Privacy Policy

The operator of this website is responsible for the processing of personal data within the meaning of the GDPR. For privacy enquiries please use the contact form on this website.

• Email address: When you create an account your email address is stored. It is used for authentication and, where necessary, to send transactional emails (e.g. password reset).
• Spotify credentials (admins only): When you connect your Spotify account we store temporary access tokens (access token and refresh token). These are used exclusively for music playback and search via the Spotify API and are never shared with third parties.
• Guest token: Guests receive an anonymous, randomly generated token (UUID) on their first visit, stored locally in the browser. This is used to attribute votes and contains no personal data.
• Nickname: Guests may voluntarily choose a display name visible to other party guests. This is stored in the database and linked to the guest token.
• Contact requests: When you use the contact form we process your name, email address and the content of your message. These data are used exclusively to handle your request and are not stored permanently.

Processing is carried out to perform the service (Art. 6(1)(b) GDPR) and, where necessary, on the basis of legitimate interests (Art. 6(1)(f) GDPR). No automated decision-making or profiling takes place.

• Spotify Technology S.A. (Luxembourg): For music playback and search. Privacy policy: spotify.com/privacy
• Supabase, Inc. (USA): For database hosting and authentication. Data is stored in the EU. Privacy policy: supabase.com/privacy
• Vercel, Inc. (USA): For hosting the web application. Privacy policy: vercel.com/legal/privacy-policy
• Resend (Functional Software, Inc., USA): For sending transactional emails (contact form, password reset). Emails are processed via servers in the EU. Privacy policy: resend.com/legal/privacy-policy
• Stripe, Inc. (USA): For payment processing. Stripe's privacy policy applies: stripe.com/privacy

Account data is stored as long as the account is active. After account deletion all personal data is deleted within 30 days. Anonymous guest tokens and associated votes may be retained for statistical purposes for a longer period.

You have the right to access, rectification, erasure, restriction of processing, data portability and the right to object. You also have the right to lodge a complaint with a data protection supervisory authority.

To exercise your rights please use the contact form on this website or the account deletion feature in the account settings.

This website does not use tracking cookies. Only technically necessary data is stored in browser local storage (guest token, display name, superlike timestamps). These data do not leave your browser except in connection with the described app functions.

We reserve the right to update this Privacy Policy as needed. The current version is always available on this page.