← Back to Home

Privacy Policy

Last Updated: March 8, 2026

1. Introduction

Background Noises by Third Space ("Company," "we," "our," or "us") is committed to protecting your privacy. Background Noises is a product of Third Space. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service — including the Background Noises app, Binaural Builder, our website, iOS apps, Android apps, and related applications (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy. If you do not agree with our policies, please do not use the Service.

Account Data: Background Noises uses a single account for all features including ambient sound generation and the Binaural Builder. Your account information, authentication status, generation credits, and usage data are associated with your account. Generation credits are universal and can be used across all features.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address and password when you create an account, or basic profile information (name, email) when you sign in with Apple or Google
  • Third-Party Sign-In: If you use Sign in with Apple or Sign in with Google, we receive your email address and a unique identifier from those services. We do not receive your Apple ID password or Google password.
  • Payment Information: Billing details processed securely through Stripe (web), Apple App Store (iOS), or Google Play (Android). We do not store your full credit card number or payment credentials.
  • Preferences: Your music preferences, style selections, binaural settings, and custom binaural presets you create
  • Communications: Information you provide when contacting our support team

2.2 Information Collected Automatically

  • Usage Data: Track history, listening patterns, and feature usage
  • Usage Statistics: Listening minutes, session counts, streaks, and preferred styles for your personal stats dashboard
  • Device Information: Browser type, operating system, device type, and device identifiers
  • Mobile Device Data: On iOS and Android apps, we may collect device model, OS version, app version, and anonymous usage analytics to improve the app experience
  • Log Data: IP address, access times, pages viewed, and referring URLs
  • Cookies and Local Storage: Session cookies, authentication tokens, and local storage for service functionality and offline access

2.3 Health and Fitness Data (Apple HealthKit)

The Background Noises iOS app may integrate with Apple HealthKit to read and/or write mindfulness and meditation session data. If you grant HealthKit access:

  • Data Written: Meditation session duration and mindfulness minutes may be written to HealthKit to help you track your wellness activities alongside other health data
  • Data Read: We may read existing mindfulness data to display your meditation history and trends within the app
  • No Sharing: HealthKit data is never shared with third parties, used for advertising, or transmitted to our servers. All HealthKit data remains on your device
  • No Marketing: We do not use HealthKit data for marketing, analytics, or any purpose other than displaying your personal health information to you
  • Optional: HealthKit integration is entirely optional. You can deny or revoke HealthKit access at any time in your device Settings without affecting the core functionality of the app

This data handling complies with Apple's HealthKit guidelines. We do not use HealthKit data to serve advertising, and we do not disclose HealthKit data to third parties.

2.4 Feature-Specific Data Collection

Background Noises collects data specific to the features you use:

  • Ambient Sounds: Sound category preferences, session durations, ambient style selections, brainwave preset choices, and playback history
  • Binaural Builder: Custom journey configurations (carrier frequencies, beat frequencies, segment durations, intensity levels), saved journey presets, and playback history

All data is stored under your Background Noises account. Generation credits and account-level data (email, subscription status, payment history) are associated with your single account.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Create audio tracks based on your preferences
  • Send you service-related communications (account verification, billing, updates)
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

3.1 Legal Basis for Processing (GDPR)

If you are in the EEA, UK, or another jurisdiction requiring a legal basis, we process your data under:

  • Contract Performance (Article 6(1)(b)): Account creation, audio generation, subscription management, and delivering the Service you requested
  • Legitimate Interest (Article 6(1)(f)): Service improvement, analytics, fraud prevention, and security measures
  • Consent (Article 6(1)(a)): Marketing communications and non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation (Article 6(1)(c)): Tax and financial record retention, responding to lawful government requests

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

  • Stripe: Payment processing and subscription management for web purchases
  • Apple: In-App Purchase processing and subscription management for iOS app purchases. Apple's privacy policy applies to transactions made through the App Store.
  • Google: In-App Purchase processing and subscription management for Android app purchases. Google's privacy policy applies to transactions made through Google Play.
  • Cloud Hosting: Data storage and infrastructure (Render for API/worker services, PostgreSQL for database)
  • Audio Processing: Third-party audio processing services
  • Redis: Job queue management for background processing
  • HubSpot: Customer relationship management, support ticket routing, and marketing communications (with your consent)
  • Analytics: Service usage analysis
  • Modal: Cloud-based audio processing infrastructure used to generate and process binaural beat audio. Audio data is processed on Modal servers and returned to our systems.
  • AWS S3 (or S3-compatible storage): Secure cloud storage for generated audio tracks, and music library assets.
  • AWS CloudFront: Content delivery network (CDN) for efficient, low-latency audio streaming. Audio files are served via time-limited signed URLs through CloudFront edge locations.
  • Cloudflare: DNS, CDN, and security services including bot protection (Turnstile). Cloudflare may process IP addresses and browser metadata for security purposes.

4.2 Authentication Providers

If you choose to sign in using third-party authentication:

  • Apple: Sign in with Apple provides your email (or a private relay email) and a unique identifier. Apple does not share your Apple ID password with us.
  • Google: Sign in with Google provides your email, name, and profile picture (if available). Google does not share your Google password with us.

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect our rights, privacy, safety, or property.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing (bcrypt)
  • JWT-based authentication tokens
  • Secure webhook signature verification for payment processing
  • Database encryption at rest
  • Regular security assessments
  • Access controls and authentication

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5.1 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (GDPR Article 34). For California residents, we will comply with California Civil Code §1798.82 breach notification requirements.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Specific retention periods:

  • Account Data: Retained while your account is active
  • Audio Tracks: Stored in your library for up to 180 days from creation. Tracks not accessed within 30 days are moved to cost-efficient storage. After 180 days, audio files are automatically removed from cloud storage. You may download or re-generate tracks at any time while they are available. Pre-rendered sample tracks (free plan) are retained indefinitely.
  • Custom Binaural Presets: Stored until you delete them or your account is terminated
  • Processing Job Data: Temporary processing data retained for up to 30 days for debugging and recovery purposes
  • Payment History: Retained as required by law and for accounting purposes (7 years for tax compliance)
  • Usage Statistics: Listening minutes, streaks, and preferences retained while account is active
  • Subscription Data: Records of subscription purchases (Stripe, Apple, or Google) retained for billing dispute resolution
  • Local Device Storage: The mobile application may automatically save audio tracks to your device after playback to enable offline listening and reduce data usage. This occurs only over Wi-Fi by default. Locally stored tracks remain on your device until you clear them via Account settings, uninstall the app, or the cache limit (default 2 GB) is reached, at which point the oldest tracks are removed automatically. You can disable auto-save or clear all locally stored tracks at any time from the Storage & Offline section in your Account settings. No locally cached data is transmitted back to our servers.

We may retain certain information after account deletion for legitimate business purposes (such as legal compliance, dispute resolution, or enforcing our agreements).

7. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Restrict Processing: Request limitation of how we use your data

To exercise these rights, please contact us at joshua@thirdspaced.com. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences and settings
  • Understand how you use our Service
  • Improve our Service based on usage patterns

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.

8.1 Cookie Categories

We use the following categories of cookies:

  • Strictly Necessary Cookies: Required for the Service to function. These include authentication tokens, session cookies, and CSRF protection. Cannot be disabled.
  • Functional Cookies: Remember your preferences such as theme, volume settings, and playback options. These enhance your experience but are not strictly necessary.
  • Analytics Cookies: Help us understand how you use the Service so we can improve it. These collect aggregated, anonymized usage data. We use Sentry for error tracking and performance monitoring (see Section 8.3).

We do not use advertising cookies or tracking cookies. We do not serve third-party advertisements.

8.2 Mobile App Tracking

Our iOS and Android apps do not use advertising tracking or sell your data to advertisers. We collect only the minimum data necessary to provide and improve the Service:

  • iOS: We do not request App Tracking Transparency permission as we do not track users across other companies' apps or websites for advertising purposes
  • Android: We do not use the Advertising ID for cross-app tracking
  • Analytics: We may collect anonymous, aggregated usage statistics to understand feature usage and improve the app experience

8.3 Error Tracking and Performance Monitoring

We use Sentry (sentry.io) for error tracking and performance monitoring on both web and mobile platforms. When an error occurs, Sentry may collect:

  • Error messages and stack traces (technical diagnostic data)
  • Device type, operating system, and browser/app version
  • Anonymous session identifiers
  • Page/screen where the error occurred

This data is used solely to identify and fix bugs. It is not used for advertising or marketing.

8.4 Over-the-Air Updates (Mobile Apps)

Our mobile apps use Expo Updates to deliver bug fixes and improvements without requiring a full app store update. When your app checks for updates, it communicates with Expo's servers (u.expo.dev) to determine if a new update is available. This process transmits your app version and a runtime identifier but does not transmit personal information. Update checks occur automatically when the app launches.

9. Children's Privacy

The Service is not intended for children under 13 years of age (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, primarily the United States. These countries may have different data protection laws.

For transfers from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, and our service providers' compliance with applicable data protection frameworks.

By using the Service, you acknowledge that your data will be processed in the United States and other jurisdictions where our service providers operate.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA):

  • Right to Know: You have the right to know what personal information is collected, used, shared, or sold
  • Right to Delete: You have the right to request deletion of your personal information
  • Right to Correct: You have the right to request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the sale or sharing of personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information
  • Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights

11.1 Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

While we do not engage in the "sale" or "sharing" of personal information as defined by the CCPA/CPRA, you may still submit a request by emailing privacy@thirdspaced.com with the subject line "Do Not Sell or Share."

11.2 Authorized Agents

You may designate an authorized agent to submit a request on your behalf. The agent must provide proof of authorization (such as a signed written permission or power of attorney). We may require you to verify your identity directly before fulfilling a request submitted by an agent.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including:

  • Access (Article 15): Request a copy of your personal data
  • Rectification (Article 16): Correct inaccurate personal data
  • Erasure (Article 17): Request deletion of your data
  • Restriction (Article 18): Request limitation of processing
  • Portability (Article 20): Receive your data in a machine-readable format
  • Object (Article 21): Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing or analytics at any time

Our legal basis for processing is described in Section 3.1 above.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed in violation of the GDPR. A list of EEA supervisory authorities is available at edpb.europa.eu.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Third Space, LLC
General: joshua@thirdspaced.com
Privacy & Data Requests: privacy@thirdspaced.com
Mailing Address: Third Space, LLC, 1309 Coffeen Avenue STE 1200, Sheridan, WY 82801, United States

For GDPR data subject requests or CCPA privacy rights requests, please email privacy@thirdspaced.com with the subject line "Data Request" or "CCPA Request." We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA), as required by applicable law.

By using Background Noises, you acknowledge that you have read and understood this Privacy Policy.