SonicVibe Privacy Policy

Effective date: 2026-02-03
Company: Bread Bowl LLC (Wyoming, USA) ("Bread Bowl," "we," "us," "our")
App: SonicVibe (the "App")

1. Scope

This Privacy Policy explains how we collect, use, disclose, and protect information when you use SonicVibe and related services (collectively, the "Services").

This policy does not cover the practices of third parties you interact with. Their policies apply to their services.

2. Key Concepts (High-Level)

  • We collect information you provide and information from connected third-party services (such as music services) if you choose to connect them.
  • We use this information to provide personalized features, generate summaries/insights, and improve the Services.
  • Where permitted by law, we may use information (including derived insights) for research, development, safety, and to improve existing and future products and services.
  • We rely on service providers to help operate the Services.

3. Information We Collect

3.1 Information You Provide Directly

  • Account information (e.g., email address, optional profile information).
  • Credentials (e.g., password, stored in hashed form; or third-party login tokens/credentials handled through authorized flows).
  • Support and feedback (content you share when contacting us or providing feedback).

3.2 Information We Receive From Connected Third-Party Services

If you connect third-party services (such as music services), we may receive information from those services in accordance with your settings/permissions and the third party's terms and policies. This may include:

  • Account identifiers from the third-party service (and, in some cases, account information such as an email address).
  • Content and activity information needed to provide the Services (for example, saved content, listening activity, and related metadata).

3.3 Information We Generate (Derived / Inferred Information)

We may generate insights and profiles based on your use of the Services and/or connected third-party service data. This may include:

  • Personalized profiles and insights about preferences and usage patterns;
  • Recommendations and ranking signals;
  • Summaries and other outputs based on your use of the Services, where available.

3.4 Device and App Data

We may collect device and app information necessary to operate and secure the Services, such as device identifiers, app version, and diagnostic or performance information. We may also use local device storage to keep you signed in and to remember preferences.

3.5 Sensitive Data

We do not intentionally request or collect "special category" data (GDPR Art. 9) or sensitive personal information beyond what is necessary to provide the Services. However, preferences and activity data can sometimes be considered sensitive in context or may enable inferences. You can choose not to connect third-party services and can request deletion.

4. How We Use Information

We use information for the following purposes:

  • Provide and operate the Services (including authentication, account management, connected-service features, and user support).
  • Personalization (including generating profiles, recommendations, and insights).
  • Improve and develop the Services (including debugging, testing, analytics, research, and development of new features).
  • Develop and improve models and algorithms used by the Services (including by using personal information and derived insights), to the maximum extent permitted by law.
  • Safety and security (including detecting fraud/abuse, enforcing rate limits, preventing unauthorized access, and protecting users and the Services).
  • Communications (including verification, password reset, service notices, support responses, and—where permitted—marketing communications).
  • Business operations (including auditing, reporting, planning, and maintaining records).
  • Legal compliance (including responding to lawful requests and enforcing our agreements).

To the maximum extent permitted by law, we may use personal information and derived insights for legitimate business purposes, including to improve and evolve our products and services over time. Where required, we will provide notice and/or obtain consent.

We may also use and share aggregated, de-identified, and/or anonymized information for analytics, research, and business purposes, where permitted. Such information is not intended to identify you.

5. Legal Bases (EEA/UK GDPR)

If you are in the EEA/UK, we process personal data under one or more of the following legal bases:

  • Contract (Art. 6(1)(b)): to provide the Services you request (account, sync, outputs).
  • Legitimate interests (Art. 6(1)(f)): to secure, operate, and improve the Services, prevent abuse, and develop new features (balanced against your rights).
  • Consent (Art. 6(1)(a)): where required (e.g., certain optional processing or permissions). You may withdraw consent at any time where applicable.
  • Legal obligation (Art. 6(1)(c)): to comply with law.

For profiling/automated processing: the Services may use automated processing to personalize outputs. We do not intend to make decisions that produce legal or similarly significant effects about you (GDPR Art. 22). If that changes, we will provide additional disclosures and choices required by law.

6. Sharing and Disclosure

We may share information with:

6.1 Service Providers (Subprocessors)

We use vendors to operate the Services (for example, infrastructure hosting, email delivery, analytics/monitoring, customer support tools, and AI-related services where applicable). These vendors are authorized to process personal data only as needed to provide services to us and subject to appropriate protections.

6.2 Connected Music Providers

Third-party services you connect (such as music services) may receive information as part of authorization flows and API usage as governed by their policies.

6.3 Legal and Safety

We may disclose information if we believe in good faith that disclosure is necessary to:

  • comply with law or legal process,
  • protect rights, safety, and security of Bread Bowl, users, or others,
  • investigate fraud or security incidents.

6.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

7. International Data Transfers

We are based in the United States. Your data may be processed in the U.S. and other countries where we or our service providers operate.

If you are in the EEA/UK and we transfer your data outside the EEA/UK, we will use appropriate safeguards where required by law.

8. Data Retention

We retain personal data for as long as reasonably necessary to:

  • provide the Services,
  • comply with legal obligations,
  • resolve disputes, and
  • enforce agreements.

Retention may vary depending on the type of information, how it is used, and legal requirements.

8.1 Account Deletion and Anonymization

When you request account deletion, we will take steps to delete, de-identify, and/or disassociate personal information associated with your account in a manner designed to be compliant with applicable law. Deletion can take time and may not immediately remove information from logs, backups, or systems that are designed to protect safety, security, and integrity. We may retain certain information where required or permitted by law (for example, to comply with legal obligations, resolve disputes, enforce agreements, prevent fraud/abuse, or maintain security).

We may also retain information in a form that does not identify you, for example for analytics, security, and product improvement, as permitted by law.

9. Security

We use reasonable administrative, technical, and organizational measures designed to protect information.

No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10. Children

The Services are not directed to children. If you believe a child has provided us personal information, contact us and we will take appropriate steps consistent with applicable law.

11. Your Choices and Rights

11.1 Account Controls

  • You can unlink connected third-party services in the App.
  • You can request account deletion in the App (if available).

Unlinking generally stops future data access from that third party. Previously collected information may remain until deleted or anonymized, as described in Section 8.

11.2 Privacy Rights (EEA/UK and Certain US States)

Depending on where you live and subject to applicable law, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent where we rely on consent. You may also have the right to appeal certain decisions and to lodge a complaint with a regulator.

We do not intend to "sell" personal information in exchange for money. If we engage in activities that trigger opt-out rights under applicable law (including certain forms of targeted advertising), we will provide required notices and choices.

11.3 How to Exercise Rights

Contact us using the details in Section 14. We may need to verify your identity before fulfilling requests.

12. Third-Party Links and Services

The Services may link to or integrate third-party services. We are not responsible for third-party privacy practices.

13. Changes to This Policy

We may update this policy from time to time. If changes are material, we will provide notice (e.g., in the App or by email) as required by law. Continued use after the effective date of an updated policy indicates acceptance where permitted.

14. Contact

Bread Bowl LLC
Email: contact@breadbowl.ai
Mailing address: 30 N Gould St, Ste N, Sheridan, WY 82801, USA