Privacy Policy
1. Introduction
At Ponlaya ("we", "us", "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use Ponlaya (the "Service"). It is read together with our Terms of Service. By using the Service, you agree to the practices described in this policy.
2. Information We Collect
2.1 Information You Provide
When you use Ponlaya, we collect information you actively provide through your interactions with the Service. This includes your Google account name and email address obtained during sign-in, the text prompts you write to generate playlists, any playlist titles you create or that are auto-generated from your prompts, email addresses of collaborators you invite, and comments you post on shared playlists. All of this data is stored server-side to enable the core functionality of the Service. Text prompts are transmitted to an AI model solely to generate playlist results and are not used to train models or retained by the provider beyond the scope of processing.
| Data | Description |
|---|---|
| Google name & email | Collected via Google OAuth sign-in for identity and session management |
| Text prompts | Natural language descriptions you enter to generate playlists |
| Playlist titles | Created by you or auto-generated by AI from your prompt |
| Collaborator emails | Email addresses entered when inviting others to share a playlist |
| Comments | Text posted on shared playlists |
2.2 Information Collected Automatically
In addition to what you provide directly, certain technical data is collected automatically when you use the Service. This is limited to what is necessary to keep your session active and to ensure the Service operates correctly and securely.
| Data | Description |
|---|---|
| Session data | Maintains your authenticated state after sign-in |
| Usage and technical data | General interaction data used to monitor performance and security (e.g., error logs, request metadata) |
We do not collect payment information. No financial data of any kind is processed through the Service.
3. How We Use Your Information
We use your data exclusively to operate and improve the Service. We do not use it for advertising, behavioral profiling, or any purpose unrelated to providing Ponlaya's functionality. Specifically, your data allows us to authenticate your identity and maintain your session, process your prompts to generate AI-curated playlists, send playlist invitations to collaborators you specify, monitor performance and diagnose errors, and detect and prevent misuse or unauthorized access.
| Purpose | Description |
|---|---|
| Authentication | To verify your identity and manage your session via Google OAuth |
| Playlist generation | To process your prompts and generate AI-curated playlists |
| Collaboration | To send playlist invites to collaborators you specify by email |
| Service improvement | To monitor performance, diagnose errors, and improve the user experience |
| Security | To detect and prevent misuse or unauthorized access |
4. Third-Party Services
Ponlaya relies on a set of third-party services to function. Each of these providers operates independently under its own privacy policy, and by using the Service you acknowledge that they may collect and process data in accordance with their own terms.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google OAuth | User authentication | https://policies.google.com/privacy |
| YouTube Embed API | In-app video playback | https://www.youtube.com/t/terms |
| Vercel | Web hosting and content delivery | https://vercel.com/legal/privacy-policy |
When you use the in-app player, video content is served directly from third-party servers to your browser. Those platforms may set their own cookies and collect viewing data independently of Ponlaya and beyond our control.
5. Data Sharing
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances: with the service providers listed in Section 4, solely to operate the Service; with collaborators you invite, who can see your playlist title, prompt, and track list according to the role you assign them; and as required by law, if we receive a valid legal request such as a court order or subpoena.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Once an account is deleted or a specific item is removed, data is deleted in accordance with the timelines below.
| Data type | Retention |
|---|---|
| Account info (name, email) | Retained while your account is active |
| Prompts, playlist titles, tracks | Retained until you delete the playlist or request account deletion |
| Collaborator emails & invites | Retained until the invite is revoked |
| Comments | Retained until manually deleted or account is removed |
7. Cookies and Tracking
Ponlaya uses minimal cookies required to maintain your authenticated session. We do not use advertising cookies or behavioral tracking cookies. Third-party services embedded in the app may set their own cookies independent of our control. You may manage cookie preferences through your browser settings.
8. Data Security
We implement appropriate technical and organizational measures to protect your data. These include HTTPS encryption for all data in transit, secure server hosting via Vercel, session-based access control for all protected routes, and role-based access control for shared playlists. No system is completely secure, and we encourage you to use strong credentials and revoke playlist access when no longer needed.
9. Your Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data. These may include the right to access, correct, delete, restrict, or port your data, as well as the right to object to certain types of processing or to lodge a complaint with a data protection authority. To exercise any of these rights, contact us at biz@themeteorlab.io.
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Correction | Request correction of inaccurate information |
| Deletion | Request deletion of your data |
| Restriction | Request that we limit how we use your data |
| Objection | Object to certain types of processing |
| Portability | Request your data in a portable format |
| Complaint | Lodge a complaint with a data protection authority in your jurisdiction |
10. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy at any time. Changes will be posted on this page. For significant changes, we will make reasonable efforts to notify you via the email associated with your account. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
12. Governing Law
This Privacy Policy is governed by the laws of the Republic of Peru.
13. Company Information
For any privacy-related questions, requests, or concerns, contact us at: biz@themeteorlab.io