Skip to Content
LegalPrivacy Policy

Privacy Policy

This Privacy Policy explains how SongUp processes personal data when you use the official hosted SongUp service at songup.tv.

1. Controller

The controller for data processing described in this Privacy Policy is:

Matthias Mandler
Sole proprietorship (Einzelunternehmen ohne Firmenbucheintrag)
Wiener Strasse 3
7551 Stegersbach
Austria
General contact: help@songup.tv
Privacy contact: privacy@songup.tv

No data protection officer has been appointed.

2. What SongUp does

SongUp is a hosted music queue service. Hosts can create rooms, play music through YouTube on a central screen, and allow guests to search for songs and add them to a shared queue.

Some features are available without logging in. Other features, including creating and purchasing Pro rooms, require sign-in with Google.

3. Categories of personal data we process

Depending on how you use SongUp, we may process the following categories of data:

3.1 Data you provide directly

  • Google account information provided during sign-in,
  • room-related settings, including fallback playlists and queue limits,
  • nicknames,
  • song search queries,
  • selected songs and queue actions,
  • support messages sent to us.

3.2 Technical and usage data

  • analytics and usage events collected through PostHog,
  • device and browser-related metadata collected through PostHog in cookieless mode,
  • session replay data after sign-in,
  • server and request logs processed by Vercel,
  • limited backend operational data processed by Convex.

If you purchase a Pro room, payment-related data is processed by Stripe and/or Link.com (by Stripe).

SongUp itself does not store your payment card details.

3.4 Third-party service data

When you use Google sign-in, YouTube playback, YouTube search-related functionality, or Stripe services, those providers may also process personal data under their own privacy notices.

We process personal data only where we have a legal basis under applicable data protection law.

4.1 To provide the service

We process room data, queue actions, selected songs, fallback playlists, nicknames, and necessary technical data to operate SongUp and provide the features you use.

Legal basis: performance of a contract or steps prior to entering into a contract under Art. 6(1)(b) GDPR.

4.2 To manage signed-in accounts and Pro rooms

If you sign in with Google or purchase a Pro room, we process account and transaction-related data to authenticate you, create the room, and provide paid features.

Legal basis: Art. 6(1)(b) GDPR.

4.3 To secure, maintain, and improve SongUp

We process logs, analytics, and technical usage information to detect misuse, ensure stability, troubleshoot errors, monitor performance, and improve the service.

Legal basis: legitimate interests under Art. 6(1)(f) GDPR.

Our legitimate interests are the secure, reliable, abuse-resistant, and economically sustainable operation of SongUp.

If you contact us, we process your message and related information to respond and document the request where necessary.

Legal basis: Art. 6(1)(b) GDPR if the request relates to our services or a contract; otherwise Art. 6(1)(f) GDPR.

We may process personal data where necessary to comply with legal obligations, enforce legal claims, or respond to lawful requests from authorities.

Legal basis: Art. 6(1)(c) GDPR and, where applicable, Art. 6(1)(f) GDPR.

4.6 For newsletters and product updates

If SongUp offers newsletters or product updates to signed-in users, related contact and preference data will be processed for that purpose.

Legal basis: consent under Art. 6(1)(a) GDPR where required by law, and otherwise Art. 6(1)(f) GDPR for service-related communications.

5. Sign-in with Google

If you choose to sign in, SongUp uses Google Sign-In.

In that case, SongUp receives account data made available through the Google sign-in process and uses it to authenticate you and associate your account with SongUp features such as Pro room creation and management.

6. YouTube playback, search, and playlists

SongUp uses YouTube and YouTube Music functionality in several ways:

  • the host page uses an embedded YouTube player via youtube-nocookie.com,
  • guest song search queries are sent through SongUp’s backend to YouTube Music search functionality,
  • custom playlists or fallback playlists may be fetched from YouTube Music.

The embedded player is loaded once playback starts on the host page.

Even when privacy-enhanced mode is used, Google/YouTube may process personal data once the player is loaded or a video is played.

7. Analytics and similar technologies

SongUp uses PostHog with EU data residency.

7.1 Cookieless analytics

SongUp uses PostHog in cookieless mode by default. In this mode, analytics events are collected without using analytics cookies.

7.2 Identified analytics after sign-in

If you sign in with Google, analytics data may be associated with your SongUp user ID.

7.3 Autocapture and session replay

  • Autocapture is active.
  • Session replay is active only after sign-in.

We use these features to understand product usage, diagnose issues, and improve SongUp.

7.4 Functional storage

SongUp may use browser storage or similar technologies where technically necessary for the service to function.

8. Recipients and processors

We may share personal data with service providers that process data on our behalf, including:

  • Vercel for website hosting and operational logs,
  • Convex for backend and production database services,
  • PostHog for analytics,
  • Google for sign-in,
  • YouTube / YouTube Music for playback, search, and playlists,
  • Stripe and Link.com for payments and billing-related functions.

We may also disclose data where required by law or where necessary to establish, exercise, or defend legal claims.

9. International data transfers

SongUp is operated from Austria, but some service providers may process data in other countries.

In particular:

  • Vercel is used with hosting in Frankfurt,
  • PostHog is used with EU data residency,
  • Convex is used with backend infrastructure in the United States,
  • Google, YouTube, Stripe, and Link.com may process data in countries outside the EEA.

Where personal data is transferred outside the EEA, SongUp relies on appropriate safeguards where required by law, such as adequacy decisions, standard contractual clauses, or another lawful transfer mechanism used by the relevant provider.

10. Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

In particular:

  • Room data is deleted after 48 hours for free rooms.
  • Pro room data is deleted after 7 days.
  • Selected songs are deleted immediately after playback.
  • Nicknames for users who are not logged in may remain in the database after the active session ends, become inaccessible after the session expires after 7 days, and are deleted after 30 days.
  • Analytics data in PostHog is retained according to the SongUp/PostHog setup unless deleted earlier.
  • Payment records are stored by Stripe and/or Link.com under their own retention practices and legal obligations.
  • Support emails are kept only for as long as reasonably necessary to handle the matter and meet legal obligations.
  • Server logs are retained for operational and security purposes for as long as needed under the relevant hosting setup.

11. Your rights

Subject to the requirements of applicable law, you may have the right to:

  • access your personal data,
  • request correction of inaccurate data,
  • request deletion of your data,
  • request restriction of processing,
  • object to processing based on legitimate interests,
  • receive a copy of data you provided in a portable format where applicable,
  • withdraw consent at any time where processing is based on consent,
  • lodge a complaint with a supervisory authority.

To exercise your rights, contact: privacy@songup.tv

You can also contact the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
Austria
Email: dsb@dsb.gv.at

12. How to object or request deletion

You can contact SongUp at privacy@songup.tv to request deletion or to object to certain processing.

Room data usually expires automatically based on the retention periods above. Users cannot directly self-delete room data through the interface at this time.

13. Children

SongUp is not directed to children or schools.

Because explicit music videos may be played through the service, hosts are responsible for controlling who can view content played in their rooms.

14. Security

SongUp uses reasonable technical and organizational measures to protect personal data, taking into account the nature of the data and the risks involved.

However, no online service can guarantee absolute security.

15. Changes to this Privacy Policy

SongUp may update this Privacy Policy from time to time.

The version published on songup.tv applies from the time it is made available there, unless a different effective date is stated.

16. Contact

General support: help@songup.tv
Privacy: privacy@songup.tv

Last updated on
HomeTerms of Service