1 November 2025
Controller: Pianotify
Privacy contact: privacypianotifycom.
Support: contactpianotifycom.
Supervisory authority: CNIL.
This policy covers pianotify.com. It applies to visitors, account holders, and contributors of user-generated content.
Account: email, username, preferences, subscription status, purchase history via Stripe identifiers.
Usage: IP address, user-agent, timestamps, pages and events, error logs.
User content: uploaded MIDI and PDF files, YouTube URLs, related metadata and thumbnails.
Support: messages and attachments.
Billing: Stripe tokens and receipts. Pianotify does not store card numbers.
Provide and secure the Service: contract and legitimate interests.
Payments and accounting: legal obligation and contract.
Product communications: legitimate interests.
Analytics and non-essential marketing: consent.
Compliance and requests from authorities: legal obligation.
Product communications:
– Existing customers: legitimate interests with easy opt-out.
– Prospective users: consent before sending marketing emails.
AWS, region eu-west-1 (Ireland). Stripe for payments. Google Analytics and Search Console for measurements. Customer.io for transactional and, if opted-in, marketing email. Data Processing Agreements and Standard Contractual Clauses apply where transfers occur outside the EEA.
Primary hosting in the EU. Some processors may process outside the EEA. We use Standard Contractual Clauses and additional safeguards where applicable.
Where our providers are located outside the EEA, we rely on the EU-US Data Privacy Framework (where applicable) or the European Commission’s Standard Contractual Clauses, together with Transfer Impact Assessments and supplementary measures.
For the UK: where we transfer personal data to organizations that participate in the UK Extension to the EU–US Data Privacy Framework (“UK-US Data Bridge”), we rely on that adequacy decision. For other UK restricted transfers to countries without adequacy, we use the UK Addendum to the EU Standard Contractual Clauses or the UK IDTA, as applicable.
We may process HTTP referrer, UTM parameters, approximate location inferred from IP, and YouTube embed metadata (if you open third-party videos).
Third-party embeds may set their own cookies subject to your consent.
Public uploads (MIDI, PDF, cover pages), their titles, descriptions, thumbnails, tags, and your public username are crawlable by search engines and may appear in third-party search results.
You can delete them at any time; removal from search results depends on third-party crawlers.
If you link to or embed third-party content (e.g., YouTube), indexing of that third-party content is governed by the third-party’s policies.
Our marketing emails include an open and click tracking pixel. You can opt out at any time via the unsubscribe link or the Preferences center.
If you unsubscribe, we will keep your email on a suppression list to ensure you do not receive further marketing messages.
Active account: retained while in use. Deleted account: active data deleted promptly; rolling backups retained up to 30 days.
Logs: up to 12 months.
Billing records: 10 years.
Support: 24 months. Public user content: until you delete it or moderation removes it.
Suppression list: retained indefinitely to ensure no further marketing emails are sent.
You can exercise your rights by emailing privacypianotifycom. Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
We respond within one month, extendable by two months for complex requests.
Service for 16+. No deliberate collection for children under 16.
TLS in transit, AWS encryption at rest, least-privilege access, admin two-factor authentication, logging and alerting, backups with restore tests.
Unsubscribe links in every marketing email. Transactional or service emails may still be sent.
No automated decision-making producing legal or similar significant effects.
Strictly necessary (no consent): session, authentication, security, load-balancing.
Analytics (consent-based): product usage measurement (Google Analytics). Examples: "USER_SESSION" for session; "_ga*" for Google Analytics. On first visit we ask for consent. You can change choices anytime in Preferences or clear cookies in your browser. Analytics runs only after consent.
We may update this Policy. We will update the “Last updated” date and notify you of material changes by email or in-product notice.