Privacy Policy

Last updated: 2026-07-17

  1. Introduction
  2. Data Controller
  3. What Data We Collect
  4. How We Use Your Data
  5. Cookies
  6. Data Sharing
  7. Your Rights Under GDPR
  8. Data Retention
  9. Data Security
  10. International Data Transfers
  11. Changes to This Policy
  12. Contact Us

1. Introduction

KaraokeCrowd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard personal information when you use our website karaokecrowd.com or our mobile apps — and how we handle publicly available information that appears in our karaoke directory (see Section 3.4).

In short:

  • We collect what's needed to run a community karaoke directory: your account details, your contributions, and basic technical data.
  • We don't sell your data and we don't do cross-site ad tracking.
  • Most processing stays in the EU; the few exceptions are listed in Sections 6 and 10.
  • You can also appear in the directory without an account — as a listed host, or in a photo. Section 3.4 explains what we do and how to object.
  • Questions or requests? Email us (Section 12). That always works.

2. Data Controller

Makerprism UG (haftungsbeschränkt)
Halbergstr. 4
66121 Saarbrücken, Germany
Email: sabine@karaokecrowd.com

3. What Data We Collect

3.1 Analytics Data

We use Google Analytics 4 to collect aggregated usage data. For visitors in the EU, EEA, Switzerland, and the UK, analytics is off until you consent. For visitors elsewhere, analytics is on by default unless you opt out with the cookie controls below.

  • Pages you visit and features you use
  • Time spent on pages
  • Approximate location (country/city level)
  • Device type, browser, and screen size

Legal basis for EU/EEA, Swiss, and UK visitors: your explicit consent (GDPR Art. 6(1)(a)).

3.2 Contributor Data

When you submit a venue, event, or correction — through the website (signed in or not), the chat assistant, or by email — we store:

  • The contribution itself, linked to your account or to the email address you used
  • Chat-assistant conversations while you work on a contribution; they expire 48 hours after your last activity (see Section 8)
  • If you report a chat problem, a debug copy of that conversation is attached to your problem report and kept with it after the 48-hour chat expiry
  • Text files you attach to the chat assistant (treated like listing text) and flyers you upload (processed only to extract listing facts)
  • Problem reports you file, linked to your account as part of the moderation history

Contributions are publicly visible on the venue/event activity feed. Whether your username is shown depends on your profile visibility setting (see Section 7.1). Guides and directory moderators who are allowed to review the report can identify your account. Legal basis: legitimate interest in maintaining data accuracy, preventing abuse, and attributing contributions (GDPR Art. 6(1)(f)).

3.3 Account Data (When You Sign Up)

If you create an account (via Google sign-in or magic-link email), we store the following:

  • Email address (and, if you sign in with Google, your Google account identifier)
  • Profile fields you set: username, display name, bio, avatar, public links, language preference
  • Social-graph state within KaraokeCrowd (not from your Google profile): friendships, venues and hosts you follow, saved locations
  • Activity: RSVPs, submitted contributions, technical events while you fill in a submission (to help us fix broken forms), login times, the time when you confirmed you are 18 or older, and the time when you accepted the Terms of Use
  • Images you upload (avatars, venue or event photos). Uploaded photos are re-encoded shortly after upload, which removes hidden metadata such as GPS coordinates (EXIF) from the images we display
  • Content you post for other singers: Memories, photos, replies, compliments, and song lists. Memories, their replies, and Memory photos are visible only to signed-in members; other content may be public depending on the feature
  • A push subscription for your browser or a push token for your phone, if you turn on notifications — deleted when you turn them off or they stop working
  • Email subscription choices and their consent records (double opt-in); every optional email includes an unsubscribe link. You can also subscribe to event digests without an account; then we store only your email address, language, and chosen area

3.4 Public Listing Data (Venues, Events, Hosts)

Our directory describes karaoke venues, events, and hosts. This section is mainly for people who appear in the directory without ever signing up — for example because you host karaoke nights.

  • Where the information comes from: the person or business themselves, community contributions, or publicly available sources such as venue websites and public social-media announcements. When a host or venue announces a karaoke event publicly (for example in a public Facebook group), we may keep a copy of the announcement — the text, any flyer image, a link to the source, and the advertising host's or venue's name — as evidence for the listing. We do our best not to keep the names of other people, such as group members commenting on a post; if your name still appears in stored evidence and you want it removed, email us and we will redact it. We may use automated tools, including AI services, to find and sort such public announcements; a person reviews them before they become listings.
  • What we publish: only information that is relevant to finding and attending karaoke — such as a host's stage name, links to public social-media profiles, and the business contact details shown on a host page.
  • Invitations: if we have verified that you run a venue or host shows, we may store your business email address and send you a one-time invitation to take over your listing, even if you have no account. You can simply ignore it; tell us if you don't want to be contacted again.
  • Photos: photos posted by other singers may show you. If you appear in a photo on KaraokeCrowd and want it taken down, email us — we remove such photos on request.
  • What you can do: claim and manage your listing, ask us to correct it, ask us to redact your name from stored evidence, or object to appearing in the directory at all (see Sections 7 and 12).

Legal basis: legitimate interest in running a public directory of karaoke events (GDPR Art. 6(1)(f)). If you object, we stop unless we have compelling legitimate grounds.

3.5 Technical Data and Logs

Like every website, we process your IP address and basic browser and device information to deliver pages, keep sign-ins secure, prevent abuse (for example, through rate limiting), and diagnose errors. Sign-in session records include the IP address and browser used. We look up the country of your IP address (on our own servers or via our CDN) to apply the correct analytics-consent default for your region and similar region-level defaults. Error reports contain technical context about what went wrong, with sensitive details such as email addresses redacted. Legal basis: legitimate interest in operating the service securely (GDPR Art. 6(1)(f)).

3.6 Location Data

"Near me" features use your device location only after you allow it in your browser or phone. We use those coordinates to find karaoke around you. The mobile Check In feature compares your device location with show candidates on your phone; it does not transmit device coordinates with your show confirmation. Saved locations are kept at city or area level. Venue and host locations shown on our maps are business addresses, not data about you. Legal basis for precise device-location processing by server-backed "near me" search: your consent through the browser or phone permission (GDPR Art. 6(1)(a)). You can refuse or revoke location permission at any time.

4. How We Use Your Data

  • Provide the product: accounts, contributions, RSVPs, follows, Memories, and notifications
  • Send sign-in links, service messages, and the emails you have opted into
  • Improve website usability and features
  • Understand which content is most useful
  • Verify and attribute community contributions
  • Keep the platform safe: moderation, abuse prevention, and error diagnosis

Legal bases: performing our contract with you for account features (GDPR Art. 6(1)(b)), your consent for analytics and optional emails (Art. 6(1)(a)), and our legitimate interests in accurate listings, security, and improving the service (Art. 6(1)(f)).

We do not make decisions about you based solely on automated processing that would have legal or similarly significant effects on you (GDPR Art. 22).

5. Cookies

We use cookies for keeping signed-in users logged in and optional analytics. We also use local storage for display and interface preferences, sign-in status hints, analytics consent, and short-lived draft and chat recovery. We do not use cookies or local storage for cross-site tracking or targeted advertising. Where cookies or local storage are not strictly necessary for a feature you asked for, we ask for your consent first (§ 25 TDDDG, GDPR Art. 6(1)(a)).

Cookie Purpose Required? Duration Control
kc_session Keeps you signed in Yes, if you sign in 30 days Sign out to end the session
_ga, _ga_<measurement-id> Google Analytics usage statistics No Cookies: up to 2 years; analytics data: up to 14 months Use the controls below to accept or decline analytics

If you are in the EU, EEA, Switzerland, or the UK, analytics stays off unless you accept it. In other regions, analytics may be on by default, but you can turn it off here at any time.

Manage Cookie Preferences

Current choice:

6. Data Sharing

We use the following processors. We do not sell or rent personal data and we do not share personal data with advertisers.

  • Google Analytics 4: aggregated usage statistics, consent-gated for EU/EEA, Swiss, and UK visitors and default-on elsewhere unless you opt out. Google Sign-In (when you choose it) returns your email and name so we can create your account.
  • Amazon SES (AWS, Frankfurt): sends sign-in emails, account notifications, and digest emails you've opted into.
  • Expo Push Service: delivers mobile push notifications to devices where you have enabled app notifications.
  • Browser push services (Google, Apple, or Mozilla, depending on your browser): deliver the web push notifications you have turned on.
  • Cloudflare: runs the content delivery network in front of our site (which processes request data such as IP addresses) and provides R2 object storage for uploaded images and encrypted database backups.
  • AWS Rekognition (Frankfurt): automated moderation of uploaded images.
  • Geocoding providers (LocationIQ, with HERE and geocode.xyz as fallback): turn addresses or place names into map coordinates and back — including your device coordinates when you use "near me" search.
  • OpenStreetMap (OpenStreetMap Foundation): maps on venue pages load directly from OpenStreetMap servers, which receive your IP address and the map section you view.
  • LLM provider for the chat assistant (currently xAI/Grok, USA; we may switch to another provider such as OpenAI or Anthropic): processes chat-assistant messages, attached text file contents, uploaded flyer images, and the listing details under discussion, so the assistant can draft contribution details. See our AI transparency page for the full picture.
  • AI classification (currently xAI/Grok, USA): sorts public social-media announcements by whether they contain karaoke information before a person reviews them (see Section 3.4).

7. Your Rights Under GDPR

Under the EU General Data Protection Regulation (GDPR), you have the following rights. We honor them for everyone who uses KaraokeCrowd, wherever you are:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data. We do not yet have a self-service "delete my account" button. To exercise this right, email sabine@karaokecrowd.com. We respond within 30 days.
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to our processing of your data — in particular to appearing in the directory or to any processing we base on legitimate interest. We then stop unless we have compelling legitimate grounds
  • Right to Withdraw Consent: Withdraw analytics consent anytime from the cookie controls
  • Right to Lodge a Complaint: Complain to a data-protection supervisory authority — for us that is the Unabhängiges Datenschutzzentrum Saarland; you can also contact the authority where you live

To exercise any of these rights, contact us at sabine@karaokecrowd.com

7.1 Privacy Controls in the Product

If you have an account, you can manage profile visibility, default RSVP visibility, friend-suggestion participation, and active sessions at /settings/preferences. Email subscriptions and location notification cadence are at /settings/notifications.

8. Data Retention

  • Account data: kept for the lifetime of your account; deleted within 30 days of an erasure request
  • Contributions and venue/event history: kept indefinitely as part of the public record. The public attribution to you is removed or anonymized when your account is deleted; your name — or, for contributions made without an account, the email address you used — can also be redacted earlier on request. The contribution itself stays
  • Listing evidence (for example a copy of a public announcement): kept while the listing needs it; personal details in it are redacted on request
  • Chat-assistant conversations (including attached text file contents): expire 48 hours after your last activity; raw flyer images uploaded to the chat assistant are not stored by KaraokeCrowd after extraction. If you report a chat problem, the debug copy attached to that report is kept with the report instead
  • Sign-in sessions: 30 days; magic-link tokens: 15 minutes
  • Push subscriptions and tokens: until you turn notifications off or they stop working
  • Email subscriptions: until you unsubscribe; consent records are kept as long as we need to prove the subscription was real
  • Email delivery protection: if an email permanently bounces or is reported as unwanted, we keep a protected identifier for the address and limited delivery details so we can stop sending to it and protect our email service. We use legitimate interests for this. Delivery-event records are kept for up to 12 months; the protected suppression identifier is kept until the block is corrected or no longer needed. If you think an address was blocked by mistake, contact us
  • Claim invitations: the invitation record is kept until it is accepted, revoked, or expired, plus a short audit trail
  • Encrypted database backups: 7 days. When we delete data, copies can remain in backups for up to 7 more days before they are overwritten
  • Analytics data: up to 14 months
  • Technical audit and error logs: up to 12 months. The contribution review history (submissions, review decisions, problem reports) is part of the public record and is kept like contributions (see above); your name can be redacted from it on request
  • Uploaded images attached to listings: kept until the entity they're attached to is removed or you request deletion

9. Data Security

We apply appropriate technical and organizational measures to protect personal data, in line with GDPR Art. 32. In plain terms: connections are encrypted (HTTPS), backups are encrypted, and access to production data is restricted to authorized personnel of the controller plus the processors listed in Section 6.

10. International Data Transfers

Most processing happens in the EU: our database, image storage, backups, email sending, image moderation, and error monitoring run in Frankfurt or other EU regions. Some recipients process data outside the EU/EEA: Google (Analytics and Sign-In), geocoding providers, push-notification delivery (Expo, Google, Apple, Mozilla), the chat-assistant LLM including the reading of uploaded flyer images (currently xAI/Grok, USA), and the AI model that sorts public announcements by whether they contain karaoke information (also USA). For these transfers we rely on EU standard contractual clauses agreed with the provider, or on the provider's certification under the EU-US Data Privacy Framework where one exists (for example Google, AWS, and Cloudflare). Both are safeguards the EU recognizes for sending personal data to other countries; you can ask us for a copy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates when changes were made. If we make material changes, we will point them out on the website.

12. Contact Us

For any questions about this Privacy Policy or to exercise your rights, contact us:

Email: sabine@karaokecrowd.com