home

Welcome, Guest!

docs

Privacy Policy

Effective Date: July 2025
Web App: HUM 'em ALL © 2025 Dokaka

You are currently reading this legal document as a guest user, and you are committed to understanding it responsibly.

1. Introduction

This Privacy Policy describes how HUM 'em ALL ("we," "our," or "the app") collects, uses, and protects your information when you use our humming-based music creation platform. We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

2.1 OAuth Authentication Data

When you sign in using third-party OAuth providers, we collect minimal information:

Google OAuth:

  • Email address only (verified address only)
  • Note: While Google's scope technically allows access to name and profile photo, our system intentionally extracts and stores only your email address

GitHub OAuth:

  • Primary verified email address only
  • Our scope is configured to request only email access

Discord OAuth:

  • Email address only (verified address only)
  • Note: While Discord's scope allows access to additional information such as user name or avatar pic, our system intentionally extracts and stores only your email address

2.2 Account Information

  • Unique display name (user-generated)
  • OAuth provider linking information
  • Account creation and last login dates
  • Current active OAuth provider

2.3 Audio Content

  • Humming audio clips uploaded by users (which are stored into R2 bucket storage on Cloudflare)
  • Audio metadata (creation / recorded date, file size, duration)
  • Songbox configurations and names
  • Publication status of audio content

2.4 Technical Data

  • User IDs which were generated via this app
  • Session tokens for authentication
  • Rate limiting and operation tracking data
  • Basic security monitoring information

3. How We Use Your Information

3.1 Core App Functionality

  • Authenticate and maintain user sessions
  • Enable audio upload, management, and sharing features
  • Display user-generated content (for published songboxes)
  • User-generated are including their humming audio data, display name, and song name
  • Facilitate community interaction through shared humming content

3.2 Account Management

  • Verify user identity for support requests
  • Enable multi-provider OAuth account linking
  • Process account deletion requests

3.3 Security and Safety

  • Monitor for suspicious or prohibited activities
  • Implement rate limiting and abuse prevention
  • Apply content moderation (NG flagging system, will be conducted regularly by app admin)

3.4 Communication

  • Respond to user support requests
  • Send account-related notifications when necessary (As for this, we think we should refrain from interacting frequently with users via EMAIL, since we want to prevent users from any phishing traps)

4. Data Sharing and Disclosure

4.1 Public Content

  • Published songboxes and associated humming clips are visible to logged-in users
  • Unpublished content remains private to the account owner
  • Guest users (not logged in) can only access administrator sample content

4.2 No Third-Party Sharing

We do not sell, rent, or share your personal information with third parties for commercial purposes. We do not share app-specific information ("who created what humming content") outside of the app environment.

4.3 Legal Requirements

We may disclose information if required by law, legal process, or to protect the rights, property, or safety of our users or others.

4.4 No personal use of any data for admin's private enjoyment

Since this app was created by Admin (Dokaka), all data can be under controlled by its admin after all. So app admin has the obligation to act in a way that earns TRUST from all users all the time.

5. Data Security

5.1 Technical Safeguards

  • Industry-standard encryption for data transmission
  • Secure OAuth implementation using established libraries
  • Strict file validation and sanitization for uploaded content
  • No CDN caching for user-generated audio content (privacy protection)

5.2 Access Controls

  • Session-based authentication with automatic expiration
  • Account lockout mechanisms for suspicious activity
  • Any restricted accounts may need to ask support channel to be restored
  • Secure file storage with obfuscated IDs

5.3 Limitations

While we implement reasonable security measures, no system is 100% secure. In the unlikely event of a security breach, the most vulnerable data would be display names, songbox names, and other internal IDs rather than OAuth account credentials, which are managed by the respective providers.

6. Your Rights and Choices

6.1 Account Control

  • Modify your display name at any time
  • Link or unlink OAuth providers (with restrictions for account security)
  • Publish or unpublish your content
  • Delete individual audio clips or entire account

6.2 Data Access

  • View all your uploaded content through the dashboard
  • Access account information through the account management page

6.3 Right to Deletion

  • Complete account deletion, including all user's associated data deletion, available through account settings (You can do so by following this order: 1 - Unpublish all songboxes, 2 - Remove all clips from songboxes, 3 - Delete all individual clips, 4 - Then delete your account, 5 - Do not forget to remove the app association via all linked OAuth provider's dashboards)
  • All associated audio content must be removed manually by user before account deletion during logging-in.
  • Manual deletion assistance available as well through support channels, in case of login issues due to any problems.

6.4 Data Portability

Audio content is downloadable by design (once published), allowing users to retain copies of their work.

7. Cookies and Local Storage

7.1 OAuth Cookies

We use secure, HTTP-only cookies for OAuth state management and session maintenance. These cookies are essential for app functionality.

7.2 Local Browser Storage

Temporary audio recordings are stored in browser memory until uploaded or discarded. This data is automatically cleared on page refresh or navigation.

8. Children's Privacy

HUM 'em ALL requires OAuth authentication through third-party providers (Google, Discord, GitHub), which have their own age restrictions. We do not knowingly collect information from children under 13 without appropriate parental consent as required by these providers.

9. International Users

Our app is hosted on Cloudflare infrastructure and may process data across multiple jurisdictions. By using our service, you consent to the transfer and processing of your data in accordance with this privacy policy.

10. Data Retention

10.1 Active Accounts

We retain your data as long as your account remains active and for the duration of our service operation (approximately 1 year from launch).

10.2 Account Deletion

Upon account deletion, all associated data is permanently removed from our systems.

10.3 Service Termination

When the app service ends (planned ~1 year or so operation), all user data, accounts, and audio content will be permanently deleted from our servers and databases.

10.4 Security Incidents

We may retain minimal security-related information for a reasonable period after service termination solely for security purposes.

11. Third-Party Services

11.1 OAuth Providers

Your authentication is handled by Google, Discord, or GitHub. Please review their respective privacy policies:

11.2 Infrastructure

We use Cloudflare for hosting and content delivery. Review their Privacy Policy for additional information.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated through the app interface or other appropriate means.

Changes will be effective immediately upon posting unless otherwise specified. Continued use of the service constitutes acceptance of modified Privacy Policy.

13. Contact Information

Privacy-related questions or requests: Contact us via your app-registered / linked email address (for identity verification)

General inquiries: Use the contact form available on our Support page

14. Data Processing Legal Basis

We process your data based on:

  • Consent: For optional features and communications
  • Contract: To provide the core app functionality you've requested
  • Legitimate Interest: For security, fraud prevention, and service improvement

This Privacy Policy is designed to be transparent about our data practices while ensuring compliance with major OAuth providers and privacy regulations. We believe in collecting only what's necessary and protecting what we collect.

Last Updated: July 14, 2025