lyric lab logo
← Back to Home

Privacy Policy

INTRODUCTION

LyricLab is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. By using our Platform, you acknowledge you have read and understood it.

1. WHO WE ARE (DATA CONTROLLER)

LyricLab is the data controller responsible for your personal data. We operate at lyriclab.com and app.lyriclab.com and are based in England, United Kingdom. For all privacy-related enquiries, see Section 14.

2. WHAT DATA WE COLLECT

We collect only the data necessary to provide and improve the LyricLab service. We do not ask for or collect your physical address.

2a. Data You Provide Directly

  • • Name: collected at registration to personalise your account
  • • Email address: used for account access, service communications, and support
  • • Password: stored securely using one-way hashing; we never store plain-text passwords
  • • Lyrics and document content: text you write or save in the Document page
  • • AI tool inputs: text you submit to any of our AI features
  • • Feedback submissions: content you voluntarily submit via the feedback feature

2b. Data Collected Automatically

  • • IP address: collected temporarily when you visit the subscription page, processed via ipwhois solely to determine your approximate geographic region for currency display purposes (GBP, EUR, or USD). Your IP address is not stored or linked to your account after this lookup.
  • • Usage data: pages visited, features used, session duration, browser type
  • • Session cookies: to keep you logged in and maintain your preferences

2c. Data from Third Parties

Stripe provides us with your subscription status, plan type, and billing dates. We do not receive or store your card number or full payment details.

3. HOW WE USE YOUR DATA

We use your personal data for the following purposes:

  • • To create and manage your LyricLab account
  • • To process subscription payments and manage billing through Stripe
  • • To provide and operate all Platform features including AI tools
  • • To process your text inputs through our AI tools via the OpenAI API
  • • To determine the appropriate subscription currency based on your IP-detected region
  • • To respond to your feedback and support requests
  • • To send essential service communications (billing alerts, policy updates)
  • • To monitor platform security and prevent abuse
  • • To comply with our legal obligations under UK law
  • • To analyse aggregate, anonymised usage patterns to improve the Platform

We will NOT sell your data to third parties, use it for profiling, or use it for automated decision-making that produces significant legal effects on you.

4. LOCATION DETECTION (IPWHOIS)

On the subscription page, we use the ipwhois service to detect your approximate geographic region based on your IP address. This is used solely to display the correct subscription price in the appropriate currency:

  • • GBP (£) for users in England and the United Kingdom
  • • EUR (€) for users in other European countries
  • • USD ($) for users in the United States
  • • USD ($) for users in all other regions

How this works:

  • • Your IP address is sent to ipwhois to retrieve your country/region
  • • The lookup result (country code) is used to select the correct currency
  • • Your IP address is NOT stored by LyricLab after this lookup
  • • This lookup is not linked to your account or user profile
  • • No personal profile is created from this location data

This processing is carried out under the legal basis of Legitimate Interests (UK GDPR Article 6(1)(f)), as it is a necessary and privacy-minimal way to show you accurate pricing in your local currency.

5. LEGAL BASIS FOR PROCESSING (UK GDPR)

We rely on the following lawful bases for processing your personal data:

  • • Contract (Article 6(1)(b)): Processing your account data and subscription is necessary to perform our contract with you
  • • Legitimate Interests (Article 6(1)(f)): For security monitoring, fraud prevention, IP-based currency detection, and service improvement, where our interests are not overridden by your rights
  • • Legal Obligation (Article 6(1)(c)): Where required to comply with UK law, such as financial record-keeping
  • • Consent (Article 6(1)(a)): For non-essential cookies and any optional marketing communications

6. AI FEATURES & OPENAI PROCESSING

Our AI tools (Rhyme Assistant, Artist Info, Rhyme Dictionary, Prompt Suggestions, Synonyms, Antonyms) are powered by the OpenAI API.

When you use these features, the text you input is transmitted to OpenAI's servers for processing. You should be aware that:

  • • Text inputs to AI tools are sent to and processed by OpenAI
  • • OpenAI acts as a data processor under a data processing agreement
  • • OpenAI has stated that API data is not used to train their models by default
  • • We recommend you do not include sensitive personal information in AI tool inputs
  • • AI outputs are returned to you and may be stored as part of your document data

You can review OpenAI's API data practices at: openai.com/policies/privacy-policy

7. STRIPE & PAYMENT PROCESSING

All subscription payments are processed by Stripe, a PCI DSS-compliant payment processor.

  • • Your card details are entered directly into Stripe's secure environment
  • • LyricLab never sees, receives, or stores your card number or CVV
  • • Stripe shares with us only your subscription status, plan type, and billing cycle dates
  • • Stripe's own privacy practices apply to payment data: stripe.com/en-gb/privacy

8. DATA SHARING & DISCLOSURE

We do not sell, rent, or trade your personal data. We share data only in these limited circumstances:

  • • Service Providers: Stripe (payments), OpenAI (AI processing), and ipwhois (currency detection), all operating under appropriate data processing agreements or terms
  • • Legal Requirements: If required by law, court order, or to protect the rights and safety of LyricLab or others
  • • Business Transfer: In the unlikely event of a merger or acquisition, we will notify you before any personal data is transferred to a new entity

9. DATA RETENTION

We retain your personal data only as long as necessary:

  • • Account data (name, email): Retained while your account is active. Deleted within 90 days of account closure upon request.
  • • Lyric and document data: Retained while your account is active. You can delete documents at any time from within the app.
  • • Payment records: Retained for up to 7 years to comply with UK financial and tax regulations.
  • • Feedback submissions: Retained for up to 2 years for product improvement purposes.
  • • Usage and log data: Retained for up to 12 months.
  • • IP address (currency lookup): Not retained after the subscription page lookup is complete.

10. DATA SECURITY

We implement appropriate technical and organisational measures to protect your data, including:

  • • HTTPS encryption for all data in transit
  • • Passwords stored using secure one-way hashing
  • • Access controls limiting internal access to personal data
  • • Regular security reviews of systems and third-party integrations
  • • Secure payment processing through PCI DSS-compliant Stripe infrastructure

11. YOUR RIGHTS UNDER UK GDPR

As a data subject, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you (Subject Access Request).

Right to Rectification

You can ask us to correct inaccurate or incomplete data we hold about you.

Right to Erasure

You can request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.

Right to Restriction

You can ask us to restrict how we process your data in certain circumstances.

Right to Data Portability

You can receive your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

Right to Complain

You have the right to lodge a complaint with the ICO if you believe we have mishandled your data.

ICO Contact Details:

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk

12. COOKIES

LyricLab uses cookies on our website and application.

  • • Strictly Necessary Cookies: Required for the Platform to function (e.g. keeping you logged in). These cannot be disabled.
  • • Preference Cookies: Remember your in-app settings and preferences.
  • • Analytics Cookies: Help us understand how users interact with the Platform (used only with your consent).

13. CHILDREN'S PRIVACY

LyricLab is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If we become aware this has occurred, we will delete the data promptly. Users aged 13 to 17 should use the Platform only with parental or guardian consent.

14. CHANGES TO THIS POLICY

We may update this policy from time to time. When we make material changes, we will:

  • • Update the "Last Updated" date at the top of this policy
  • • Notify registered users by email at least 14 days before changes take effect
  • • Display a notice within the Platform

15. CONTACT US

For any questions about this Privacy Policy or to exercise your data rights, please contact us:

LyricLab – Data Controller

Website: https://lyriclab.com

Privacy Enquiries: admin@lyriclab.com

General Support: support@lyriclab.com

Jurisdiction: England & Wales, United Kingdom

We aim to respond to all privacy-related requests within 30 days.

© 2026 LyricLab. All rights reserved.