Privacy policy

We don't run advertising, we don't sell personal data, and we don't profile users for advertising purposes.

dissed.io is operated by 41Flow Ltd, registered in England & Wales, company no. 17049682. We are the data controller for personal data processed through this site.

Our registered office is 50 Princes Street, Ipswich, IP1 1RJ.

Contact: hello@41flow.co.uk — for privacy questions, data subject requests, support, or any other matter related to this policy or to dissed.io.

We work to data-minimisation and purpose-limitation: we collect only what's needed for the function or legal duty described next to each category, we don't repurpose data for unrelated uses, and we don't ask you for fields the product doesn't need. If a feature can be built without a piece of personal data, that's how we build it.

Lawful bases below are keyed to UK GDPR Art. 6.

• Account data. Clerk handles sign-in (email, name, profile image, auth identifiers). Basis: contract (Art. 6(1)(b)).
• Track-balance data. Your current track balance and a transaction log (purchase, usage, refund, adjustment) with amounts, the Polar order ID, and a receipt URL. Basis: contract.
• Music-generation content. Each generation stores its music prompt, lyrics, cover prompt, optional title, the name of the target, an optional sender name, style tags, model ID, audio + cover storage keys, share state, takedown state, and owner appeals. Basis: contract.
• Lyrics drafts and conversation threads. The chat you have with the music agent — drafts, lyric alignments, and the underlying message thread stored by the Convex Agent component that backs the studio chat. Basis: contract.
• Content-rules acceptance. A timestamped record that you accepted the content rules before generating your first track. Basis: legitimate interest (auditable acceptance of the rules).
• Gift links. Token, amount, optional title and message, the user who created the gift, and the user who claimed it. Basis: contract.
• Takedown reports. Reporter email, reason, optional notes, hashed verification token + expiry, status, reviewer ID, and timestamps. Plus the auto-suspension records for repeat offenders. Basis: legitimate interest (running a safe platform); for the report email itself, your voluntary submission and PECR for the transactional confirmation email.
• Crash diagnostics. Sentry records errors and the breadcrumb steps that led to them. We don't send PII by default and there's no session replay. When you're signed in, your Clerk user ID is attached so we can correlate a crash to one user. Basis: legitimate interest (uptime and debugging).
• Analytics. PostHog (EU-hosted) records page views and named feature interactions against an anonymous distinct ID — and against your Clerk user ID once you opt in. Off by default in the UK and EEA; on by default elsewhere unless you opt out. We honour Global Privacy Control. Basis: consent (UK / EEA + GPC) or legitimate interest with opt-out (rest of world). Cookie and banner detail lives in the cookie policy.
• Server logs and IP-derived country. Vercel captures standard infrastructure logs, and we read your country from edge headers (only the ISO-2 country code) to decide whether to show the consent banner. We don't store the full IP ourselves. Basis: legitimate interest (security and fraud prevention) and legal obligation (PECR / consent gating).

The events we capture cover prompts (counts only, never the text), purchases, downloads, deletions, and takedown reports — labels and IDs only. We do not send free-form prompt or lyric text to analytics.

A diss track is built around a target: a name typed by the creator, often someone who hasn't signed up to dissed. That name is personal data about a third party, and we treat it that way.

• We store the target as text alongside the track.
• If the creator chooses to share the track, the target name shows up on the public share page, in its OG image, and on the takedown reporting screens.
• Anyone — target included — can request takedown without an account via the "Report this track" link in the footer of every share page. Confirmed reports hide the page immediately. See our takedown policy.
• We don't enrich, look up, or store any other data about the target.
• We don't create voice clones, biometric profiles, or likenesses. dissed tracks are not deepfakes within the meaning of EU AI Act Art. 50.

Why we don't notify each target individually. UK GDPR Art. 14 normally requires us to give targets the same kind of notice we give signed-up users. We don't, because we have no way to contact someone we only know by a free-text name typed by the track's creator — that's the Art. 14(5)(b) "disproportionate effort" exception. To make the underlying right effective in practice, the takedown route is deliberately low-friction: any visitor of the share page can submit a report without an account, and a confirmed report hides the page immediately.

• Tracks are private by default. They're only visible to you in your studio until you choose to share them.
• Shared tracks are reachable at /track/[id], with the audio and cover served from cdn.dissed.io. Anyone with the URL can listen and download.
• A confirmed takedown removes the share page immediately. If the takedown is upheld on review, the audio is permanently deleted from storage 30 days later.

Full detail lives in our cookie policy. In short: strictly-necessary cookies set by Clerk keep you signed in; a single localStorage entry remembers your cookie choice; and PostHog analytics is opt-in in the UK/EEA and opt-out elsewhere, with GPC honoured. You can change your choice any time via Preferences in the footer.

Any transfer of data outside the UK or EEA is covered by the UK IDTA or EU Standard Contractual Clauses, with the EU-US Data Privacy Framework relied on where the recipient is DPF-certified.

This list is current as of the "Last updated" date at the top of the page. We'll update this section before adding a new sub-processor that materially changes the data exposure picture.

MiniMax generates the audio in your tracks. We name them separately because their data picture is more nuanced than the one-line table row above.

• Who they are. Nanonoble Pte. Ltd., a Singapore company at 152 Beach Road, #14-02 Gateway East, Singapore 189721, trading as MiniMax API. Their EU representative is reachable at mars@nanonoble.com; their data-protection inbox is api@minimax.io.
• Where the data goes. MiniMax's published policy states their data centre is in the United States and that cross-border storage is covered under the EU-US Data Privacy Framework, with SCCs for transfers to other group entities. We rely on those mechanisms plus the UK IDTA for UK-origin transfers.
• What we send. The model ID, the music prompt, the AI-generated lyrics, and audio settings. We do not send Clerk user IDs, your email, your IP address, payment data, or any direct identifier from our database.
• Why this still matters. A name like "Tom" isn't identifiable personal data on its own; "Elon Musk" is. Since we can't tell in advance, we treat the whole flow as if any prompt might contain personal data.
• Group-affiliate sharing. MiniMax's policy reserves the right to share data with group entities — which includes affiliates outside the US/EU. The transfer mechanisms above are the contractual safeguard; the residual risk is real and belongs in your hands, which is why we name MiniMax explicitly.
• Training and commercial use. MiniMax's policy says they don't use input data "to profile or target consumers" and don't infer characteristics about an individual — but they reserve the right, under "Commercial utilization," to mine, analyse and utilise anonymised / de-identified user data commercially, which in practice may include using prompts and lyrics to improve their models. We cannot guarantee that prompts or lyrics will never contribute to MiniMax's training corpus.
• User control. Generating a track necessarily transfers your prompt and lyrics to MiniMax on the terms above. The only way to opt out of that transfer is to not use the generation feature.

• Account data — until you ask us to delete (see section 11) or we close the account.
• Tracks (audio, cover, prompts, lyrics, chat threads) — for the lifetime of your account.
• Tracks under upheld takedown — share page hidden immediately on confirmation; audio purged from storage 30 days after the upheld decision.
• Unverified takedown reports — purged after 7 days.
• Verified takedown reports — kept for audit, linked to the track they acted on; the reporter email is retained as part of that audit log.
• Track-balance and transaction records — retained for 6 years to meet UK HMRC accounting obligations.
• Sentry error data — 30 days (Sentry default; we don't extend).
• PostHog event data — 12 months (PostHog default).
• Convex platform logs — per Convex's retention.

Where it's necessary to establish, exercise, or defend legal claims, we may retain limited data beyond the windows above for the duration of the relevant limitation period (in the UK, six years for contract claims).

We may compute and keep aggregated, statistical, or otherwise de-identified data — counts of tracks generated, model performance metrics, that kind of thing — that no longer identifies any individual. De-identified data isn't subject to the retention windows above and may be kept indefinitely. We don't re-link it to identifying data.

dissed is 18+ only. The eligibility clause is in our terms. We don't knowingly process data from anyone under 18; if we learn that we have, we delete the account and content.

• HTTPS everywhere; the app is gated behind Clerk.
• Inbound webhooks are signature-verified.
• Storage credentials are held server-side only.
• We don't store payment card data — Polar handles PCI scope.
• No bulk-download paths or admin dashboards exposed to non-admins.
• No system is bullet-proof. If a breach is serious enough to require it under the law, we'll notify affected users and the ICO without undue delay.

Under UK and EU GDPR you can: access your data, correct it, ask us to erase it, restrict or object to its processing, port it, withdraw consent where consent was the basis, and complain to a supervisory authority. To act on any of these, email hello@41flow.co.uk.

We respond within one month of receiving a valid request, in line with UK GDPR Art. 12(3). Where a request is particularly complex or you've sent us several at once, we may extend that window by up to two further months — if we do, we'll tell you within the original month and explain why.

How we verify identity depends on who you are:

• Account holders. We match the request to your Clerk-registered email. We may ask you to confirm via that email or sign in.
• Takedown reporters. We match against the email you submitted with the report.
• People named as a target in a track. We ask for proof linking you to the name (for example, confirming the share-page URL plus a context the reasonable account holder would recognise) before disclosing or acting; if we can't verify, we'll say so rather than acting blindly.

You can also complain to the UK Information Commissioner's Office at ico.org.uk or to your local EEA supervisory authority.

We don't subject you to decisions based solely on automated processing that produce legal or similarly significant effects on you (UK GDPR Art. 22). The closest thing we run is the three-strike auto-suspension for creators with three upheld takedowns — but the upholds themselves are human-reviewed decisions; the suspension is just the bookkeeping that follows. Suspended creators can appeal to hello@41flow.co.uk for human review.

We don't send marketing email and we don't run a mailing list. The only emails we send are transactional — takedown verification — and Polar sends purchase receipts directly from their own infrastructure. There's no marketing opt-out toggle because there's no marketing channel to opt out of.

• We update the "Last updated" date at the top of this page whenever it changes.
• For material changes — a new sub-processor category, a new data type, a change to lawful basis — we'll show an in-app banner on your next visit before the change takes effect. The banner plus the visible "Last updated" date are how we tell you.