Privacy Policy

Last updated: May 11, 2026

1. About this policy

This Policy describes how the Meloddy mobile app collects, uses, shares and protects users' personal data, in compliance with Brazil's General Data Protection Law (LGPD — Law 13.709/2018) and applicable regulations.

2. Who we are (controller)

SCALEDEV SOLUCOES DIGITAIS LTDA is the data controller for personal data processed in Meloddy. Contact: support@scaledev.online.

3. Personal data we collect

We collect the following data when you use Meloddy:

• Account data: name (optional), email, Apple ID or Google account identifier (only the ID, never the password).
• Song content: the information you provide to generate the song — recipient name, moment, story, music style, and the resulting lyrics/audio.
• Usage data: credits consumed, songs generated, in-app transaction history.
• Payment data: processed exclusively by Apple (StoreKit) or Google (Play Billing). We only receive purchase confirmation and transaction ID — never card data.
• Technical data: app version, device model, OS, language, timezone, IP address (server logs only, short retention).
• Push notification token: opaque device identifier issued by the operating system platform to notify you when your song is ready.
• Device identifiers: on iOS, IDFA is collected only if you authorize it via App Tracking Transparency. On Android we use the Advertising ID per device settings.

4. Purposes of processing

• Generate the personalized song according to the information you provide;
• Deliver the finished song and notify you when ready;
• Validate purchases with Apple/Google and record entitlements (credits, active subscription);
• Diagnose errors and crashes;
• Measure aggregate usage and improve features (analytics);
• Comply with legal and tax obligations.

5. Legal bases (LGPD)

• Contract performance (art. 7, V): to provide the song generation service, process payment and deliver content.
• Consent (art. 7, I): to send push notifications and collect IDFA via App Tracking Transparency.
• Legitimate interest (art. 7, IX): for security, fraud prevention and service improvement (aggregate analytics and crash reporting).
• Compliance with legal obligation (art. 7, II): to retain payment records (5 years) for tax compliance.

6. Sharing with third parties

We share personal data only with vendors that process data on our behalf (processors), under appropriate contractual agreements, and strictly within the categories necessary to operate the service:

• App stores (Apple App Store and Google Play): payment processing and subscription/purchase validation.
• Cloud infrastructure providers: API hosting, database and audio file delivery.
• Artificial intelligence providers: song generation (audio and lyrics) based on the text prompt you provide. We do not send account data or personal identifiers.
• Technical monitoring providers: error and performance reporting for diagnostics, with minimized collection of personally identifiable data.
• Messaging and notifications providers: push notifications and transactional emails (receipts, confirmations), where applicable.

We do not sell, rent or trade your personal data. A detailed list of subprocessors can be requested in writing from the DPO (see Section 14).

7. International data transfers

Some processors above handle data on servers outside Brazil. Where this happens, we ensure contractual clauses and equivalent protection standards as required by LGPD art. 33.

8. Data retention

• Active account: we keep your data while your account exists.
• After account deletion: we delete profile, songs, credits and usage history immediately. We retain only payment records for 5 years to comply with tax obligations.
• Unfinished drafts: automatically removed after 7 days of inactivity.
• Server logs: rotated within 90 days.

9. Your rights (LGPD)

You have the right to:

• Confirm whether we process your data;
• Access the data we hold about you;
• Correct incomplete, inaccurate or outdated data;
• Anonymize, block or delete unnecessary data or data processed in non-compliance with LGPD;
• Request data portability;
• Delete data processed under consent;
• Withdraw consent at any time;
• Object to processing based on legitimate interest.

To exercise any of these rights, email support@scaledev.online. Account deletion can also be done directly in the app under Account → Delete my account — see the Delete my account page.

10. Children's privacy

Meloddy is not directed to children under 13 (16 in some jurisdictions). We do not knowingly collect children's data. If you are a legal guardian and have identified that we have collected a child's data, contact us so we can remove it.

11. Security

We adopt reasonable technical and organizational measures to protect data against unauthorized access, loss or alteration. All communication with our servers is over TLS 1.2+. No system is 100% secure — in case of incident, we will notify affected users and the relevant authority as required by law.

12. Cookies and web tracking

This website (meloddy.app) is static and does not use tracking cookies, Meta Pixel, Google Analytics or similar. No data is collected when visiting these legal pages or the landing page.

13. Changes to this policy

This Policy may be updated periodically. Material changes will be communicated inside the app or by email. The current version is always available at meloddy.app/en/privacy.

14. Contact and DPO

• Email: support@scaledev.online
• WhatsApp: official channel