Hummify is built for professional audio workflows where confidentiality matters. This page explains how we protect your files, your account, and your team's data.
Hummify claims no intellectual property rights over any audio, metadata, comments, or other content you create on the platform. We act solely as a secure host for the data you upload to the platform.
Hummify does not access, analyse, or use your content to train AI models or any other machine learning systems, now or in the future.
Audio files uploaded to Hummify are never directly accessible via a public URL. Every stream is delivered through a secure content delivery layer that verifies your permission to access a file at the time of each request.
A share link gives someone permission to open a file through the Hummify player, where access is checked each time. If that link is revoked, access is denied. If the internal address of an audio file were ever exposed, it cannot be used to access the file directly. Requests without verified permission are blocked.
All data transferred between your browser and Hummify is encrypted in transit using TLS. Your files are encrypted at rest using AES-256.
Passphrases and sensitive credentials are never stored in readable form.
Authentication is handled through a dedicated, industry-standard auth system. You can sign in using a one-time passcode sent to your email, or via Google. No password is ever stored by Hummify. Sessions are managed using secure, short-lived tokens.
Access in Hummify is enforced at multiple levels. Every request to view, stream, or modify a file is checked against your role before it is permitted. See User Types for a full breakdown of what each role can do.
Hummify runs on a cloud infrastructure with isolated environments and strict internal access controls. Internal systems are granted only the minimum permissions required to perform their function.
Storage is separated by environment. File processing happens in an isolated pipeline that has no access to user account data. The delivery network sits in front of storage and enforces access checks before any content is served.
Encrypted backups are maintained for a short period to protect against accidental data loss or system failure. After that window, data is permanently deleted and cannot be recovered.
When you delete a project, its assets are removed from storage. Backups containing those files are purged within the standard retention window.
You have the right to request full deletion of your account and personal data. To make a request, contact us at support@hummify.app.
What gets deleted: Your account, your workspace, and everything within it - projects, assets, comments, version history, and all associated personal data.
What does not get deleted: Files you have uploaded to other people's workspaces. Uploaded content is tied to the workspace it belongs to, not to your personal account. If you uploaded audio to a colleague's project, that file remains in their workspace after your account is removed. Only the workspace owner has the right to request deletion of content held in their workspace.
If you have specific security questions, need information for compliance purposes, or want to report a concern, please contact us at support@hummify.app.
Need more help? Contact us.