settings (see section 9).

12) Your privacy rights

Depending on your location (for example, Switzerland nLPD, EEA/UK GDPR, California CCPA/CPRA), you may have rights to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing (including profiling).
  • Data portability (receive data in a commonly used format).
  • Withdraw consent at any time, where processing is based on consent.
  • Not be subject to automated decisions producing legal or similarly significant effects (we do not engage in such decisions).

To exercise rights, email contact@nextsongai.com. We may need to verify your identity. If we cannot resolve an issue, you may have the right to contact your local supervisory authority (for example, FDPIC in Switzerland; an EU data protection authority in your member state; ICO in the UK).

For California residents, we do not sell or share personal information as defined by the CCPA/CPRA. You may request disclosure, correction, or deletion of personal information as above.

13) Security

We implement technical and organizational measures to protect personal data, including encryption in transit (TLS), role-based access controls, and least-privilege defaults. No system is 100% secure; please notify us immediately at contact@nextsongai.com if you suspect an issue.

14) Children's privacy

The Services are not directed to children. You must be at least 16 in the EEA/UK/CH (or the age of digital consent in your country) and 13 elsewhere to use the Services. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to delete it.

15) Third-party links

The Services may contain links to third-party sites or services. Their privacy practices are governed by their own policies, which we do not control. Please review them before providing personal data.

16) Changes to this Policy

We may update this Policy from time to time. When we do, we will change the "Last updated" date above and, when appropriate, provide additional notice (for example, in-app message or email). Material changes will take effect no sooner than 7 days after notice unless legally required sooner.

17) Contact us

Questions or requests about this Policy or your data?

Email: contact@nextsongai.com

Postal: Next Song - Privacy, Lausanne, Switzerland

18) Summary of key processors (informative)

  • Google Firebase: Authentication, Firestore or Database, Functions, Analytics, Crashlytics, Remote Config.
  • RevenueCat: Subscriptions and entitlements; reads App Store or Play receipts.
  • Apple App Store and Google Play: Billing platforms.
  • Ad networks or mediation: For example, Google AdMob or Unity Ads, only if enabled and consented where required.
  • OpenAI: Suggestion generation; minimized prompt data; no raw audio.
  • Spotify: Track metadata and artwork.

Install our app!

Free to download on iOS and Android.

Rated 4.8 by our community. Hope you enjoy using it!

QR Code to download app

©Copyright2025 Next Song AI | All rights reserved