Privacy Policy

Last updated: 2026-05-24

1. Introduction

KaraokeCrowd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our website karaokecrowd.com — both as a visitor and as a signed-in user.

2. Data Controller

3. What Data We Collect

3.1 Analytics Data

We use Google Analytics 4 to collect aggregated usage data. For visitors in the EU, EEA, Switzerland, and the UK, analytics is off until you consent. For visitors elsewhere, analytics is on by default unless you opt out with the cookie controls below.

• Pages you visit and features you use
• Time spent on pages
• Approximate location (country/city level)
• Device type, browser, and screen size

Legal basis for EU/EEA, Swiss, and UK visitors: your explicit consent (GDPR Art. 6(1)(a)).

3.2 Contributor Data

When you submit a venue, event, or correction — either through the website (if signed in) or by email — we store the contribution along with a link to your account or the email address you used. Contributions are publicly visible on the venue/event activity feed. Whether your username is shown depends on your profile visibility setting (see Section 7.1). Legal basis: Legitimate interest in maintaining data accuracy and attributing contributions (GDPR Art. 6(1)(f)).

3.3 Account Data (When You Sign Up)

If you create an account (via Google sign-in or magic-link email), we store the following:

• Email address
• Profile fields you set: username, display name, bio, avatar, public links, language preference
• Social-graph state: friendships, venues and hosts you follow, saved locations
• Activity: RSVPs, submitted contributions, contribution-flow diagnostics, login times, the time when you confirmed you are 18 or older, and the time when you accepted the Terms of Use
• Images you upload (avatars, venue or event photos)

4. How We Use Your Data

• Improve website usability and features
• Understand which content is most useful
• Verify and attribute community contributions

5. Cookies

We use cookies for two things: keeping signed-in users logged in, and optional analytics. We do not use cookies for ads or cross-site tracking.

If you are in the EU, EEA, Switzerland, or the UK, analytics stays off unless you accept it. In other regions, analytics may be on by default, but you can turn it off here at any time.

6. Data Sharing

We use the following processors. We do not sell or rent personal data and we do not share data for advertising purposes.

• Google Analytics 4 — aggregated usage statistics, consent-gated for EU/EEA, Swiss, and UK visitors and default-on elsewhere unless you opt out. Google Sign-In (when you choose it) returns your email and name so we can create your account.
• Amazon SES (AWS, Frankfurt) — sends sign-in emails, account notifications, and digest emails you've opted into.
• Cloudflare R2 — object storage for uploaded images and nightly database backups.
• AWS Rekognition — automated moderation of uploaded images.
• Geocoding providers (LocationIQ, with HERE and geocode.xyz as fallback) — turn the location you type into latitude/longitude.
• Self-hosted GlitchTip — application error monitoring and contribution-flow diagnostics.

7. Your Rights Under GDPR

Under the EU General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access:Request a copy of your personal data
• Right to Rectification:Correct inaccurate or incomplete data
• Right to Erasure:Request deletion of your data. We do not yet have a self-service "delete my account" button — to exercise this right, email sabine@karaokecrowd.com. We respond within 30 days.
• Right to Restrict Processing:Limit how we use your data
• Right to Data Portability:Receive your data in a portable format
• Right to Object:Object to our processing of your data
• Right to Withdraw Consent:Withdraw analytics consent anytime from the cookie controls

To exercise any of these rights, contact us at sabine@karaokecrowd.com

7.1 Privacy Controls in the Product

If you have an account, you can manage profile visibility, default RSVP visibility, friend-suggestion participation, and active sessions at /settings/preferences. Email subscriptions and location notification cadence are at /settings/notifications.

8. Data Retention

Account data: kept for the lifetime of your account; deleted within 30 days of an erasure request. Contributions and venue/event history: kept indefinitely as part of the public record (your name can be redacted on request — the contribution itself stays). Sign-in sessions: 30 days; magic-link tokens: 1 hour. Encrypted database backups: 7 days. Analytics data: up to 14 months. Uploaded images: kept until the entity they're attached to is removed or you request deletion.

9. Data Security

We apply appropriate technical and organizational measures to protect personal data, in line with GDPR Art. 32. Access to production data is restricted to the data controller listed in Section 2.

10. International Data Transfers

Most processing happens in the EU (the database, R2 storage, SES email, and our own GlitchTip instance run in Frankfurt or other EU regions). Google Analytics, Google Sign-In, and AWS Rekognition may process data outside the EU/EEA — both Google and AWS are certified under the EU-US Data Privacy Framework.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates when changes were made. Continued use of the website constitutes acceptance of the updated policy.

12. Contact Us

For any questions about this Privacy Policy or to exercise your rights, contact us: