Privacy Policy

Last Updated: May 7, 2026

1. Introduction

Welcome to Faso ("we," "our," or "us"). Faso is a digital audio workstation (DAW) application available on iOS, macOS, and other platforms. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our application, website, and related services (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information Collection

2.1 Information You Provide

We may collect the following information that you voluntarily provide to us:

• Account information (e.g., name, email address, profile picture) when you create an account or sign in via Google Sign-In or other authentication methods
• User-generated content, including music projects, audio recordings, compositions, MIDI data, and other creative works you create or upload within the app
• Communications you send to us (e.g., support requests, feedback)
• Payment and subscription information processed through Apple App Store, Google Play Store, or our payment processor RevenueCat

2.2 Information Collected Automatically

When you use our Services, we may automatically collect:

• Device information (e.g., device model, operating system version, unique device identifiers)
• Usage data (e.g., app usage patterns, features accessed, session duration)
• Crash reports and performance data
• IP address and approximate location (derived from IP address)
• Push notification tokens (if you opt in to notifications)

2.3 Advertising Identifiers

On iOS devices, we may request access to your device's advertising identifier (IDFA — Identifier for Advertisers) through Apple's App Tracking Transparency (ATT) framework. We only collect and share the IDFA if you explicitly grant permission when prompted. The IDFA is used solely for the following purposes:

• Ad attribution: To measure whether an advertisement led to an app install or an in-app action (e.g., subscription purchase), so we can evaluate the effectiveness of our advertising campaigns
• Personalized advertising: To show you ads that are more relevant to your interests across apps and websites

If you decline the ATT prompt, we will not collect your IDFA. Advertising attribution will fall back to privacy-preserving methods that do not involve your advertising identifier. You can change your choice at any time in iOS Settings → Privacy & Security → Tracking.

2.4 Information from Third-Party Services

We may receive information about you from third-party services you use to interact with our Services, such as Google Sign-In, Apple Sign-In, or social media platforms.

3. Third-Party Services

Our Services integrate with the following third-party services, each of which has its own privacy policy governing the data they collect:

• Firebase Authentication — for user account management and sign-in
• Cloud Firestore & Firebase Storage — for storing user data, projects, and assets
• Firebase Crashlytics — for crash reporting and stability monitoring
• Firebase Cloud Messaging — for push notifications
• Firebase Remote Config — for app configuration and feature management
• Firebase App Check — for protecting our backend from abuse
• Google Vertex AI (a third-party AI service operated by Google) — powers AI features such as the Companion chat. See Section 4 below for full details about what data is sent, how it is sent, and the data protection terms that apply.
• Google Mobile Ads (AdMob) — for serving advertisements; AdMob may use cookies and device identifiers to deliver personalized ads
• RevenueCat — for managing in-app subscriptions and purchases; RevenueCat may receive your advertising identifier to attribute purchases to advertising campaigns
• Meta (Facebook) SDK — for advertising attribution and measurement; Meta may collect your advertising identifier (IDFA on iOS) to attribute app installs and in-app events to advertising campaigns, subject to your ATT consent choice (see Section 3)
• AppsFlyer — for mobile attribution and marketing analytics; AppsFlyer may process your advertising identifier to measure the effectiveness of advertising campaigns
• Google Analytics — for understanding app usage and improving our Services

We encourage you to review the privacy policies of these third-party services, particularly Google's Privacy Policy and RevenueCat's Privacy Policy.

4. AI Features and Third-Party AI Services

Faso includes optional AI-powered features, such as the in-app Companion chat. Because these features rely on a third-party AI service, we disclose the following information explicitly, and the app will also ask for your explicit consent inside the app before any data is sent.

4.1 What data is sent

When you use an AI feature, the following data is sent to the third-party AI service:

• The chat messages you type into the Companion chat
• Processed musical project data required to answer your request, specifically: chord progressions, section structure (e.g., verse / chorus layout), and key signatures

We do not send your name, email address, account ID, profile picture, raw audio recordings, MIDI files, or any other personal identity information to the AI service.

4.2 Who the data is sent to

The data is sent to Google Vertex AI, a third-party AI service operated by Google LLC ("Google"). Google receives and processes the data on Google Cloud infrastructure in order to generate the AI response that is returned to the app.

4.3 How we obtain your permission

Before any data is sent to the AI service, the Faso app displays a dedicated consent screen that explains what data will be shared and who it will be shared with, and asks you to explicitly agree. No AI feature will send any data until you have given this consent. You may revoke your consent at any time in the app under Settings → Legal → Companion AI, after which no further data will be sent to the AI service.

4.4 How the data is protected by the third party

Google processes the data that Faso sends to Vertex AI under its Cloud Data Processing Addendum and the Google Cloud Service Specific Terms for Vertex AI. Under these terms, Google does not use data submitted to Vertex AI by Faso to train its foundation models, and Google applies security, confidentiality, and data protection safeguards that are equivalent to or exceed the standards described in this Privacy Policy.

5. Use of Information

We use the information we collect for the following purposes:

• Providing, operating, and maintaining our Services
• Processing your transactions and managing your subscriptions
• Personalizing and improving your experience
• Communicating with you, including sending service-related announcements and responding to your inquiries
• Analyzing usage trends to improve our app features and performance
• Powering AI features (e.g., Companion chat) by sending your chat messages and processed project data (chord progressions, section structure, key signatures) to Google Vertex AI, a third-party AI service, only with your prior explicit consent (see Section 4)
• Delivering relevant advertisements through Google AdMob
• Detecting, preventing, and addressing fraud, abuse, security issues, and technical problems
• Complying with legal obligations

6. Information Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our Services (as listed in Section 3 and Section 4), subject to confidentiality obligations
• Community Features: Content you choose to share publicly through community features may be visible to other users
• Legal Requirements: When required by law, regulation, legal process, or governmental request
• Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case your information may be transferred to the acquiring entity
• With Your Consent: In any other circumstances where you have given your explicit consent

7. Data Security

We take the security of your personal information seriously and implement commercially reasonable technical, administrative, and physical safeguards designed to protect your data, including:

• Encryption of data in transit and at rest
• Firebase App Check to protect backend resources from abuse
• Secure authentication via Firebase Authentication
• Access controls and least-privilege principles for internal systems

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Services. We may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. If you delete your account, we will make commercially reasonable efforts to delete your personal information within a reasonable timeframe, except where retention is required by law.

9. Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at dotune@dotune.com and we will take steps to delete such information. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to certain exceptions
• Portability: Request a copy of your data in a portable format
• Restriction: Request restriction of or object to certain processing of your information
• Opt-out of Ad Tracking: On iOS, you may withdraw your App Tracking Transparency consent at any time in Settings → Privacy & Security → Tracking. You may also opt out of personalized advertising through your device settings or the ad consent mechanisms provided within the app

To exercise any of these rights, please contact us at dotune@dotune.com. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

11. International Data Transfers

Our Services are operated globally. Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where data protection laws may differ. By using our Services, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

12. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. As noted above, we do not sell your personal information. To exercise your California privacy rights, please contact us at dotune@dotune.com.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: dotune@dotune.com

14. Policy Updates

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will revise the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of such changes.