Last updated: 12 May 2026
This policy explains how Pjesmio (operated by Mathias Salman, Austria) collects, uses and protects your personal data when you use the app and the website at pjesmio.app. We comply with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and applicable mobile app store rules.
1. Controller
Mathias Salman, Pjesmio, Austria. Contact: contact@pjesmio.app
2. Data we collect
You provide: email address, display name, optional profile picture, songs and content you publish (lyrics, chords, cover images), comments, likes, presentation rooms, and any email you send us.
Collected automatically: authentication tokens, IP address, device and browser type, request timestamps in server logs. Stored locally on your device: app preferences (language, font size) and an offline cache of the app bundle.
We do NOT collect: location, contacts, calendar, health or financial data. We do not use advertising or tracking SDKs. We do not show ads. We do not request the iOS App Tracking Transparency prompt.
3. Purposes and legal basis (Art. 6 GDPR)
Providing the service, displaying your content to other users, and operating live rooms: performance of contract (Art. 6(1)(b)). Camera, photo library and notification access: consent (Art. 6(1)(a)) through the OS prompt. Security, abuse prevention, log analysis: legitimate interests (Art. 6(1)(f)). Legal obligations: Art. 6(1)(c).
4. Device permissions
Camera and Photo Library are requested only when you actively choose to attach an image. Microphone is declared because iOS may require it for camera capture but the app does not record audio. Notifications are requested only after you enable them in settings.
5. Sharing
Your content published in Pjesmio is visible to other registered users by design. We use the following processors: Supabase Inc. (authentication, database, file storage — see supabase.com/privacy) and our hosting provider for the website and image upload endpoint. We do not sell your data. We do not share it with advertisers.
6. International transfers
Some processors operate outside the EEA. Transfers are covered by the European Commission's Standard Contractual Clauses (SCCs) and additional technical and organisational measures where appropriate.
7. Retention
Account data: as long as your account exists, deleted within 30 days after a deletion request (encrypted backups up to 90 days). User-generated content: until you delete it or your account. Server logs: up to 90 days. Support emails: up to 24 months.
8. Your rights
You have the right of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right to lodge a complaint with a supervisory authority (in Austria: Datenschutzbehörde, dsb.gv.at). Contact us at contact@pjesmio.app.
9. Account deletion
Open Settings → Legal → Delete Account inside the app. Your profile and your content are removed from active systems immediately; residual copies in encrypted backups are overwritten within 90 days. You can also request deletion by emailing contact@pjesmio.app with the subject „Delete account".
10. Children
Pjesmio is not directed at children under 16 (under 13 where COPPA applies). We do not knowingly collect data from such children. If you become aware that your child has created an account, contact us and we will delete it.
11. Security
All traffic uses HTTPS/TLS. Passwords are hashed by our authentication provider (we never see them in plain text). Database access is restricted by row-level security so that one user cannot read another user's private data.
12. Changes
We may update this policy. The current version is always accessible in the app and at pjesmio.app/privacy.html. Material changes will be announced inside the app before they take effect.