Privacy Policy
Privacy Policy
Last updated: March 2026
1. Controller and Contact Information
The controller responsible for data processing on this website and app is:
Dr. Tina KoziolCeraluna Labs
Elchkamp 7
22846 Norderstedt
Germany
Email: ceraluna.info@gmail.com
Phone: +49 176 81336624
If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact us using the details above.
2. Data We Collect
2.1 Account (Google Sign-In)
If you choose to sign in via Google, we receive:
- Email address
- Name (as configured in your Google account)
- Profile picture URL
Legal basis: Consent (Art. 6(1)(a) GDPR) — you authorize the connection.
2.2 Technical Data (Automatically Collected)
When you visit our website or use the app, our servers automatically log:
- IP address (anonymized where possible)
- Browser type and version
- Operating system
- Referrer URL
- Pages visited and time spent
- Date and time of access
Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — security and optimization.
2.3 Favorites and Playlists
If you are signed in, we store your saved artists, genres, locations, and playlists associated with your account.
Legal basis: Contract performance (Art. 6(1)(b) GDPR) — necessary to provide the service.
3. Purposes of Processing
We process your data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing and managing your account | Contract (Art. 6(1)(b)) |
| Website security and abuse prevention | Legitimate interest (Art. 6(1)(f)) |
| Website analytics (Google Analytics — requires consent) | Consent (Art. 6(1)(a)) |
4. Recipients and Processors
We share your data with the following service providers:
4.1 Authentication
Google Sign-In
Purpose: Account authentication, if you choose to sign in.
Data shared: Email address, name, profile picture.
Location: USA (EU-US Data Privacy Framework certified)
4.2 Analytics (requires consent)
Google Analytics Opt-in
Purpose: Website usage analysis to improve our services.
Data shared: IP address (anonymized), browsing behavior, device info.
Location: USA (Standard Contractual Clauses)
Only activated if you consent via the cookie banner.
4.3 Hosting and Infrastructure
Cloudflare, Inc.
Purpose: Content delivery, security, and DNS.
Data shared: IP address, request data.
Location: Global (EU-US Data Privacy Framework certified)
Vercel, Inc.
Purpose: Website hosting and deployment.
Data shared: IP address, request data.
Location: USA
5. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), particularly in the USA. We ensure adequate protection through:
- EU-US Data Privacy Framework: EU-US Data Privacy Framework: For providers certified under this framework (e.g., Google, Cloudflare).
- Standard Contractual Clauses: Standard Contractual Clauses (SCCs): EU-approved contract terms for data transfers.
You may request a copy of the applicable safeguards by contacting us.
6. Cookies and Tracking
We use cookies and similar technologies. Our cookie consent banner allows you to choose which categories to accept:
| Category | Purpose | Consent Required |
|---|---|---|
| Necessary | Essential website functionality (session, security, consent storage) | No (always active) |
| Analytics | Understanding website usage (Google Analytics) | Yes |
You can change your preferences at any time via the cookie consent banner.
7. Data Retention
We retain your data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Server logs | 7 days |
| Analytics data | 26 months (if consented via cookie banner) |
| Consent records | 3 years after last interaction |
8. Your Rights
Under the GDPR, you have the following rights:
- Right of Access (Art. 15): Request a copy of your personal data.
- Right to Rectification (Art. 16): Correct inaccurate or incomplete data.
- Right to Erasure (Art. 17): Request deletion of your data.
- Right to Restriction (Art. 18): Limit how we process your data.
- Right to Data Portability (Art. 20): Receive your data in a machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interest.
- Right to Withdraw Consent (Art. 7): Withdraw consent at any time (does not affect prior processing).
To exercise these rights, contact us at ceraluna.info@gmail.com.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. The competent authority for us is:
Hamburg Commissioner for Data Protection and Freedom of InformationLudwig-Erhard-Str. 22
20459 Hamburg
Germany
datenschutz-hamburg.de
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- HTTPS encryption for all data transmission
- Encrypted password storage (hashing)
- Access controls and authentication
- Regular security updates
10. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on this page and updating the date above.
11. Contact Us
For any questions about this privacy policy or your personal data:
Dr. Tina KoziolCeraluna Labs
Email: ceraluna.info@gmail.com
Phone: +49 176 81336624