Privacy Policy

Last updated: October 30, 2024

1. Introduction

ssml2mp3.com ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

  • Account Information: Username, email address, password (encrypted)
  • Payment Information: Processed securely by Stripe (we do not store credit card details)
  • OAuth Data: If you sign in with Google, we receive your email and basic profile information

2.2 Usage Information

  • SSML Input: The text you submit for conversion (temporarily stored for processing)
  • Voice Selection: Which voice you choose for conversion
  • Usage Metrics: Number of characters converted, conversion timestamps
  • Audio Files: MP3 files generated from your SSML (stored temporarily)

2.3 Technical Information

  • IP address (for rate limiting and security)
  • Browser type and version
  • Device information
  • Access times and pages viewed

3. How We Use Your Information

  • Provide the Service: Process SSML to MP3 conversions
  • Account Management: Maintain your account, authenticate logins, send verification emails
  • Billing: Process payments and manage subscriptions via Stripe
  • Usage Tracking: Monitor character usage against your plan limits
  • Communication: Send important service updates and security notifications
  • Improvement: Analyze usage patterns to improve the Service
  • Security: Detect and prevent fraud, abuse, and security incidents

4. Data Storage and Retention

  • Account Data: Stored in Supabase (PostgreSQL) for the lifetime of your account
  • SSML Input: Not permanently stored; used only for conversion processing
  • Audio Files: Stored temporarily (up to 24 hours) then automatically deleted
  • Usage Logs: Retained for billing and analytics purposes
  • Deleted Accounts: Personal data is permanently deleted within 30 days of account closure

5. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication services
  • Stripe: Payment processing (see Stripe's Privacy Policy)
  • Azure Cognitive Services: Text-to-speech API for voice synthesis
  • Resend: Transactional email delivery
  • Google OAuth: Optional third-party login (see Google's Privacy Policy)

6. Data Sharing and Disclosure

We do not sell your personal information. We may share data in these limited circumstances:

  • Service Providers: Third parties that help us operate the Service (Stripe, Azure, etc.)
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Protection: To protect our rights, safety, or property

7. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and personal data
  • Portability: Export your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing emails (service emails still apply)

To exercise these rights, contact us at privacy@ssml2mp3.com

8. Cookies and Tracking

We use minimal cookies for essential functions:

  • Authentication Tokens: Stored in localStorage to keep you logged in
  • Session Cookies: For basic site functionality
  • We do not use third-party advertising or tracking cookies

9. Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Encrypted password storage (bcrypt hashing)
  • Secure authentication via JWT tokens
  • Regular security audits and updates
  • Payment data handled exclusively by PCI-compliant Stripe

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately.

11. International Data Transfers

Your data may be processed and stored in servers located outside your country. By using the Service, you consent to the transfer of your data to these locations.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our website. Your continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us at: