Privacy Policy

1. Introduction

1.1. This Privacy Policy (hereinafter referred to as "Policy") defines the procedures for collecting, using, storing, protecting, and deleting personal data of users of the songly.gift service (hereinafter referred to as "Service").

1.2. The Data Controller is: 3 Krolika LLP, BIN 251240001464, address: 010000, Kazakhstan, Astana, Taras Shevchenko Street 4/1, unit 17 (hereinafter referred to as "Operator").

1.3. Contact email address: support@songly.gift.

1.4. This Policy has been developed in accordance with the laws of the Republic of Kazakhstan, including the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On Personal Data and Their Protection," and is designed to comply with international data protection standards, including the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA).

1.5. By using the Service, the User confirms that they are at least 18 (eighteen) years of age. Persons under the age of 18 are not permitted to use the Service.

2. Data We Collect

2.1. For the Service to function, we collect and process the following categories of data:

2.1.1. Data Provided by the User:

  • Email address — for registration, authorization, and account recovery;
  • Username (login) — for identification within the system;
  • Password — stored exclusively in encrypted (hashed) form.

2.1.2. Content Uploaded by the User:

  • Photographs and images for processing or as references;
  • Audio files for processing;
  • Video files for processing;
  • Text data (descriptions, wishes, generation instructions).

2.1.3. Automatically Generated Content:

  • Songs and music;
  • Images (portraits, greeting cards, invitations, logos, coats of arms, and other graphic materials);
  • Poems;
  • Texts (greetings, formal letters, marketing materials, and other text-based content);
  • Videos;
  • Chat history with AI assistants.

2.1.4. Technical Data:

  • IP address;
  • Browser and device information;
  • User settings and preferences;
  • Service usage data (statistics, logs).

2.1.5. Payment Information:

We DO NOT store payment data (card numbers, CVV, etc.). All payments are processed through third-party payment services certified to PCI DSS standards. We receive only confirmation of successful payment and a transaction identifier.

3. Purposes of Data Processing

3.1. The collected data is used exclusively for the following purposes:

  • User registration and authentication;
  • Ensuring account security;
  • Providing Service functions (content generation);
  • Processing payments and tracking energy points;
  • Content moderation and violation prevention;
  • Technical support and communication with Users;
  • Improving Service quality and AI algorithms;
  • Compliance with legal requirements;
  • Protecting the rights and legitimate interests of the Operator.

4. Legal Basis for Processing (GDPR)

4.1. For Users in the European Economic Area (EEA), the United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary for the performance of a contract with you (providing Service functions);
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, preventing fraud, and ensuring security;
  • Consent: Where you have given explicit consent for specific processing activities;
  • Legal Obligation: Processing necessary for compliance with legal obligations.

5. Data Retention Periods

5.1. Account data (email, login, password): stored until the account is deleted by the User or by the Operator in accordance with the terms of use.

5.2. Inactive accounts: To implement the right to be forgotten, User accounts that have not been accessed for 1 (one) year are automatically deleted along with all associated data and content.

5.3. Uploaded content (photographs, audio, video for processing): stored for 7 (seven) calendar days for moderation and verification purposes, after which it is automatically deleted.

5.4. Generated content:

  • For Users without Prime status: generated content is automatically deleted 2-4 months after creation;
  • For Users with Prime status: content is stored until deleted by the User or until the Prime status expires (after which standard retention periods apply).

Upon deletion, content is marked as deleted (for recovery purposes) and completely removed after 7 (seven) calendar days.

5.5. AI assistant chat history:

  • Only the last 100 (one hundred) messages with each AI assistant are stored;
  • For Users without Prime status: message history is automatically deleted after 2-4 months;
  • For Users with Prime status: message history is stored until account deletion or until the Prime status expires.

5.6. Technical logs and IP addresses: stored for 12 (twelve) months for security and incident investigation purposes.

5.7. Transaction data: stored for the period required by applicable law (at least 5 years) for accounting and tax purposes.

6. Data Protection

6.1. The Operator takes necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, and other unlawful actions.

6.2. Protection measures include:

  • Password encryption using modern cryptographic algorithms;
  • Use of secure connections (HTTPS/TLS);
  • Restricted access to personal data;
  • Regular data backups;
  • System security monitoring.

6.3. Important Notice: Despite the protective measures taken, the Operator cannot guarantee absolute data security during transmission over the Internet. The User uses the Service at their own risk.

7. Data Transfer to Third Parties

7.1. The Operator does not sell personal data and does not transfer it to third parties, except in the following cases:

  • With the User's consent;
  • Upon request of authorized government bodies in accordance with applicable law;
  • For payment processing through certified payment systems;
  • For providing cloud storage and hosting services;
  • When using third-party APIs for content generation (in anonymized form where technically possible).

7.2. All third parties receiving access to data are required to maintain confidentiality and use data exclusively to perform their functions.

7.3. International Data Transfers: Your data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection. Where required, we implement appropriate safeguards such as Standard Contractual Clauses approved by relevant authorities.

8. Use of Data for AI Training

8.1. By using the Service, the User agrees that uploaded and generated content may be used for:

  • Training and improving artificial intelligence models;
  • Internal Service purposes (testing, debugging, algorithm improvement);
  • Statistical analysis in anonymized form.

8.2. When using data for AI training, User personal data is anonymized where technically possible.

9. User Rights

9.1. The User has the right to:

  • Access their personal data and receive a copy;
  • Request correction or updating of inaccurate personal data;
  • Request deletion of their personal data ("right to be forgotten");
  • Restrict the processing of their personal data;
  • Object to the processing of their personal data;
  • Request data portability (receive data in a structured, commonly used format);
  • Withdraw consent to data processing at any time;
  • Delete their content through the Service interface;
  • Delete their account (all associated content will also be deleted);
  • Lodge a complaint with a supervisory authority.

9.2. Additional Rights for California Residents (CCPA):

If you are a California resident, you have the following additional rights:

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you;
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions;
  • Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to opt out of any future sales;
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, please contact us at support@songly.gift.

9.3. To exercise your rights, the User may:

  • Use the personal account functionality to manage data and content;
  • Send a written request to the email address support@songly.gift.

9.4. Requirements for Written Requests:

To protect against unauthorized access to data, the request must contain:

  • Full name of the User;
  • Email address associated with the account;
  • Nature of the request;
  • Date of preparation;
  • Handwritten signature of the User.

The request must be prepared on paper, signed by hand, scanned, and sent as an electronic copy. Requests without a handwritten signature will not be processed. We may require additional verification of your identity before processing your request.

9.5. Request processing time — 30 (thirty) calendar days from receipt of a properly completed request, or within shorter timeframes where required by applicable law (e.g., 45 days under CCPA).

10. Account and Data Deletion

10.1. The User may delete their account at any time through the personal account settings.

10.2. Upon account deletion:

  • Personal data (email, login) is deleted;
  • All generated content is deleted;
  • AI assistant chat history is deleted;
  • Transaction data is retained in accordance with legal requirements.

10.3. Automatic deletion of inactive accounts: Accounts that have not been accessed for 1 (one) year are automatically deleted along with all associated data.

10.4. Account deletion is irreversible. Recovery of deleted data is not possible.

11. Cookies and Similar Technologies

11.1. The Service uses cookies and similar technologies for:

  • Ensuring Service functionality;
  • Saving User settings;
  • Authentication and session maintenance;
  • Collecting usage statistics.

11.2. The User may disable cookie usage in browser settings, but this may affect Service functionality.

11.3. Types of Cookies We Use:

  • Essential Cookies: Required for the Service to function properly;
  • Functional Cookies: Remember your preferences and settings;
  • Analytics Cookies: Help us understand how you use the Service.

12. Prohibited Content and Moderation

12.1. The Operator reserves the right to review uploaded content for violations of law and Service rules.

12.2. If prohibited content is discovered (including materials containing child sexual abuse material, hate speech, calls for violence), the Operator has the right to:

  • Immediately block the User's account;
  • Transfer information to law enforcement authorities;
  • Retain necessary data for investigation.

13. Children's Privacy

13.1. The Service is not intended for persons under the age of 18. We do not knowingly collect personal data from children under 18.

13.2. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information as soon as possible.

13.3. If you believe that a child under 18 has provided us with personal data, please contact us at support@songly.gift.

14. Do Not Track Signals

14.1. Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activities tracked. The Service does not currently respond to "Do Not Track" signals as there is no industry standard for handling such signals.

15. Changes to the Policy

15.1. The Operator reserves the right to make changes to this Policy at any time.

15.2. Changes take effect from the moment the new version of the Policy is published on the Service website.

15.3. The User undertakes to independently monitor changes in the Policy. Continued use of the Service after changes are made constitutes acceptance of the new version of the Policy.

15.4. For material changes, we will make reasonable efforts to notify you by email or through a prominent notice on the Service.

16. Governing Law and Jurisdiction

16.1. This Policy and any disputes arising from or relating to it shall be governed by the laws of the Republic of Kazakhstan.

16.2. Any disputes shall be subject to the exclusive jurisdiction of the courts located in Astana, Republic of Kazakhstan.

16.3. Notwithstanding the foregoing, if you are located in the European Economic Area, United Kingdom, or Switzerland, nothing in this Policy affects your statutory rights under applicable data protection laws.

17. Additional Disclosures

17.1. Categories of Personal Information Collected (CCPA Disclosure):

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (email address, username, IP address);
  • Internet or other electronic network activity information (browsing history, interactions with the Service);
  • Audio, electronic, visual, or similar information (uploaded content);
  • Inferences drawn from the above (preferences, characteristics).

17.2. Sources of Personal Information:

  • Directly from you when you provide it;
  • Automatically when you use the Service;
  • From third-party payment processors (transaction confirmation only).

17.3. Business or Commercial Purposes for Collection:

As described in Section 3 of this Policy.

17.4. Sale or Sharing of Personal Information:

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

3 Krolika LLP

BIN: 251240001464

Address: 010000, Kazakhstan, Astana, Taras Shevchenko Street 4/1, unit 17

Email: support@songly.gift

Last updated: December 3, 2025