Legal

Privacy Policy

Last updated: April 24, 2026

PhantomRack ("PhantomRack," "we," "us," or "our") is an AI-powered vocal chain generator operated as a sole proprietorship by Michael, based in California, United States. This Privacy Policy explains what information we collect when you use PhantomRack at phantomrack.ai (the "Service"), how we use it, who we share it with, and the rights you have over your information.

By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

We collect the following categories of information:

Account information

When you sign in, our authentication provider Clerk collects your email address, name, profile image, and any identifiers returned by the OAuth provider you use (such as Google or GitHub). We access a unique Clerk user ID to associate your account with your chains.

Audio you upload

To generate a vocal chain, you upload a reference track and may optionally upload a dry vocal. These files are stored in our Supabase Storage bucket and sent to third-party AI processors (see Section 3) for analysis. You must have the legal right to upload any audio you submit.

Generated content and metadata

We store the analysis results the AI produces (a structured list of effects and parameters), the Ableton .adg preset generated from it, and audio fingerprint metrics (spectral brightness, stereo width, modulation, harmonic profile, pitch stability, dynamics) derived from your uploads.

Feedback you provide

When you rate a chain, rate individual effects, or submit product feedback, we store your rating and any comment text you write, along with a timestamp and (for chain and effect feedback) the associated chain identifier.

Technical and usage data

Our servers automatically log IP addresses, user-agent strings, request paths, and timestamps for security, debugging, and rate-limiting. Clerk stores authentication session cookies in your browser, which are required for you to stay logged in.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service — authenticate you, process your audio, generate and deliver vocal chain presets.
  • Improve the Service — analyze aggregate feedback and fingerprint data to refine our AI prompts and outputs.
  • Communicate with you about the Service, respond to support requests, and send important account notices (transactional emails).
  • Send product updates, announcements, tips, and promotional emails (marketing emails). By creating an account or providing your email address, you consent to receive these communications. You can unsubscribe at any time using the link in any marketing email — this will not affect transactional emails.
  • Secure the Service — detect abuse, enforce rate limits, and prevent fraud.
  • Comply with legal obligations.

We do not sell your personal information, and we do not use your uploaded audio to train third-party AI models outside of the per-request processing required to generate your chain.

3. Third-Party Service Providers

PhantomRack relies on the following sub-processors to deliver the Service. Each handles data under their own privacy terms, which we encourage you to review:

  • Clerk — authentication, user accounts, session management.
  • Supabase — PostgreSQL database and object storage for audio files and chain records.
  • Google (Gemini API) — primary AI model for audio analysis. Your reference audio is transmitted to Google for processing on a per-request basis.
  • Replicate — GPU-based vocal isolation (Demucs) when enabled.
  • Railway — application hosting and infrastructure.
  • Klaviyo — email marketing platform. We share your email address and basic account/usage events with Klaviyo to send transactional and marketing emails and to measure their effectiveness.

We share only the information each provider needs to perform its function. We do not share your personal information with advertisers.

4. Data Retention

We retain your account information, chains, uploaded audio, generated presets, and feedback for as long as your account is active. You can delete individual chains at any time from the "My Chains" page, which removes the associated audio and analysis from our systems. If you wish to delete your account entirely, contact us at [email protected]. We may retain backups and log data for a reasonable period for security and legal compliance.

5. Your Privacy Rights

Depending on where you live, you may have the following rights over your personal information:

  • Right to know / access — request a copy of the personal information we hold about you.
  • Right to delete — request that we delete your personal information.
  • Right to correct — request that we correct inaccurate information.
  • Right to portability — request a machine-readable copy of your data.
  • Right to opt out of sale or sharing of personal information (we do not sell or share personal information as those terms are defined under the CCPA/CPRA).
  • Right to non-discrimination for exercising any of the above rights.

To exercise any of these rights, email us at [email protected]. We will verify your request and respond within the timeframe required by applicable law.

California residents: Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the rights listed above. The categories of personal information we collect are: identifiers (email, user ID, IP address), customer records (name), internet activity (usage logs), audio (uploaded reference and vocal files), and inferences drawn from audio fingerprints. We collect this information to provide and improve the Service as described above. We retain it as described in Section 4. We do not sell personal information and have not done so in the preceding 12 months.

6. Security

We protect your information with industry-standard measures: HTTPS for all network traffic, Helmet security headers, CORS-restricted API access, rate limiting, and scoped database access. No system is perfectly secure, and we cannot guarantee absolute security of your data. You are responsible for keeping your account credentials safe.

7. Children's Privacy

The Service is not directed to children under 13 and we do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal information, contact us and we will delete it.

8. International Users

PhantomRack is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and in the regions where our sub-processors operate. By using the Service, you consent to that transfer.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated via the Service or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy or your personal information? Reach us at [email protected].