HitZERØ logo
Create Your Sound
HomeProducersBrandsSonic Intelligence™AboutPricingAsk IAHCreate Your Sound
Legal

Privacy Policy

Last updated: May 15, 2026

This Privacy Policy explains how IAH.FIT Inc., a Delaware corporation with its principal place of business at 21750 Hardy Oak Blvd, Ste 104, San Antonio, TX 78258-4946 (“HitZERØ,” “we,” “us,” “our”), collects, uses, shares, and protects information when you use hitzero.com, hitzero.ai, hitzero.fm, and any related software, applications, APIs, and services (the “Platform”). This Privacy Policy operates alongside our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, password (stored hashed), and any profile details you choose to add. We may also collect age verification information and, for users between 13 and 17, parental consent records.

1.2 Generation Data

When you use HitZERØ to generate music, lyrics, or audio, we collect the prompts you submit, the style cues and parameters you select, the lyrics you write or request, and the resulting Creations. We also collect the Public or Private status you assign to each Creation.

1.3 Payment Information

When you subscribe or purchase Fuel, our payment processing provider collects your payment method details, billing address, and transaction records. We do not store full payment card numbers. We retain transaction summaries, plan history, and Fuel balance records.

1.4 Communications

When you contact us, respond to surveys, or interact with IAH chat features, we collect the content of those communications. IAH chat sessions are encrypted in transit and at rest.

1.5 Usage and Device Data

We collect technical information when you use the Platform, including IP address, device identifiers, browser type and version, operating system, language preference, referring pages, pages viewed, features used, time spent, and crash reports. We use cookies and similar technologies described in Section 6.

2. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the Platform and the HitZERØ generation system;
  • Generate, deliver, and store the Creations you request;
  • Process payments, manage subscriptions, and reconcile Fuel balances;
  • Personalize your experience, including station recommendations and curated content;
  • Communicate with you about your account, transactions, product updates, and Platform news;
  • Send marketing communications you have consented to receive, with an opt-out in every message;
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms;
  • Maintain content moderation systems consistent with our PG-13 standard;
  • Comply with legal obligations and respond to lawful requests.

3. AI Training and Public vs. Private Creations

Private Creations. Creations marked Private are not used by HitZERØ to train HitZERØ’s proprietary AI models, are not used for benchmarking or research, and are not included in HitZERØ Stations or curated programming. Private Creations are routed through the HitZERØ generation system, including any third-party input components described in Section 5.2, solely to generate, process, and deliver your Creation to you.

Public Creations. When you mark a Creation as Public, you grant HitZERØ the rights described in our Terms of Service, Section 3 (Public Creations). This includes using the Public Creation to train, fine-tune, and improve HitZERØ’s proprietary AI models and the Sonic Intelligence™ resonance engine, to include the Creation in HitZERØ Stations and curated programming, and to use the Creation for quality assurance, benchmarking, and Platform research.

Withdrawal. You may change a Creation from Public to Private at any time through your account settings. Withdrawal applies to future use. HitZERØ may retain and continue to use a Public Creation in models or systems where it has already been incorporated, but will not initiate new training or programming use after withdrawal.

Anonymized data for Platform improvement. Independent of the Public or Private status of any specific Creation, we use anonymized, aggregated data about Creations to improve the Platform’s models, recommendations, and services, as described in Terms of Service, Section 6.4.

Public Creations and counterparty diligence. Public Creations may inform HitZERØ’s training data ledger, which is referenced for the purpose of commercial counterparty diligence as described in Section 5.7. Counterparty diligence does not identify individual users or their specific Creations, except as necessary for diligence on a specific Creation involved in a specific transaction, and only with appropriate confidentiality protections.

4. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract. To deliver the Platform under our Terms of Service.
  • Consent. For marketing communications, non-essential cookies, and use of Public Creations for model training. You may withdraw consent at any time.
  • Legitimate interests. For Platform security, fraud prevention, content moderation, anonymized analytics, and improving our services, balanced against your rights and freedoms.
  • Legal obligation. To comply with tax, accounting, consumer protection, copyright (DMCA), and similar laws.

5. How We Share Your Information

We do not sell your personal information. We share information only as described below.

5.1 Service Providers

We share information with categories of service providers that help us operate the Platform. These providers process information on our instructions, subject to written contracts that restrict use to the services they provide. The categories include:

  • Cloud hosting and content delivery providers. Enterprise-grade cloud infrastructure providers and content delivery networks that host the Platform and serve content to you. These providers process technical data necessary to deliver the Platform, including IP addresses and request metadata.
  • Communications and email delivery providers. Platforms that send account notices, transactional messages, and marketing communications you have consented to receive. These providers receive your name, email address, and message content necessary to deliver communications.
  • Customer support and CRM providers. Platforms that manage user inquiries and lifecycle communications. These providers receive contact information and communication history necessary to support you.
  • Analytics and performance monitoring providers. Services that measure Platform performance and diagnose issues. These services receive technical usage data, including device identifiers, browser information, and crash reports.
  • Content moderation providers. Automated content moderation services that maintain the PG-13 standard described in our Terms of Service. These providers receive Creation content and metadata necessary to flag potential violations.
  • Identity and fraud prevention providers. Services that verify identity and detect abuse. These services receive limited identity and behavioral signals necessary to detect fraudulent activity.

5.2 Third-Party AI Input Components

As disclosed in our Terms of Service, Section 3, the HitZERØ generation system may incorporate vetted, ethically aligned third-party AI technologies as input components. When this occurs, the data necessary to fulfill your generation request, including prompts and parameters, is transmitted to the third-party component solely for the purpose of generating, processing, and delivering your Creation. Third-party input components operate as service providers to HitZERØ and are subject to confidentiality obligations. HitZERØ selects providers on ethical sourcing and aligned practices criteria. HitZERØ is under no obligation to disclose which components are active at any given time.

5.3 Payment Processing Providers

We use third-party payment processing providers to process subscription and Fuel pack transactions. Payment processors handle your payment method information under their own privacy policies and PCI-DSS compliance programs. We receive transaction confirmations and limited billing information sufficient to manage your account.

5.4 Marketing and Affiliate Tracking Providers

We use third-party marketing automation, CRM, and affiliate tracking providers to manage marketing communications, attribution, and customer lifecycle messaging. These providers receive your name, email address, and engagement data necessary to deliver the messages you have consented to receive and to attribute affiliate referrals.

5.5 Legal Process and Safety

We may disclose information when we believe in good faith that disclosure is required by law, valid legal process, court order, or government request, or is reasonably necessary to protect the rights, property, or safety of HitZERØ, our users, or the public, including to enforce our Terms of Service or to investigate suspected fraud or abuse.

5.6 Business Transfers

If HitZERØ is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice on the Platform or by email before your information becomes subject to a different privacy policy. In the diligence phase, we treat user data and account information as confidential, subject to standard confidentiality agreements, as described in Terms of Service, Section 18.

5.7 Commercial Counterparties

For bona fide commercial transactions involving Creations, including label signings, publishing deals, sync licenses, advertising placements, brand partnerships, and platform acquisitions, HitZERØ may, at its discretion and subject to confidentiality protections, share Creation provenance records, summary information from our training data ledger, content moderation records, and account compliance status, as described in Terms of Service, Sections 16, 17, and 18. The Privacy Policy’s confidentiality posture matches the Data Confidentiality commitment in Section 18 of the Terms of Service. We do not share prompt content, lyrics drafts, or other private user data for this purpose without your consent or legal compulsion.

5.8 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, for any purpose, including research, benchmarking, and public reporting.

6. Cookies and Similar Technologies

We use cookies, local storage, pixels, and similar technologies for the following purposes:

  • Strictly necessary. Authentication, session management, security, and load balancing.
  • Functional. Preferences, language, station selections, and UI state.
  • Analytics. Aggregate usage measurement, feature adoption, and performance monitoring.
  • Marketing. First-party re-engagement on HitZERØ properties, affiliate attribution, and campaign measurement, where you have consented.

Our marketing cookies operate on a first-party basis on HitZERØ properties and do not enable cross-context behavioral advertising as defined by the CPRA. You can manage non-essential cookies through the cookie banner, your browser settings, or, where applicable, a Global Privacy Control signal, which we honor as a do-not-sell and do-not-share request under California law.

7. Data Retention

We retain personal information for as long as needed to provide the Platform and to fulfill the purposes described in this Privacy Policy, then delete or anonymize it. Specific retention windows include:

  • Account data. For the life of your account, plus up to ninety (90) days after account closure for backup, audit, and fraud prevention purposes.
  • Creations. Stored in your account until you delete them or close your account. Public Creations that have already been incorporated into trained models may persist in those models, as described in Section 3.
  • Transaction records. Retained for the period required by tax, accounting, and consumer protection laws, typically seven (7) years.
  • IAH chat sessions. Retained until you delete them through your account settings, or for the life of your account.
  • Server logs and security data. Typically ninety (90) days, longer where necessary to investigate a specific incident.
  • Training data ledger entries. Retained indefinitely as part of HitZERØ’s documentation of training data sources and license basis. Where ledger entries derive from user Creations marked Public, those entries are retained for as long as the corresponding model versions remain in operation, plus a reasonable archive period.
  • Anonymized data. Retained indefinitely for Platform improvement and research, as it can no longer be associated with you.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS) and at rest, access controls, least-privilege provisioning, audit logging, vendor risk reviews, and incident response procedures. No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify you and the applicable authorities as required by law.

9. Your Rights and Choices

9.1 All Users

You may access, correct, or delete your account information from your account settings. You may opt out of marketing communications at any time using the unsubscribe link in any message or by contacting us. You may set Creations to Private to prevent their use in HitZERØ model training and curated programming.

9.2 California (CCPA and CPRA)

If you are a California resident, you have the right to: know what personal information we collect, use, disclose, and sell or share; access copies of your personal information in a portable format; correct inaccurate personal information; delete your personal information, subject to legal exceptions; limit our use and disclosure of sensitive personal information; and opt out of the sale or sharing of personal information. We do not sell your personal information. Our marketing cookies operate on a first-party basis on HitZERØ properties and do not enable cross-context behavioral advertising as defined by the CPRA. We honor Global Privacy Control signals as a valid opt-out request. To exercise these rights, contact us at privacy@hitzero.com. We will not discriminate against you for exercising your rights.

9.3 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the UK, or Switzerland, you have the right under the GDPR or UK GDPR to: access your personal data; rectify inaccurate data; erase your data (right to be forgotten), subject to legal exceptions; restrict processing; object to processing based on legitimate interests; data portability; and withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal. You also have the right to lodge a complaint with your local data protection authority.

9.4 Other Jurisdictions

Residents of other US states with comprehensive privacy laws, including Colorado, Connecticut, Virginia, Utah, Texas, and others, have rights similar to those described above. We honor verifiable consumer requests to access, correct, delete, and obtain portable copies of personal information, subject to applicable law.

10. Data Subject Rights Request Procedure

To exercise any right described in Section 9, submit a request to privacy@hitzero.com. We will:

(a) Acknowledge your request within ten (10) business days;
(b) Verify your identity using account credentials or other reasonable means to protect against fraudulent requests;
(c) Respond substantively within forty-five (45) days, or ninety (90) days in complex cases with notice of the extension;
(d) Provide our response in a portable, readable format where applicable;
(e) Notify you if we cannot fulfill the request in whole or in part, with our reasons.

If we deny your request, you may appeal by replying to our response or by contacting privacy@hitzero.com with “Appeal” in the subject line. We will review the appeal within forty-five (45) days. If we deny the appeal, we will inform you of any further options available, including the right to file a complaint with the applicable data protection authority or attorney general.

We do not charge a fee for first or second requests within a twelve (12) month period. We may charge a reasonable fee for excessive, repetitive, or manifestly unfounded requests.

11. Privacy Posture for Commercial Counterparties

For record labels, publishers, sync agencies, distributors, brand partners, advertising agencies, and investors evaluating engagement with HitZERØ or HitZERØ users:

(a) HitZERØ does not sell user data and does not enable cross-context behavioral advertising.

(b) User Creation data, prompt content, lyrics drafts, and account information are treated as confidential and are not shared with third parties for marketing or commercial purposes outside the limited circumstances described in this Policy.

(c) For bona fide commercial transactions involving specific Creations, HitZERØ may share Creation provenance records, summary information from the training data ledger, content moderation records, and account compliance status, subject to confidentiality protections and the limitations described in Section 5.7 of this Policy and Section 17 of the Terms of Service.

(d) For M&A diligence, financing, or investment evaluations, HitZERØ shares user data only under executed confidentiality agreements and only as necessary for the diligence purpose, consistent with Section 18 of the Terms of Service.

(e) HitZERØ maintains records of its training data sources and model training events in the training data ledger described in Section 6.2 of the Terms of Service.

This information is provided for the convenience of commercial counterparties evaluating HitZERØ’s data handling posture. It does not create direct contractual privity between HitZERØ and any counterparty.

12. International Data Transfers

HitZERØ is based in the United States. When you use the Platform, your information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. Where required by law, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses and adequacy decisions, to protect your information when it crosses borders.

13. Children’s Privacy

The Platform is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If we learn we have collected personal information from a child under 13 without verifiable parental consent, we will delete it promptly in accordance with the Children’s Online Privacy Protection Act (“COPPA”). If you believe a child under 13 has provided us with personal information, contact us at privacy@hitzero.com.

Users between 13 and 17 may use the Platform only with the consent and supervision of a parent or legal guardian, who is responsible for the minor’s use of the Platform. We process minors’ data with additional care, including limiting marketing communications and applying conservative defaults.

14. DMCA and Copyright Notices

We process notices of alleged copyright infringement under the procedure set out in our Terms of Service, Section 11. We process the personal data necessary to evaluate, respond to, and act on these notices, including the contact information of notice senders and the account information of users identified in notices, as required by 17 U.S.C. § 512.

15. Third-Party Links and Services

The Platform may contain links to third-party sites, services, or content. This Privacy Policy does not apply to third-party services, and we are not responsible for the privacy practices of any third party. Review the privacy policies of those services before providing information to them.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will give at least thirty (30) days’ notice on the Platform or by email before they take effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Platform after the effective date constitutes acceptance.

17. Contact Us

IAH.FIT Inc. is a Delaware corporation.

Registered office (Delaware): 16193 Coastal Highway, Lewes, DE 19958, USA

Principal place of business (Texas): 21750 Hardy Oak Blvd, Ste 104, San Antonio, TX 78258-4946, USA

For privacy questions, requests to exercise your rights, or data protection inquiries, contact us at privacy@hitzero.com.

For other inquiries, contact legal@hitzero.com.