McRock Privacy Policy
Effective Date: December 24, 2025
Version: 1.0.1
Managed by: Differson LLC
CEO: Jina Shim
Website: www.differson.net
---
1. Introduction
McRock ("we", "our", "us") is owned and operated by Differson LLC. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the McRock app ("Service").
By using McRock, you consent to the data practices described in this policy.
---
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address (required for Firebase Authentication)
- Display name (username/artist name)
- Profile image (optional, if uploaded)
- Password (securely hashed, never stored in plain text)
2.2 User-Generated Content
We collect and store:
- AI chat conversations (messages exchanged with the AI assistant)
- Music generation prompts (descriptions and parameters for music creation)
- Generated music tracks (audio files, metadata, artwork)
- Custom lyrics (if provided by user)
- Artist profile information (bio, release count, follower/play counts)
- Vinyl track titles and descriptions (AI-generated based on conversations)
2.3 Payment Information
For royalty payments, we collect:
- PayPal email address (must match your McRock account email)
- Verification status (pending or verified)
- Connection timestamp
Note: We do NOT store credit card numbers, bank account details, or full payment credentials. Payment processing handled by PayPal.
2.4 Usage Data & Analytics
We automatically collect:
- Device information (iOS version, device model)
- App usage patterns (features used, session duration)
- Music streaming data (plays, skips, completion rates)
- Error logs (crash reports, API failures)
- IP address (for security and fraud prevention)
2.5 Firebase Services Data
We use Firebase services that collect:
- Authentication tokens (managed by Firebase Auth)
- Database operations (Firestore read/write logs)
- Storage access (file upload/download metadata)
- Analytics events (Firebase Analytics, if enabled)
2.6 Third-Party AI Services Data
Your interactions with AI services:
- OpenAI (GPT-4): Chat messages sent to OpenAI for AI responses and music prompt generation
- Suno AI: Music prompts sent to Suno AI for music generation
- Data processed by: OpenAI API, Suno API
These services have their own privacy policies (see Section 9).
---
3. How We Use Your Information
3.1 Service Functionality
- Account Management: Authentication, profile management, account settings
- AI Features: Generate music, chat assistance, vinyl track creation
- Music Library: Store, organize, and distribute your music
- Streaming: Play music from other users
- Analytics: Track plays, followers, and engagement metrics
- Royalties: Calculate and process royalty payments based on streaming counts
3.2 Communication
- Service Updates: Important announcements, feature updates
- Payment Notifications: Royalty payouts, withdrawal confirmations
- Support: Respond to inquiries sent to contact@differson.net
- Security Alerts: Unusual account activity, security issues
3.3 Service Improvement
- Analytics: Understand feature usage and user behavior
- Bug Fixes: Identify and resolve technical issues
- Feature Development: Improve existing features and develop new ones
- Performance Optimization: Enhance app speed and reliability
3.4 Legal & Security
- Fraud Prevention: Detect fake accounts, streaming manipulation
- Copyright Enforcement: Remove infringing content
- Terms Enforcement: Ensure compliance with Terms of Service
- Legal Compliance: Respond to valid legal requests
---
4. Data Storage & Security
4.1 Cloud Infrastructure
All data stored using Google Firebase:
- Firestore Database: "mcrock-database-real" (hosted by Google Cloud)
- Firebase Storage: Audio files, album artwork, profile images
- Firebase Authentication: User account credentials
- Server Location: United States (Google Cloud US data centers)
4.2 Security Measures
We implement industry-standard security:
- Encryption in Transit: HTTPS/TLS for all data transmission
- Encryption at Rest: Firebase encrypts data on Google Cloud servers
- Access Control: Firestore Security Rules restrict unauthorized access
- Authentication: Firebase Auth with secure password hashing
- API Keys: Stored securely, never exposed in client code
4.3 Access Restrictions
- User Data: Users can only access their own data
- Profile Images: Validated to prevent unauthorized uploads
- Payment Accounts: Manual verification required before payouts
- Admin Access: Limited to essential operations (verification, support)
4.4 Data Backups
- Firestore: Automatic backups by Google Firebase
- Storage Files: Redundant storage across multiple data centers
- Disaster Recovery: Google Cloud handles infrastructure resilience
---
5. Data Sharing & Third Parties
5.1 Third-Party Services We Use
#### OpenAI (GPT-4)
- Purpose: AI chat assistant, music prompt generation, vinyl track generation
- Data Shared: Your chat messages and conversation history
- Privacy Policy: https://openai.com/policies/privacy-policy
- Data Retention: Subject to OpenAI's retention policy
- Note: OpenAI may use data to improve their models (per their policy)
#### Suno AI
- Purpose: Music generation from text prompts
- Data Shared: Music generation prompts (description, style, mood)
- API Endpoint: https://api.sunoapi.org
- Privacy Policy: Check Suno AI website for current policy
- Data Retention: Subject to Suno AI's retention policy
#### Firebase (Google)
- Purpose: Authentication, database, file storage, analytics
- Data Shared: All user data (see Section 2)
- Privacy Policy: https://firebase.google.com/support/privacy
- Data Processing: Google processes data as per their terms
- GDPR Compliance: Firebase is GDPR compliant
#### PayPal (Payment Processing)
- Purpose: Royalty payouts to users
- Data Shared: PayPal email address only (must match McRock account email)
- Privacy Policy: https://www.paypal.com/privacy
- Note: We do NOT store PayPal API credentials or payment tokens
- Email Verification: PayPal email must match your McRock account email for security
5.2 We Do NOT Sell Your Data
- We do not sell, rent, or trade your personal information
- We do not share data with advertisers or data brokers
- Third-party services used only for functionality, not monetization
5.3 Legal Disclosures
We may disclose information if required by:
- Law Enforcement: Valid legal requests (subpoenas, court orders)
- Legal Obligations: Compliance with applicable laws
- Safety: Prevent harm, fraud, or illegal activities
- Rights Protection: Enforce our Terms of Service
---
6. Your Privacy Rights
6.1 Access & Portability
You have the right to:
- Access your personal data stored in McRock
- Download your data (email request to contact@differson.net)
- Export your generated music files
6.2 Correction & Updates
You can:
- Update your profile information via Settings
- Correct inaccurate data by contacting us
- Change your email address through account settings
6.3 Deletion Rights (Right to be Forgotten)
You can:
- Delete Account: Via Settings → "Delete Account"
- Request Data Deletion: Email contact@differson.net
- What Gets Deleted:
- Account information
- Private conversations
- Unreleased music files
- Personal settings and preferences
- What Remains:
- Released music (per license granted in Terms of Service)
- Public streaming data (anonymized after 90 days)
- Transaction records (required for financial compliance)
6.4 Opt-Out Rights
You can:
- Email Communications: Unsubscribe via email footer links
- Analytics: Disable analytics in Settings (if implemented)
- AI Services: Stop using AI features to prevent data sharing with OpenAI/Suno
6.5 GDPR Rights (EU Users)
If you are in the European Union, you have additional rights:
- Right to Restrict Processing
- Right to Data Portability
- Right to Object to certain data processing
- Right to Withdraw Consent at any time
To exercise GDPR rights: Email contact@differson.net with "GDPR Request" in subject
6.6 CCPA Rights (California Users)
If you are a California resident:
- Right to Know: What data we collect and how we use it
- Right to Delete: Request deletion of your data
- Right to Opt-Out: Of data sales (we do not sell data)
- Right to Non-Discrimination: We will not discriminate for exercising your rights
To exercise CCPA rights: Email contact@differson.net with "CCPA Request" in subject
---
7. Data Retention
7.1 Account Data
- Active Accounts: Retained indefinitely while account is active
- Inactive Accounts: Retained for 2 years of inactivity, then auto-deleted
- Deleted Accounts: Data removed within 30 days (except as noted below)
7.2 Content Retention
- Unreleased Music: Deleted when user deletes or account closes
- Released Music: Retained indefinitely (per Terms of Service license)
- Chat Conversations: Retained for 90 days, then auto-deleted
- Cached Audio: Deleted after 24 hours
7.3 Financial Records
- Payment Information: Retained for 7 years (tax/legal compliance)
- Transaction History: Retained for 7 years (financial audits)
- Royalty Calculations: Retained for 3 years (dispute resolution)
7.4 Legal Holds
Data may be retained longer if:
- Subject to legal investigation
- Required by court order
- Part of ongoing dispute
- Necessary for legal compliance
---
8. Children's Privacy
8.1 Age Requirement
- McRock requires users to be 13 years or older
- We do not knowingly collect data from children under 13
8.2 Parental Consent
- Users aged 13-17 should obtain parental permission before using the Service
- Parents may request deletion of minor's data by contacting us
8.3 COPPA Compliance
- We comply with the Children's Online Privacy Protection Act (COPPA)
- If we discover data from a child under 13, we will delete it immediately
To report underage users: Email contact@differson.net
---
9. Third-Party Links & Services
9.1 External Links
McRock may contain links to:
- OpenAI website
- Suno AI website
- PayPal payment portal
- Social media platforms (if shared)
We are not responsible for the privacy practices of external websites.
9.2 Third-Party Privacy Policies
Review these policies separately:
- OpenAI: https://openai.com/policies/privacy-policy
- Suno AI: Check their website for current policy
- Firebase/Google: https://firebase.google.com/support/privacy
- PayPal: https://www.paypal.com/privacy
---
10. International Data Transfers
10.1 Data Location
- Primary Storage: United States (Google Cloud)
- Firebase Services: May process data globally across Google data centers
- AI Services: OpenAI (US), Suno AI (location varies)
10.2 Transfer Mechanisms
- EU-US Data Transfers: Firebase complies with GDPR via Standard Contractual Clauses (SCCs)
- Privacy Shield: Google participates in EU-US Privacy Shield frameworks (where applicable)
10.3 Non-US Users
By using McRock, you consent to data transfer to the United States and other countries where our service providers operate.
---
11. Security Incidents & Breach Notification
11.1 Our Commitment
We take security seriously and monitor for:
- Unauthorized access attempts
- Data breaches
- System vulnerabilities
- Suspicious activity
11.2 Breach Notification
In the event of a data breach, we will:
- Investigate the incident immediately
- Notify Affected Users via email within 72 hours (GDPR requirement)
- Report to Authorities as required by law
- Provide Details: What data was affected, steps we're taking, how to protect yourself
11.3 What You Should Do
If you suspect unauthorized access:
- Change Password immediately
- Sign Out of all devices
- Contact Us: contact@differson.net
- Monitor Account: Check for unusual activity
---
12. Cookies & Tracking
12.1 Cookies
McRock is a native iOS app and does not use traditional web cookies.
12.2 Local Storage
We store data locally on your device:
- Authentication Tokens: For session management
- Cached Content: For offline access and performance
- User Preferences: Settings and configurations
12.3 Analytics
We may use Firebase Analytics to collect:
- App Usage: Features used, session duration
- Device Info: iOS version, device model
- Crash Reports: Error logs for debugging
You can opt-out by disabling analytics in Settings (if implemented).
---
13. Changes to This Privacy Policy
13.1 Updates
We may update this Privacy Policy to reflect changes in:
- Our practices
- Legal requirements
- New features or services
- User feedback
13.2 Notification
Material Changes: We will notify you via:
- Email to your registered address
- In-app notification
- Prominent notice in the app
Minor Changes: Updated on this page without notification
13.3 Effective Date
- Changes effective immediately upon posting
- Continued use after changes constitutes acceptance
- Check this page regularly: "Last Updated" date at top
---
14. Contact Us
For privacy questions, concerns, or requests:
Company: Differson LLC
CEO: Jina Shim
Email: contact@differson.net
Website: www.differson.net
Subject Line Suggestions:
- "Privacy Inquiry"
- "Data Deletion Request"
- "GDPR Request" (EU users)
- "CCPA Request" (California users)
- "Security Concern"
Response Time: We aim to respond within 7 business days
App Version: 1.0.0
Last Updated: December 24, 2025
---
15. Summary of Key Points
| What We Collect | Why We Collect It | Who We Share With |
|-----------------|-------------------|-------------------|
| Email, username, profile | Account management | Firebase (Google) |
| Chat messages | AI assistance | OpenAI GPT-4 |
| Music prompts | Music generation | Suno AI |
| Payment email | Royalty payouts | PayPal (manual verification) |
| Streaming data | Analytics, royalties | Not shared externally |
| Device info | Performance, debugging | Firebase Analytics |
Your Rights:
✅ Access your data
✅ Correct inaccurate data
✅ Delete your account
✅ Export your data
✅ Opt-out of emails
✅ GDPR/CCPA rights (if applicable)
We Do NOT:
❌ Sell your data
❌ Share data with advertisers
❌ Store payment credentials
❌ Collect data from children under 13
---
By using McRock, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices.
Thank you for trusting McRock with your creative journey! 🎵