Privacy Policy

At song.so, we take the protection of your personal data very seriously. In this privacy policy, you will learn what data we collect, how we use it, and what rights you have.

By using our WebApp, you consent to the processing of your data in accordance with this privacy policy.

We process the following types of data, among others:

• Personal information (e.g., name, email address during registration)
• Information about your device and internet connection
• Usage data and technical logs
• With consent: Device data for user recognition (fingerprinting)

We use your data to:

• Provide and improve our services
• Measure clicks on smartlinks and provide anonymized statistics to artists
• Communicate with you about your account
• Ensure the security of our platform
xx

We use cookies and similar technologies to collect usage data and improve functionality. For device recognition, we use Fingerprint.js - only with your express consent, which you can revoke at any time through our cookie settings.

4.1 Data Controller

The controller responsible for data processing on this website is:

SwipeUp Marketing

Philipp Lützenburger

Äußere Münchener Straße 78
83026 Rosenheim
Germany

Tel.: +498031 9075997

Email: info@swipeup-marketing.com

VAT ID: DE330019410

4.2 General Information on Data Processing

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data regularly occurs only with the consent of users or when processing is permitted by statutory provisions.

4.3 Hosting and Content Delivery Network

Our website is hosted by Netlify. The provider is Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, California 94104, USA. Data processing may occur in a third country (USA). Netlify is certified under the EU-U.S. Data Privacy Framework.

We also use Cloudflare as our CDN and security service provider. The provider is Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is also certified under the EU-U.S. Data Privacy Framework.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and high-performance website provision)

4.4 Database: Supabase

For the storage and management of user data, we use Supabase, a service provided by Supabase Inc., 970 Toa Payoh North, #07-04, Singapore. Our data is stored exclusively in a data center in Frankfurt am Main, Germany.

Legal basis: Art. 6(1)(b) GDPR (contract fulfillment) or Art. 6(1)(a) GDPR (consent)

4.5 User Identification: Fingerprint.js

We use FingerprintJS for pseudonymized user recognition and abuse prevention. The provider is FingerprintJS Inc., 2261 Market Street #4010, San Francisco, CA 94114, USA. The generated fingerprints are anonymized and not linked to other data.

Legal basis: Art. 6(1)(a) GDPR (consent)

4.7 Google Sign-In (OAuth)

For registration and login, we use the authentication function of Google Sign-In. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When using Google Sign-In, we receive access to certain profile information (e.g., email address) if you have consented to this.

Legal basis: Art. 6(1)(a) GDPR (consent)

4.8 Forwarding to third-party providers for marketing purposes

With the express consent of the user, we send certain data (e.g. interactions, registrations) on the server side to the following platforms:

• Meta Platforms Ireland Ltd. (Conversion API)
• TikTok Technology Limited (TikTok Events API)

This serves to measure campaign performance and optimize our advertising.

• Mailgun Technologies Inc.
• Sand Dune Mail Ltd (SMTP2GO)

This is used to send transactional and marketing mail.

Legal basis: Art. 6(1)(a) GDPR (consent)

4.9 Embedded Content from Third-Party Providers

Our website may embed content from third-party providers such as YouTube, Vimeo, or SoundCloud. When loading this content, personal data (e.g., IP address, browser data) may be transferred to these providers.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner / content blocker)

We store personal data only for as long as is necessary to achieve the purposes stated or as required by law.

According to the GDPR, you have the right at any time to:

• Access information about your stored data
• Rectify incorrect data
• Delete your data ("Right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw your consent with effect for the future

To exercise your rights, you can contact us anytime via email:
privacy@song.so