🎵nFluentialBack to home

Privacy Policy

Last updated: March 28, 2026

1. Who We Are

nFluential ("AffirmTune," "we," "us," or "our") is operated by Nailsmith Investments LLC. Our website is located at https://nfluenti.al. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using the Service, you agree to the collection and use of information in accordance with this Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials through our authentication provider (Clerk). If you sign in via Apple or Google, we receive basic profile information from those providers.

2.2 Platform Connection Data

When you connect a music streaming platform (e.g., Apple Music), we store encrypted OAuth access tokens and refresh tokens to interact with that platform on your behalf. Tokens are encrypted at rest using AES-256-GCM. We also store your platform user ID and username.

2.3 Music and Playback Data

We collect the following data related to your music playback:

  • Injection event logs: Which affirmations were played, when, on which platform, and after which track. This data powers your analytics dashboard.
  • Playback session data: Session start/end times, total songs tracked, total affirmations injected, and active session state.
  • Temporary track identifiers: Track IDs are used transiently for injection timing. We do not build or store a permanent record of your listening history.
  • Playlist data: When you create interleaved playlists, we store the source and generated playlist IDs, track counts, and sync state.

2.4 Affirmation Preferences

We store your affirmation preferences including enabled categories, injection frequency, volume level, and preferred voice.

2.5 Custom Affirmation Content

If you create custom affirmations (Pro tier), we store the text you provide and any generated audio files. Custom affirmation text is sent to our TTS provider (ElevenLabs) for audio generation.

2.6 Payment Information

Subscription billing is handled by Whop, Inc. We do not directly collect or store credit card numbers. We receive membership status, subscription tier, and membership ID from Whop.

2.7 Information Collected Automatically

  • Usage data: Pages visited, features used, time spent, and interactions with the Service.
  • Device information: Browser type, operating system, IP address, and device identifiers.
  • Behavioral analytics: We use Microsoft Clarity to collect anonymized session recordings, heatmaps, and behavioral analytics data (e.g., clicks, scrolls, page navigation). IP addresses are anonymized by Clarity, and no personally identifiable information (PII) is collected by this tool. See Section 8 for details.
  • Cookies: See Section 8 (Cookies and Tracking).

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service (injecting affirmations, generating playlists)
  • Authenticate you and manage your account
  • Process subscription payments via Whop
  • Send transactional emails (welcome, account updates, billing confirmations, payment warnings)
  • Provide usage analytics and personalized affirmation recommendations
  • Improve, troubleshoot, and optimize the Service
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal information to third parties.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Clerk — Authentication and user management
  • Apple Music (MusicKit) — Music streaming platform integration (playlist access, playback state)
  • Whop, Inc. — Subscription billing (payment processing, sales tax, chargebacks, PCI compliance)
  • ElevenLabs — Text-to-speech generation for affirmation audio (processes custom affirmation text)
  • Cloudflare — DNS, CDN, and audio file storage (R2 object storage for affirmation MP3s)
  • Neon — Database hosting (PostgreSQL, stores all user data)
  • Render — Redis hosting (session state, background job queue)
  • Vercel — Application hosting (serverless functions, edge network)
  • Resend — Transactional email delivery
  • Google Analytics — Website traffic and usage analytics (anonymized page views, sessions, and events)
  • Microsoft Clarity — Behavioral analytics including anonymized session recordings, heatmaps, and click tracking. Clarity anonymizes IP addresses and does not collect personally identifiable information. For more information, see Microsoft Clarity's terms.

Each provider processes data only as necessary to provide their respective services and in accordance with their own privacy policies. These providers are contractually obligated to use your information only as directed. We encourage you to review their policies.

We do not share your information for advertising purposes.

5. Data Sharing

We may share your information in the following circumstances:

  • Service providers: As listed in Section 4, to operate the Service.
  • Legal requirements: When required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights or the safety of others.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.
  • With your consent: When you explicitly authorize sharing.

6. Data Retention

We retain your data according to the following schedule:

Data CategoryRetention Period
Account informationAs long as your account is active
Platform connection tokensUntil you disconnect the platform or delete your account
Injection event logsUp to 12 months for analytics purposes
Playback session dataUp to 12 months
Affirmation preferencesAs long as your account is active
Custom affirmation contentUntil you delete the content or your account
Payment/billing dataAs required by tax and financial regulations

Upon account deletion, we delete or anonymize your personal information within 90 days, except where retention is required by law or legitimate business purposes (e.g., tax records).

7. Data Security

We implement industry-standard security measures to protect your data:

  • OAuth tokens are encrypted at rest using AES-256-GCM
  • All data is transmitted over HTTPS/TLS
  • Database connections use TLS encryption
  • Webhook signatures are verified to prevent spoofing
  • Access controls limit data access to authorized systems
  • Token encryption keys are rotated quarterly

No method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify affected users within 30 days of discovery, as required by applicable law.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in to the Service (session cookies via Clerk)
  • Remember your preferences
  • Analyze usage patterns to improve the Service (Google Analytics)
  • Collect anonymized behavioral analytics including session recordings and heatmaps (Microsoft Clarity)

Microsoft Clarity: We use Microsoft Clarity to understand how users interact with our website through session recordings and heatmaps. Clarity anonymizes IP addresses, does not collect passwords or payment information, and does not collect personally identifiable information. Clarity may use first-party cookies to maintain session state. For more information, see Microsoft's Privacy Statement.

We do not use third-party advertising cookies or tracking pixels for advertising purposes. You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

9. Your Rights

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes, and the categories of third parties with whom we share it.
  • Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain legal exceptions.
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.
  • Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information, you may request that we limit its use to what is necessary to provide the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Global Privacy Control (GPC): We recognize and honor Global Privacy Control opt-out preference signals. If your browser or extension sends a GPC signal, we will treat it as a valid opt-out request.

To exercise your rights, contact us at support@nfluenti.al. We will verify your identity and respond within 45 days.

9.2 EU/EEA Residents (GDPR)

If you are located in the EU/EEA, you have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

To exercise any of these rights, please contact us at support@nfluenti.al.

9.3 All Users

Regardless of your location, you may:

  • Access and update your account information through your account settings.
  • Delete your account by contacting us at support@nfluenti.al. We will delete your data within 90 days.
  • Opt out of marketing emails by clicking the unsubscribe link in any marketing email.
  • Disconnect streaming platforms through the Settings page at any time.
  • Request a copy of your personal data by contacting us.

10. International Data Transfers

Your information may be transferred to and processed in the United States. If you are located outside the United States, your use of the Service constitutes consent to transfer your information to the United States, where data protection laws may differ from those in your jurisdiction.

11. Children's Privacy

Our Service is not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us at support@nfluenti.al and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will provide at least 30 days' notice via email or in-app notification. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

13. Contact Us

For privacy-related questions or to exercise your rights:

Nailsmith Investments LLC
Email: support@nfluenti.al
Website: https://nfluenti.al