Songware is launching soon
SONGWAREOpen web app
Back to Songware

Privacy Policy

Last updated: May 5, 2026

1. Who we are

Songware (the “App”) is operated by FourSource d.o.o., a company based in Croatia, European Union. We are the data controller for personal data processed through the App.

For any privacy-related question or request, contact us at [email protected]. Our full registered address is available on request.

The App is available worldwide. We process personal data in line with the EU General Data Protection Regulation (GDPR), which sets the baseline of rights described below for all users.

2. Data we collect

Account data — when you register or sign in:

  • Email address, display name, and (optional) profile picture
  • Authentication identifiers (a unique account ID; provider ID if you sign in via Apple, Google, or another third-party provider)
  • Your password is never stored in plain text

User Content — what you create or share in the App:

  • Audio recordings, project files, and related media
  • Project metadata (titles, descriptions, tags) and sharing settings
  • Comments and messages exchanged with collaborators

Usage and technical data — collected automatically:

  • Device type, operating system, and App version
  • IP address (security, abuse prevention, approximate location)
  • Interaction events and crash reports for analytics and bug fixing

Subscription data — if you purchase a paid feature:

  • Subscription status, plan, and renewal events
  • All payments are handled by Apple App Store and Google Play. We never receive or store your payment card or banking details.

We do not knowingly collect special categories of personal data (health, biometric, political, etc.).

3. Why we process your data

  • Providing the service — running the App, hosting your User Content, enabling collaboration (legal basis: contract)
  • Account and subscription management — authentication, support, managing your subscription status (legal basis: contract; legal obligation for accounting)
  • Security and abuse prevention — detecting fraud and security incidents (legal basis: legitimate interest)
  • Product analytics and bug fixing — understanding usage to improve the App (legal basis: legitimate interest, or consent where required)
  • Service communications — important notices about your account or the service (legal basis: legitimate interest); marketing only with your consent
  • Legal compliance — responding to lawful requests (legal basis: legal obligation)

4. Sharing

We do not sell your personal data. We share data only:

  • With other users, according to your sharing settings — when you collaborate or share content
  • With our service providers (processors) listed below, under a data processing agreement and only for the purpose of providing their service to us
  • With competent authorities when legally required
  • In a corporate transaction (merger, acquisition), with prior notice to you

5. Third-party services

The App relies on the following providers, each acting as our data processor under their own published security and privacy commitments:

  • Google Firebase — authentication, cloud storage, push notifications, and analytics
  • Sentry — error tracking and crash reporting
  • Apple App Store / Google Play — distribution and all in-app purchase processing

Some of these providers may transfer data outside the European Economic Area. Where this happens, transfers are safeguarded by mechanisms recognised under GDPR (such as Standard Contractual Clauses).

6. Data retention

  • Account and User Content — kept while your account is active, plus a short grace period for recovery
  • After account deletion — most personal data is deleted within 30 days; limited data may be retained longer where legally required (e.g. billing records) or to defend legal claims
  • Analytics — retained in aggregated or anonymised form
  • Backups — overwritten in normal backup rotation

7. Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS), encryption at rest where applicable, access controls, and regular security reviews. No system is fully secure, however, and we cannot guarantee absolute security.

8. Your rights

Under GDPR you have the right to:

  • Access, correct, or delete the personal data we hold about you
  • Object to or restrict processing
  • Receive your data in a portable format
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with a data protection supervisory authority — in Croatia, AZOP (azop.hr); EU users may also contact the authority in their country of residence

Users outside the EU may have additional or different rights under their local law and can exercise them by contacting us. To exercise any of the above, write to [email protected]; we respond within the timeframe required by law (typically one month).

9. Children

The App is not intended for children under 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced through the App or by email. Continued use of the App after changes take effect means you accept the updated policy.