Last updated: March 5, 2026
We treat your sessions, your stems, and your story as yours. Here's exactly what we do — and don't — collect.
BoomRiddim is operated by Richboy Reid Media ("Richboy Reid Media", "BoomRiddim", "we", "us"), trading as BoomRiddim. Richboy Reid Media is the data controller for personal data processed through the Service.
We collect the minimum data needed to run BoomRiddim. We don't sell your data. We don't use Your Content (audio, lyrics, projects, prompts) to train AI models.
Where GDPR or UK GDPR applies, we rely on the following legal bases: (a) Performance of a contract — to create your account, provide the Service, save your sessions, and deliver exports; (b) Legitimate interests — to secure the Service, prevent fraud and abuse, debug issues, and improve the product through aggregated analytics; (c) Legal obligation — to keep limited billing and tax records and to respond to lawful requests; (d) Consent — for optional cookies and marketing emails, which you can withdraw at any time.
Account data: email address, display name, password hash, authentication provider (e.g. Google) when you sign up.
Project data: projects, sessions, tracks, stems, presets, BPM, prompts, and any audio you upload, generate, or export through the Service.
Collaboration data: invitations and roles you set for collaborators on a project.
Usage data: pages viewed, features used, requests made to the Service, basic device/browser information, IP address, and approximate location derived from IP. Used for security, debugging, and product improvement.
Billing data (if you subscribe): handled by our payment processor. We receive subscription status and the last 4 digits of your card; we never see the full card number.
To provide the Service: render projects, save sessions, route requests to AI providers you've chosen, deliver exports.
To secure the Service: detect abuse, prevent fraud, enforce our Terms.
To improve the Service: aggregated, de-identified analytics about which features are used.
To communicate with you: account notifications, security alerts, and (if you opt in) product updates.
We do not sell your personal data.
We do not use Your Content to train machine-learning models — ours or anyone else's.
We do not share Your Content with advertisers.
We do not read your project audio or lyrics for any purpose other than operating the Service for you.
When you use a generation, vocal, stem, or mastering feature, the relevant prompt and/or audio is sent to the third-party provider you chose (e.g. Suno, Udio, AIVA, Stable Audio, ElevenLabs, Kits AI, LALAL.AI, Moises, LANDR). Their privacy policies govern how they handle that request. We pass only what's needed to fulfil the action.
We rely on a small set of vetted infrastructure providers to operate the Service. They process data only on our instructions and under contractual confidentiality. Categories of recipients include:
• Cloud hosting and database — Lovable Cloud, powered by Supabase.
• Email delivery and analytics providers.
• Payments and Merchant of Record — Paddle.com Market Ltd ("Paddle"). Paddle acts as the Merchant of Record (reseller) for all paid orders on BoomRiddim. When you purchase a subscription or other paid item, Paddle receives the personal data needed to process the transaction (such as name, email address, billing address, IP address, device information, and payment details) and uses it to handle checkout, billing, invoicing, fraud prevention, refunds, chargebacks, and the collection and remittance of any applicable sales tax or VAT. Paddle acts as an independent controller for that payment data. See Paddle's privacy policy at https://www.paddle.com/legal/privacy.
• Professional advisers (legal, accounting) and authorities where required by law.
We keep your account and project data for as long as your account is active. If you delete a project, it is removed from active systems and from backups within 30 days. If you delete your account, all associated personal data and projects are deleted within 30 days, except where we are required by law to keep limited records (e.g. billing).
Depending on where you live (e.g. EEA, UK, California), you may have the right to access, correct, export, or delete your personal data, to object to or restrict processing, and to withdraw consent. You can exercise most of these directly in the app, or by emailing privacy@boomriddim.com. We respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority.
Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted, logged, and limited to staff who need it. Passwords are hashed; we never store them in plaintext. No system is perfectly secure — please use a strong, unique password and enable 2FA where available.
Our infrastructure may process data in regions outside your country. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
BoomRiddim is not directed to children under 13 (or the minimum age of digital consent in your country). We do not knowingly collect data from children below that age. If you believe a child has provided us data, contact privacy@boomriddim.com and we will delete it.
We use a small number of strictly-necessary cookies for authentication and security, and (where you consent) analytics cookies to understand how features are used. You can clear cookies in your browser at any time; this may sign you out.
If we materially change this Policy, we'll notify you in-product or by email before the change takes effect.
Privacy questions: privacy@boomriddim.com.
