Privacy Policy
Effective Date: 01 March 2026
1. Introduction
This Privacy Policy explains how VPDL – Vocal Performance Description Language collects, uses, stores, shares, and protects personal data in connection with the access to and use of the Service.
The Service is operated by:
VPDL – Vocal Performance Description Language
Operated by ZanTools Digital
Andrea Zanibellato
33100 UD
Italy
ZNBNDR86L13I403E
For the purposes of applicable data protection law, the Provider acts as the data controller in relation to the personal data described in this Privacy Policy.
By accessing or using the Service, you acknowledge that your personal data may be processed as described in this Privacy Policy.
2. Scope
This Privacy Policy applies to personal data processed in connection with:
- the public website and landing pages of the Service;
- user registration, authentication, and account access;
- subscription management and billing operations;
- the use of text transformation features made available through the Service;
- communications relating to the operation, security, and support of the Service.
This Privacy Policy does not apply to third-party websites, services, or platforms that are governed by their own privacy notices and terms.
3. Categories of Personal Data Collected
Depending on how you use the Service, the Provider may process the following categories of personal data:
A. Account Information
- email address;
- user account identifiers;
- authentication-related information;
- account status and basic account preferences.
B. Authentication and Sign-In Data
If you choose to sign in through a third-party authentication provider, the Provider may receive limited identity and account-related information from that provider, such as your email address and basic profile or account identifiers necessary to authenticate you and create or maintain your account.
C. Billing and Subscription Information
The Provider may process general billing and subscription information necessary to manage paid plans, recurring subscriptions, subscription status, billing periods, and payment-related account references.
The Provider does not intend to store full payment card details directly. Payment transactions are handled through third-party payment service providers.
D. Service Usage Data
The Provider may process data relating to how the Service is used, including general usage logs, credit balances, credit allocation and consumption events, transformation activity, system interaction metrics, technical diagnostics, security-related events, and operational metadata necessary to provide, maintain, and improve the Service.
E. Submitted Text and Generated Output
When you use the Service, you may submit text for transformation. That text may be processed in order to generate a transformed output through third-party AI systems used by the Service.
The Provider may process submitted text and generated output to the extent necessary to operate the Service, respond to technical issues, prevent abuse, enforce applicable terms, comply with legal obligations, and maintain security and service integrity.
The Service is not intended to retain submitted text or generated output in full for longer than necessary for operational, security, compliance, or troubleshooting purposes, unless retention is required by law or reasonably necessary to protect the Provider's rights.
F. Communications Data
If you contact the Provider, the Provider may process the information contained in your communications and any related records necessary to respond to your request and maintain support documentation.
G. Technical and Device Data
The Provider may process limited technical information such as IP address, browser type, operating system, approximate device information, timestamps, session-related data, and similar technical data necessary to ensure platform security, reliability, and functionality.
4. Purposes of Processing
The Provider processes personal data for the following purposes:
- to create, authenticate, and manage user accounts;
- to provide access to the Service and its features;
- to process and manage subscriptions, billing, and related account functions;
- to allocate, track, and manage credits and plan-related usage;
- to process submitted text and return transformed output;
- to monitor system performance, maintain platform stability, and prevent misuse;
- to investigate suspected fraud, abuse, or security incidents;
- to provide user support and respond to communications;
- to comply with legal, tax, accounting, and regulatory obligations;
- to establish, exercise, or defend legal claims;
- to improve the operation, security, and reliability of the Service.
5. Legal Bases for Processing
Where the General Data Protection Regulation or other applicable data protection laws apply, the Provider relies on one or more of the following legal bases:
A. Performance of a Contract
Processing is necessary to provide the Service, create and manage accounts, authenticate users, process subscriptions, manage credits, and perform the contractual relationship with the user.
B. Legitimate Interests
Processing may be necessary for the Provider's legitimate interests, including protecting the Service against abuse, ensuring account and platform security, preventing fraud, maintaining system integrity, improving operational performance, documenting support interactions, and enforcing the Provider's legal rights, provided that such interests are not overridden by the user's rights and freedoms.
C. Legal Obligation
Processing may be necessary to comply with applicable legal and regulatory obligations, including tax, accounting, compliance, law enforcement, and data protection obligations.
D. Consent
Where consent is required under applicable law, the Provider will rely on consent. Where processing is based on consent, consent may be withdrawn at any time, without affecting the lawfulness of processing carried out before withdrawal.
6. Use of Third-Party Service Providers
The Provider uses third-party service providers to operate and support the Service. Depending on the circumstances, these providers may process personal data on behalf of the Provider or as independent controllers under their own terms.
Such providers may include, for example:
- Supabase, for authentication, sessions, and application database functions;
- Google, where used as an authentication provider for social login;
- Stripe, for subscription billing, payment processing, customer billing management, and related payment operations;
- OpenAI, for text processing and transformation functions used by the Service.
The Provider may also rely on hosting, infrastructure, analytics, communications, or security providers as reasonably necessary to operate the Service.
The Provider takes reasonable steps to work only with providers that offer appropriate contractual, organizational, and technical safeguards where required by law.
7. AI Processing and Model Limitations
Submitted text may be processed through third-party AI systems used to provide the core functionality of the Service.
In specific cases, filters, refusals, or blocks may be applied to submitted text when it violates the policies, safety systems, or operational guidelines of third-party providers involved in processing.
Such limitations may affect whether a requested transformation can be completed. The Provider is not responsible for independent moderation, filtering, or safety decisions applied by third-party AI providers.
8. Sharing of Personal Data
The Provider does not sell personal data.
The Provider may share personal data only where reasonably necessary and lawful, including:
- with service providers and processors supporting the operation of the Service;
- with payment and billing partners in connection with subscriptions and transactions;
- with authentication providers where required for login functionality;
- where required by law, regulation, court order, or binding governmental request;
- where reasonably necessary to investigate fraud, abuse, or security incidents;
- where necessary to establish, exercise, or defend legal claims;
- in connection with a business transition, restructuring, transfer, or sale involving the Service, subject to applicable legal requirements.
9. International Data Transfers
Some third-party providers used in connection with the Service may process personal data outside the European Economic Area.
Where personal data is transferred outside the European Economic Area, the Provider will seek to ensure that such transfers are carried out in accordance with applicable data protection law and subject to appropriate safeguards, which may include adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms recognized under applicable law.
10. Data Retention
The Provider retains personal data only for as long as necessary for the purposes described in this Privacy Policy, including for the provision of the Service, the protection of the Service and its users, compliance with legal obligations, the resolution of disputes, and the enforcement of agreements.
In general:
- account-related data may be retained for as long as the account remains active and for a reasonable period thereafter where necessary for legal, compliance, support, or security purposes;
- billing and transaction-related data may be retained for as long as required under applicable tax, accounting, and legal obligations;
- service usage, security, and operational logs may be retained for as long as reasonably necessary for technical operation, abuse prevention, diagnostics, and security;
- submitted text and generated output are not intended to be retained longer than necessary for service operation, troubleshooting, compliance, or legal protection purposes.
When personal data is no longer required, the Provider will delete, anonymize, or securely dispose of it where reasonably practicable and subject to applicable legal obligations.
11. Data Security
The Provider takes reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction.
However, no method of transmission over the internet or method of electronic storage is completely secure. Therefore, while the Provider takes reasonable steps to protect personal data, absolute security cannot be guaranteed.
12. User Rights
Where the GDPR or other applicable data protection laws apply, users may have the right, subject to applicable legal conditions and limitations, to:
- request access to their personal data;
- request correction of inaccurate or incomplete personal data;
- request deletion of personal data;
- request restriction of processing;
- object to certain processing activities;
- request portability of certain personal data;
- withdraw consent where processing is based on consent;
- lodge a complaint with a competent supervisory authority.
Users located in Italy may submit a complaint to the Italian Data Protection Authority, Garante per la protezione dei dati personali, or to another competent supervisory authority in the European Union, where applicable.
13. Exercising Your Rights
To exercise privacy-related rights, users may contact the Provider using the contact channels made available through the Service or by written correspondence to the address identified in this Privacy Policy.
The Provider may request reasonable information necessary to verify identity before responding to a privacy request.
The Provider will respond in accordance with applicable law.
14. Children's Data
The Service is not intended for individuals who do not have the legal capacity to enter into a binding agreement under the laws applicable in their jurisdiction.
The Provider does not knowingly collect personal data from individuals where such collection would be unlawful under applicable law. If the Provider becomes aware that personal data has been collected in violation of applicable law, the Provider may take appropriate steps to delete or restrict such data.
15. Changes to This Privacy Policy
The Provider may update or modify this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or operational practices.
The updated version will become effective on the date indicated at the top of the document unless otherwise stated.
Continued use of the Service after the effective date of an updated Privacy Policy may constitute acknowledgment of the revised policy, to the extent permitted by applicable law.
16. Contact
Data controller:
VPDL – Vocal Performance Description Language
Operated by ZanTools Digital
Andrea Zanibellato
33100 UD
Italy
ZNBNDR86L13I403E
Users may use the contact channels made available through the Service or written correspondence to the address above for privacy-related requests.