Privacy Policy

This Privacy Policy (“Policy”) explains what personal data Pook Audio collects, why we collect it, how it is used, who it is shared with, and how it is protected. We are committed to being transparent about our data practices and to respecting your privacy rights.

“Pook Audio” (also referred to as “we,” “us,” or “our”) is the data controller responsible for your personal data. Pook Audio is a trading name of Ayal Yishay, sole proprietor, operating under the laws of the State of Israel.

This Policy applies to all personal data collected through the Pook software (audio plugin and standalone application), the website at pookaudio.com, the Discover community platform, the cloud backend, and all related features and services (collectively, the “Service”).

By creating an account, installing the Software, or otherwise using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices as described herein, you should not use the Service.

This Policy should be read in conjunction with our Terms of Service, which govern your use of the Service.

We collect different categories of personal data depending on how you interact with the Service. Below is a detailed breakdown of the data we collect, organized by category.

2.1 Account Data (from sign-in)

When you create an account using a third-party identity provider (such as Google or Apple), we receive and store the following information from your identity provider:

• Email address
• Full name
• Profile picture (if available from the identity provider)
• Unique identifier from the identity provider

We do not receive or store your password from any identity provider. Authentication is handled entirely by the third-party provider.

2.2 Profile Data (you provide)

You may optionally provide additional information to personalize your public profile on Discover:

• Display name
• Bio / description
• Website URL
• Social media links
• Custom avatar image

Profile data you provide is displayed publicly on Discover and is visible to other Users. Do not include sensitive personal information in your profile.

2.3 Device Data

When you activate the Software on a device, we collect a machine identifier. This identifier is a unique, non-reversible hash derived from hardware characteristics of your device. It is used solely for device activation and enforcing the single-device licensing restriction described in our Terms of Service. We do not collect your device name, serial number, or other directly identifying hardware information.

2.4 Usage Data

When you use the Service, we collect information about your interactions, including:

• Conversation history— your prompts, instructions, and the AI-generated responses in the plugin generation process.
• Generated plugins— the plugins you create, including associated metadata and screenshots.
• Credit transactions— records of credit purchases, consumption, and generation history.
• Discover activity— plugins you publish, browse, add to your library, or modify.
• Feature usage— which features of the Service you use and how frequently.

2.5 Technical Data

We automatically collect certain technical information when you use the Service, including:

• IP address
• Browser type and version (when using the website)
• Plugin version and format (VST3, AU, AAX)
• Operating system and version
• DAW (digital audio workstation) name and version
• Approximate geographic location (derived from IP address, city/country level only)

2.6 Sensitive Personal Information

Pook Audio does not intentionally collect sensitive personal information, including but not limited to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation. Please do not submit sensitive personal information through the Service, including in prompts, profile fields, or plugin descriptions. If you do submit such information, you consent to its processing in accordance with this Policy.

We use the personal data we collect for the following purposes:

• Provide and operate the Service — authenticate your identity, maintain your account, generate plugins based on your prompts, store your plugin library and conversation history, process Credit transactions, and enable Discover features.
• Enforce terms and limits— manage device activation, enforce single-device licensing, track Credit usage, apply rate limits, and detect and prevent violations of our Terms of Service.
• Improve and develop the Service — analyze usage patterns and trends, conduct internal research, improve AI generation quality, and develop new features. Where possible, we use anonymized or aggregated data that cannot reasonably be used to identify individual Users.
• Community features— display your public profile and published plugins on Discover, enable other Users to browse and interact with your published content, and facilitate community engagement.
• Communicate with you— send service notifications, account-related alerts, security warnings, subscription and billing updates, and information about changes to our Terms or this Privacy Policy. With your consent, we may also send promotional communications about new features or offers.
• Security and fraud prevention— detect, investigate, and prevent unauthorized access, abuse, fraud, and other harmful or illegal activity. Protect the rights, property, and safety of Pook Audio, our Users, and the public.
• Legal compliance— comply with applicable laws, regulations, legal processes, or enforceable governmental requests. Establish, exercise, or defend legal claims.

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Israel, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR), UK GDPR, and the Israeli Privacy Protection Law 5741-1981, as applicable:

• Performance of a contract— processing necessary to provide the Service to you, including account creation and authentication, plugin generation, library storage, Credit management, device activation, and Discover features. This is the primary legal basis for most of our data processing.
• Legitimate interests— processing necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes improving and developing the Service using aggregated analytics, detecting fraud and abuse, ensuring network and information security, and internal administrative purposes. We carefully balance our interests against your privacy in each case.
• Legal obligation— processing necessary to comply with legal or regulatory requirements to which Pook Audio is subject, including tax and accounting obligations, responding to lawful requests from public authorities, and data retention requirements.
• Consent— where required by applicable law, we rely on your consent for specific processing activities, including sending promotional or marketing communications, setting non-essential cookies, and sharing data with third parties for purposes not covered by the other legal bases. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

If we intend to use your personal data for a purpose not described in this Policy, we will notify you and, where required by law, obtain your consent before doing so.

We share your personal data with the following categories of third-party service providers, solely to the extent necessary for the purposes described below. We require all third-party providers to respect the security and confidentiality of your personal data and to process it only in accordance with our instructions and applicable data protection laws.

• AI service providers— your prompts, conversation history, and related inputs are transmitted to third-party AI providers for the purpose of generating plugins. These providers process your data under their own terms and data processing agreements. Pook Audio does not use your prompts or conversations to train AI models. We select providers that commit to not using your data for their own model training purposes.
• Cloud infrastructure providers — we use third-party cloud services for hosting, database management, file storage, and content delivery. Your data is stored on secure, encrypted servers operated by these providers.
• Authentication providers— sign-in is handled through third-party identity providers (such as Google and Apple). These providers authenticate your identity and share limited account information with us as described in Section 2.1.
• Paddle (payment processing)— Paddle (Paddle.com Market Limited) is our merchant of record and handles all payment processing, billing, invoicing, tax calculation, and refunds. Pook Audio does not directly process, store, or have access to your payment card information, bank account details, or other financial data. Paddle's collection and use of your payment data is governed by Paddle's Privacy Policy.
• Analytics providers— we may use third-party analytics tools (such as Google Analytics) to help us understand how the website is used, measure traffic, and improve the Service. These tools may collect information about your use of the website through cookies and similar technologies. See Section 8 (Cookies & Tracking) for more details.

Pook Audio does not sell your personal data to third parties. We do not share your personal data with third parties for their own direct marketing purposes.

We may also disclose your personal data if required to do so by law, regulation, legal process, or governmental request, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.

In the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, your personal data may be transferred to a successor entity as part of that transaction. We will notify you of any such change and the choices you may have regarding your personal data.

Pook Audio is based in Israel. Your personal data is stored and processed on cloud infrastructure primarily located in the United States, and may also be accessed from Israel and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

Israel has been recognized by the European Commission as providing an adequate level of data protection. For transfers of personal data from the EEA or UK to countries that have not received an adequacy decision (such as the United States), we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK Information Commissioner's Office (ICO), or other legally recognized transfer mechanisms.

If you have questions about the safeguards we use for international data transfers, please contact us at support@pookaudio.com.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Policy, or as required by applicable law. The specific retention periods depend on the nature of the data and the purpose of processing:

• Account data— retained for as long as your account is active. Upon account deletion, personal data is deleted or anonymized within 30 days, except where retention is required by law.
• Profile data— retained for as long as your account is active and deleted upon account deletion, subject to the 30-day processing period.
• Conversation history— retained for as long as your account is active and deleted upon account deletion, subject to the 30-day processing period.
• Generated plugins— remain stored while your account is active. Plugins published on Discover that other Users have added to their libraries may persist after your account is deleted.
• Credit transaction history— retained for as long as required for accounting, tax, and legal compliance purposes (typically 7 years under Israeli tax law).
• Technical logs— IP addresses, access logs, and similar technical data are retained for up to 90 days for security and debugging purposes, after which they are deleted or anonymized.
• Device identifiers— retained for as long as your account is active and deleted upon account deletion.

When personal data is no longer needed for its original purpose and there is no legal requirement to retain it, we will securely delete or irreversibly anonymize it.

8.1 What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently, provide reporting information, and assist with personalization. Cookies may be “session” cookies (deleted when you close your browser) or “persistent” cookies (remaining on your device for a set period or until you delete them).

8.2 Cookies We Use on pookaudio.com

The website uses the following categories of cookies:

• Essential cookies— required for the website to function correctly. These include cookies for authentication, session management, and security. You cannot opt out of essential cookies as they are strictly necessary for the website to operate.
• Analytics and performance cookies — we may use analytics services (such as Google Analytics) to collect information about how visitors use the website, including which pages are visited most frequently, how long visitors spend on pages, and how they arrived at the site. This information is used to improve the website and is processed in aggregated, non-identifying form. Analytics cookies are loaded only on our public marketing pages, and only after you provide consent through our cookie banner. They are not loaded on sign-in, activation, or account pages. These cookies may be set by third-party analytics providers.

8.3 The Pook Plugin

The Pook plugin communicates with our servers for authentication, plugin generation, and data synchronization. These communications use standard HTTPS requests and authentication tokens — no tracking cookies, advertising pixels, or third-party tracking technologies are used within the plugin itself.

8.4 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified before a cookie is set. Please note that disabling essential cookies may affect the functionality of the website.

For more information about cookies and how to manage them, visit:

• www.allaboutcookies.org
• www.youronlinechoices.eu (for EU residents)

8.5 Do Not Track

Some browsers transmit “Do Not Track” (DNT) signals to the websites you visit. There is currently no universally accepted standard for how websites should respond to DNT signals. At this time, pookaudio.com does not respond to DNT signals, but we limit our use of tracking technologies as described in this section.

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

• Right of access— you have the right to request a copy of the personal data we hold about you, together with information about how we process it.
• Right to rectification— you have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to erasure (“right to be forgotten”) — you have the right to request that we delete your personal data, subject to certain legal exceptions (for example, where we are required to retain data for legal or accounting purposes).
• Right to data portability— you have the right to request your personal data in a structured, commonly used, machine-readable format. This includes your profile information, prompts, conversation history, and Credit transaction history. Generated Plugins are service output rather than personal data and are not included in data portability requests.
• Right to restrict processing— you have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.
• Right to object— you have the right to object to our processing of your personal data where we rely on legitimate interests as a legal basis, including objecting to the use of your data for Service improvement and analytics.
• Right to withdraw consent— where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
• Right to lodge a complaint— you have the right to lodge a complaint with your local data protection authority if you believe that our processing of your personal data violates applicable law.

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@pookaudio.com. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request. If your request is complex or you have made multiple requests, we may extend the response period by an additional 60 days, in which case we will notify you of the extension and the reasons for it.

These rights are provided under the General Data Protection Regulation (GDPR) for EU/EEA residents, the UK GDPR and UK Data Protection Act 2018 for UK residents, the Israeli Privacy Protection Law 5741-1981 for Israeli residents, and similar data protection regulations worldwide. Some rights may be limited where we have a legal obligation to retain data, a legitimate overriding interest, or where the exercise of rights would adversely affect the rights and freedoms of others.

You also have the right to delete your account at any time through the application settings or by contacting us. Upon account deletion, we will process the deletion of your personal data as described in Section 7 (Data Retention).

Certain areas of the Service are public, including your Discover profile and any plugins you publish to Discover. Information you choose to make available in these public areas — including your display name, avatar, bio, and published plugins — is visible to all Users of the Service and may be indexed by external search engines.

Please exercise caution when sharing information in public areas. Do not include personal information in plugin descriptions, prompts, or public profile fields that you would not want to be publicly accessible. Pook Audio is not responsible for the use or misuse of information you make publicly available.

If you unpublish a plugin from Discover, it will be removed from public visibility. However, copies of that plugin already added to other Users' libraries will remain, and cached or indexed versions may persist on external search engines for a period of time outside of our control.

Pook Audio implements and maintains appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, destruction, or accidental loss. These measures include but are not limited to:

• Encrypted connections (HTTPS/TLS) for all data transmitted between your device and our servers.
• Encryption of personal data at rest on our cloud infrastructure.
• Access controls and authentication mechanisms to limit access to personal data to authorized personnel only.
• Secure credential storage — authentication tokens on your device are stored using the operating system's native credential storage (e.g., macOS Keychain, Windows Credential Manager).
• Regular security reviews and updates to our infrastructure and software.

Despite our efforts, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your personal data. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected Users and the relevant data protection authorities in accordance with applicable law, without undue delay.

The Service is not directed at, intended for, or designed to be used by individuals under the age of 18. Pook Audio does not knowingly collect, solicit, or process personal data from children under the age of 18.

If we become aware that we have collected personal data from a child under 18 without verifiable parental consent, we will take steps to delete such data promptly. If you believe that a child under 18 has provided personal data to us, please contact us immediately at support@pookaudio.com so that we can take appropriate action.

Pook Audio may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or operational needs. When we make changes, we will update the “Last updated” date at the top of this page and publish the revised Policy at pookaudio.com/legal/privacy.

For material changes that significantly affect how we collect, use, or share your personal data, we will provide additional notice via email (to the address associated with your account) or through a prominent in-app notification at least 30 days before the changes take effect.

Your continued use of the Service after any changes to this Policy constitutes your acceptance of the updated Policy. If you do not agree with the revised Policy, you should stop using the Service and delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. This section supplements the rest of this Privacy Policy with information required under California law.

14.1 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email address, unique account ID, device identifier, IP address)
• Internet or other electronic network activity information (browsing history on our website, interaction with the Service, feature usage)
• Geolocation data (approximate location derived from IP address)
• Commercial information (Credit purchase and transaction history, subscription status)
• Professional or employment-related information (only if voluntarily provided in your profile)

The sources, purposes, and third-party disclosures for each category are described in Sections 2, 3, and 5 of this Privacy Policy.

14.2 Your California Rights

As a California resident, you have the right to:

• Right to know— request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your personal information.
• Right to delete— request that we delete the personal information we have collected about you, subject to certain exceptions permitted by law (such as data retained for legal or accounting purposes).
• Right to correct— request that we correct inaccurate personal information we maintain about you.
• Right to opt-out of sale or sharing — Pook Audio does not sell your personal information and does not share your personal information for cross-context behavioral advertising purposes. Therefore, there is no need to opt out.
• Right to non-discrimination— we will not discriminate against you for exercising any of your CCPA rights. We will not deny you the Service, charge you different prices, provide a different quality of service, or retaliate against you for exercising your rights.

14.3 Exercising Your Rights

To exercise your California privacy rights, please contact us at support@pookaudio.com. We will verify your identity before processing your request by matching information you provide with information we have on file. We will respond to verifiable consumer requests within 45 days. If we need more time (up to an additional 45 days), we will notify you of the reason and the extension period in writing.

You may designate an authorized agent to submit requests on your behalf. If you use an authorized agent, we may require proof that you have authorized the agent to act on your behalf and may still require you to verify your identity directly with us.

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data practices, please contact us at:

Email: support@pookaudio.com

Data Controller:
Ayal Yishay, operating as Pook Audio
Israel

We are committed to resolving any complaints about your privacy and our collection or use of your personal data. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For Israeli residents, this is the Israeli Privacy Protection Authority (PPA). For EU/EEA residents, you may contact the supervisory authority in your country of residence.