Voice data is more sensitive than most digital data. It uniquely identifies you, can be misused for fraud, and is increasingly classified as biometric data under privacy law. This page explains exactly what GiftSong does with your voice — not the legalese version, the plain-English version. If you have questions our Privacy Policy doesn't answer, email [email protected] and we'll add them here.
What we collect
One thing: a 30-second audio recording you make inside the iOS app. From that recording, our backend builds a mathematical voice model — essentially a vector representation of your vocal characteristics (timbre, pitch range, cadence). The original recording and the derived model are both stored.
We also collect:
- The text messages you write (input for lyric generation)
- The lyrics generated and the audio file produced
- Standard app analytics: device type, iOS version, anonymized usage events
We do NOT collect: your contacts, your photos, your other audio files, your location, your microphone access outside of the recording flow.
Where it lives
All voice data is stored on Cloudflare infrastructure (R2 object storage + D1 database) under accounts we control. Cloudflare's data centers are distributed globally; our configuration prefers regions in the EU (for European users), the US, and Singapore (for Asia-Pacific users) based on your IP at upload time.
Your voice sample, voice model, and generated songs are encrypted at rest using Cloudflare's standard encryption (AES-256-GCM). All data in transit is over TLS 1.3 only.
Who can access it
The short answer: nobody, automatically. The longer answer:
- You — through the iOS app and any web link to your generated songs.
- Cloudflare as the infrastructure provider — they have technical access to encrypted blobs but cannot read content without our keys.
- Third-party AI inference providers — when generating a song, your voice model is sent to inference services. These are reputable providers under contract with explicit no-retention, no-training clauses. The transmitted data is the voice model + lyrics, not raw audio.
- Our team (Junling) — has technical access for support purposes (e.g., investigating a bug a user reports). We do NOT routinely browse user data and have logging in place to track any such access.
- Law enforcement — only in response to valid legal process. We will notify you where legally permitted.
We do NOT sell, rent, share, or trade your voice data with marketers, ad networks, data brokers, or any other third party.
What we will not do
- We will never use your voice sample or generated songs to train shared, public, or third-party AI models.
- We will never share your voice data with advertisers or analytics partners.
- We will never publish your voice or songs publicly without your explicit action (you control share links).
- We will never accept uploaded audio files in lieu of live recordings — this is structural, not a policy choice.
- We will never quietly change retention policies without notifying users 30 days in advance.
Your right to delete
Open the GiftSong iOS app. Tap Settings → Voice → Delete voice model. The action takes effect within minutes:
- Your 30-second voice sample is deleted from R2 storage
- Your voice model is deleted from the inference cache
- You can no longer generate new songs in your old voice (you can re-record to create a new model)
Songs you previously generated are NOT auto-deleted — you can keep, share, and replay them. To delete an individual song, tap it in the app and select Delete. To delete all your data including account, message [email protected].
There is no "30-day grace period" or "Are you sure? (×3 prompts)" dark pattern. One tap, gone.
Subscription and billing data
If you subscribe, payment processing is handled entirely by Apple (App Store In-App Purchase). We never see your credit card number, billing address, or full payment method. We see only the subscription status (active / canceled / refunded) for the purpose of unlocking premium features.
What happens if GiftSong shuts down
If GiftSong ceases operations, we commit to:
- Notifying users at least 60 days before service shutdown
- Allowing data export of your voice model and songs during that window
- Permanent deletion of all user data on the shutdown date
- Not selling, transferring, or "transitioning" user data to a third party
This is documented in our Privacy Policy and is a binding commitment.
What if you find a security issue?
Email [email protected] with details. We'll respond within 48 hours. We don't have a formal bug bounty program (we're a one-person company), but we appreciate responsible disclosure and will publicly credit researchers who help us.
Comparison to industry norms
To put GiftSong's posture in context, here's how we compare to common practices in the voice AI space:
| Practice | Industry common | GiftSong |
|---|---|---|
| Accept uploaded audio | Most apps allow | Blocked |
| Use voice for model training | Often allowed by default ToS | Never |
| One-tap deletion | Often requires email request | Yes, in Settings |
| Sell to data brokers | Common in free apps | Never |
| Encryption at rest | Inconsistent | AES-256-GCM |
| Plain-language privacy doc | Rare | This page |
Why this matters for the technology category
Voice cloning gets bad press because the most visible use cases — scam calls, deepfake politicians, harassment campaigns — all involve cloning someone's voice without consent. Apps engineered for those use cases dominate the headlines and the regulatory crosshairs. GiftSong exists in a different segment: your own voice, your own gift, your own privacy. The way to keep this segment trustworthy is to be specific and explicit about what we do and don't do, which is the entire purpose of this page.
Bottom line
If you record your voice in GiftSong:
- It's encrypted, stored on Cloudflare, never used to train shared models, and deletable in one tap.
- It's never sold, shared with advertisers, or used outside generating your songs.
- You retain full control: delete your voice model, delete individual songs, or delete your entire account at any time.
If you have questions this page doesn't answer, please email [email protected] directly. The founder reads every message.