Privacy policy

This privacy notice describes how personal data is processed in connection with the Chords365 web application and related websites. Our aim is to explain, in a transparent and understandable way, what data we process, for what purposes, on what legal bases, for how long we keep it, and what rights you have.

Back to main page

1. Controller and data processed

The controller for the Chords365 service is its operator: Benjámin Szabó. Contact: [email protected]. When you use the service, we primarily process data needed to create and manage your account, support group collaboration, manage setlists and calendar entries, and operate the service securely.

  • Account and identification data: name, email address, identification data received from your Google account, login tokens and session identifiers.
  • Usage and group data: group membership, group-admin roles, and data related to songs, setlists, events, calendar entries, settings and device pairing.
  • Technical and security data: server logs, error reports, browser and device information, IP address, cookies and similar technologies where needed for operation, security or consent-based statistical error tracking.

2. Purposes and legal bases

We process personal data to provide the service, manage user accounts, enable sign-in, operate group collaboration, preserve user settings, provide support, prevent abuse, investigate errors, and establish, exercise or defend legal claims. The main legal bases are performance of a contract or steps prior to entering into a contract, legitimate interest in operating a secure and reliable service, compliance with legal obligations, and consent for optional cookies and error-tracking features where consent is required.

3. Recipients and processors

We disclose or make personal data available only to the extent necessary. Recipients may include hosting, infrastructure and proxy providers, Google as the sign-in provider, the email delivery provider, Cookiebot CMP, and, with consent, the Sentry error-tracking service. Within a group, certain data - such as name, email address, group membership, event and setlist relations - may be visible to other group members or group admins to the extent needed for the group to function. Transfers to third countries take place only where required by the relevant provider's operation and where appropriate safeguards are available.

4. Retention

We keep data only for as long as necessary for the relevant processing purpose. Account and group-membership data is processed while the account exists; after account deletion, personal data is deleted or anonymized unless a legal obligation or the defence of legitimate claims requires longer retention. Session and login tokens, deletion tokens, logs and technical data may be kept for shorter periods aligned with security and operational needs. For group content, songs, setlists or events may remain for the operation of the group, while the deleted user's personal link is anonymized.

5. Data security

We apply reasonable technical and organizational measures to protect personal data, including access restrictions, permission levels, secure sign-in flows, logging, backups and regular maintenance. As an internet service, risk cannot be eliminated entirely, but we aim to process data in line with necessity, proportionality and data protection by design.

6. Your rights

You have the right to request information and access to your personal data, to request rectification, erasure or restriction of processing, to object to processing based on legitimate interest, and to request data portability where the legal conditions apply. You can exercise your access and portability rights immediately and self-service: on the Settings → Account page, the "Download my data" button lets you download a copy of the data we hold about you in machine-readable (JSON/CSV) and human-readable form; you can also start account deletion there, in the Danger zone. Where processing is based on consent, you may withdraw consent at any time; this does not affect the lawfulness of processing before withdrawal. You can also submit requests at [email protected].

7. Remedies and changes

If you believe that the processing of your personal data is unlawful, please contact us first at [email protected]. You also have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH; 1055 Budapest, Falk Miksa utca 9-11.; naih.hu; [email protected]), or to turn to a court. We may update this notice from time to time; the current version is always available on this page.

8. Cookies and local storage

Chords365 may use cookies and local-storage items that are necessary for sign-in, session management, security, language and interface settings, offline operation and PWA features. Optional statistical or error-tracking technologies are activated only after the relevant consent has been given. This includes anonymous, internal performance measurement (Real User Monitoring), which measures interface load and response times without identifying users and is likewise tied to statistics consent. You can change or withdraw your cookie consent at any time.

Current cookie list

The list below is generated automatically by Cookiebot CMP based on the latest cookie scan.