polarity
Platform
PolarityStorefront, catalogue, CRM & tools InfluxEmail marketing & unified inbox
Pricing Resources
Sign in Start your store
legal

Polarity Privacy Policy

Effective date: 5 July 2026
Last updated: 5 July 2026

Polarity ("Polarity", "we", "us", or "our") provides music producers with a hosted storefront, email and automation tools, an inbox, and AI assistants. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices and rights you have. It applies to polarity.fm, app.polarity.fm, the tenant storefronts we host, and the Polarity products and services (together, the "Services").

Please read it alongside our Terms of Service. If you do not agree with this policy, do not use the Services.

1. Who we are

The Services are operated by Polarity Tech Inc., a Delaware C-corporation in the United States, with a registered agent at Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, US ("Polarity"). For any privacy question, or to exercise your rights, contact us at admin@polarity.fm.

Polarity acts as a data controller for the information we collect about account holders (producers) and about visitors to polarity.fm. For personal data that a producer loads into their own store, CRM, or connected accounts to run their business, Polarity acts as a data processor on that producer's behalf, and the producer is the controller of that data.

2. Google user data and Limited Use (Gmail connection)

This section governs data we access through Google APIs when you connect a Google account to Influx Inbox. It controls in the event of any conflict with the rest of this policy.

Limited Use commitment. Polarity's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What we access. If you connect your Gmail account to Influx Inbox, you grant the scopes gmail.modify and gmail.send. With them we read your messages and their metadata to display, organize, categorize, and search your inbox, and we send messages and replies that you compose or approve. We request the narrowest scopes that provide these features.

How we use it. We use your Google data solely to provide the user-facing features of Influx Inbox for you: showing your mail, triaging and categorizing it, surfacing customer context, drafting and sending replies you approve, and managing your mailbox as you direct (marking messages read, archiving, labeling, and screening unwanted mail, using the gmail.modify scope). We do not use your Google data to develop, train, or improve generalized products or models, and we do not use it for any other purpose.

What we never do.

  • We do not use your Gmail data to train, develop, or improve generalized or non-personalized machine-learning or AI models. Any AI processing is performed to deliver a feature to you and only to you.
  • We do not transfer your Google data to others except as necessary to provide these features, to comply with applicable law, or as part of a merger or acquisition where the recipient honors this policy.
  • We do not sell your Google data and we do not use it for advertising.
  • We do not allow humans to read your Gmail content, except: (a) with your affirmative consent for specific messages, (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized. Support access to your mailbox is gated behind an explicit, per-request consent step.

Retention and revocation. We retain the minimum Gmail data needed to provide the inbox, and we do not retain your Workspace data to train or improve models. You can disconnect Gmail at any time from Influx Inbox settings or by revoking access at myaccount.google.com/permissions. On disconnection we delete the stored Gmail content and tokens associated with that connection, subject to short-lived backups and any legal retention obligation.

3. Information we collect

Information you provide:

  • Account data: your name, email address, and a securely hashed password.
  • Billing data: subscription tier and payment status. Card payments are processed by Stripe. We do not receive or store full card numbers.
  • Business content: the data you load into the Services to run your business, such as your beat catalog, storefront configuration, customer records, email lists and campaigns, and files you upload.
  • Communications: messages you send us for support.

Information from connected services (only if you connect them):

  • Google / Gmail: as described in Section 2.
  • Other integrations you choose to connect, if and when available, limited to what each integration requires.

Information collected automatically:

  • Usage and log data: actions in the app, timestamps, approximate location derived from IP, device and browser type, and error diagnostics.
  • Cookies and similar technologies: see Section 11.

Buyer behavior on producer storefronts. We do not currently track the on-site browsing or click behavior of a producer's customers across the storefronts we host, and we do not attach browsing behavior to a buyer's account or CRM profile. If we introduce such features in the future, we will update this policy, and the producer (as the controller of their customers' data) and Polarity will provide the notices and choices the law requires before it takes effect.

4. How we use information

We use information to:

  • provide, operate, secure, and maintain the Services;
  • authenticate you and protect your account;
  • process subscriptions and payments;
  • provide the AI features described in Section 5;
  • deliver and improve features, and develop new ones (using our own platform and usage data, never your connected Gmail content for generalized model training);
  • communicate with you about your account, security, and service changes;
  • detect, prevent, and investigate fraud, abuse, and security incidents;
  • comply with legal obligations and enforce our Terms.

5. AI features and your data

Some features (inbox categorization, screening, summaries, drafting, and the Copilot assistant) use large language models to process the specific content you ask them to act on.

  • AI processing is performed per user, to deliver a feature to that user. Your content is not used to train or improve generalized or non-personalized models.
  • When content is sent to a third-party model provider (currently routed via OpenRouter to a hosted model) to generate a result for you, we do so under a zero-data-retention arrangement: our requests are configured to deny provider data collection and to fail closed, meaning the request does not proceed if zero-retention handling is not honored, so the provider does not retain the content after the request and does not use it to train its models. We send the minimum content needed (for example a subject and a short excerpt rather than a full message where that is sufficient).
  • The AI drafts and suggests. It does not send email on your behalf without your action.

6. How we share information

We do not sell your personal information. We share it only as follows:

  • Service providers (subprocessors) who process data on our behalf under contract, including: Cloudflare (hosting, security, and content delivery), Neon (database hosting), Stripe (payments), Amazon SES and Resend (transactional and marketing email delivery), our AI model provider (currently OpenRouter, routing to a hosted large-language model under the zero-data-retention terms in Section 5), and Google (the Gmail and any other Google APIs you connect). We keep this list current as our providers change.
  • Other producers' customers: where you use the Services to run your store or send email, the relevant data flows to your buyers as you direct. In that flow you are the controller.
  • Legal and safety: to comply with law, respond to lawful requests, enforce our Terms, or protect the rights, safety, and security of Polarity, our users, and the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, where the recipient agrees to honor this policy.

7. Legal bases for processing (EEA and UK)

Where the GDPR or UK GDPR applies, we process personal data on these bases: performance of a contract (to provide the Services you sign up for), legitimate interests (to secure, operate, and improve the Services, balanced against your rights), consent (for example when you connect Gmail or opt into certain communications, which you may withdraw at any time), and legal obligation (for tax, accounting, and compliance).

8. Data retention

We keep personal data only as long as we need it, which depends on the type of data:

  • Connected Gmail content and tokens: retained only while your Gmail connection is active. Deleted when you disconnect Gmail or close your account, subject to short-lived backups (see Section 2).
  • Uploaded files (beats, stems, and other media you store with us): if your subscription ends, your store is taken offline and your actively served files are removed within about 60 days. A copy of your master files is kept in low-cost cold archive so you can reactivate without losing your catalog, and is permanently deleted by about 180 days if you do not return.
  • Account, catalog, CRM, and email-list data: retained for the life of your account and deleted within 90 days of account closure.
  • Payment and transaction records: retained for up to 7 years to meet tax, accounting, and legal obligations.
  • Usage and log data: retained for up to 18 months.
  • Backups: purged on a rolling cycle, typically within 35 days.

We may retain limited information longer where the law requires it, or as needed to resolve disputes and enforce our agreements. You can request deletion as described in Section 10.

9. Security

We protect data with encryption in transit (TLS) and encryption at rest, including AES-256-GCM encryption of connected-service credentials and tokens in a dedicated secrets vault, scoped per tenant. Access to production systems is restricted and logged. No method of transmission or storage is perfectly secure, but we work to protect your information and to notify you and regulators of a breach where the law requires.

10. Your rights and choices

Depending on where you live, you may have the right to access, correct, delete, export (portability), restrict, or object to the processing of your personal data, and to withdraw consent. To exercise any of these, contact admin@polarity.fm. We will respond within the time required by law (generally within one month under the GDPR and within 45 days under the CCPA, each extendable where the law allows), and will not discriminate against you for exercising a right.

California (CCPA/CPRA): we do not sell or share your personal information as those terms are defined by California law. To the extent we process sensitive personal information (such as your account credentials or the contents of a connected mailbox), we use it only to provide the Services you request and for related, legally permitted purposes, and we do not use it to infer characteristics about you. California residents may exercise the rights above and may designate an authorized agent to act for them.

EEA/UK: you may lodge a complaint with your local supervisory authority.

11. Cookies and similar technologies

We use cookies and similar technologies that are strictly necessary to run the Services, for example to keep you signed in and to secure your session. We do not currently use advertising or cross-site tracking cookies. If we later add non-essential analytics or similar technologies, we will describe them here and, where required, request your consent through a cookie banner before they run. You can also control cookies through your browser settings.

12. International data transfers

We operate globally and may process and store data in countries other than yours. Where we transfer personal data across borders, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision, as applicable.

13. Children

The Services are not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.

14. Third-party services and links

The Services integrate with and link to third-party services (for example Google, Stripe, and any provider you connect). Their use of your information is governed by their own privacy policies. We encourage you to review them.

15. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or an in-app notice before they take effect, and we will update the "Last updated" date above. Continued use of the Services after a change takes effect means you accept the updated policy.

16. Contact us

Questions, requests, or complaints: admin@polarity.fm, or by mail at Polarity Tech Inc., c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, US.

polarity

The all-in-one platform for the business behind your beats.

Platform

StorefrontTemplatesAnalyticsUploads

Influx

Influx MailInflux InboxIntegrationsPricing

Company

AboutContactTermsPrivacy
© 2026 Polaritythe producer business platform