Privacy Policy
This policy informs you, pursuant to Art. 13 & 14 GDPR, about the processing of personal data by JazzVizor / musicappvienna.com.
1. Data Controller
Michael Eckel
Ottakringer Straße 168
1160 Vienna, Austria
Email for privacy inquiries: michael@musicappvienna.com
There is no legal obligation to appoint a Data Protection Officer. For data protection matters, please contact us directly at the address above.
2. Privacy by Design — Local-Only App, No Telemetry
JazzVizor processes personal data only insofar as it is necessary for providing the app, the website, and Premium subscriptions. The app itself stores all songs, setlists, licks, and imported content exclusively on your device. The app does not embed telemetry, analytics, crash-reporting, or advertising SDKs; it does not phone home, does not run user accounts of its own, and never transmits your content to the provider.
No advertising. No data sale. No profiling. No cookies on the website. No tracking SDK in the app.
3. Data Categories & Processing Purposes
a) When visiting the website (musicappvienna.com)
| Data Category | Purpose | Legal Basis | Retention |
|---|---|---|---|
| IP address, browser type, timestamp, accessed page (server logs) | Providing the website, IT security, error analysis | Art. 6 (1) f GDPR — legitimate interest | Max. 30 days |
| Anonymous page views (GoatCounter — no cookies, no personal data, no cross-site tracking, IP only used to derive country & immediately discarded) | Understanding which content visitors find useful | Art. 6 (1) f GDPR — legitimate interest | Aggregated forever, no individual session storage |
| Email correspondence (if you write to us) | Replying to your inquiry | Art. 6 (1) b/f GDPR | Until inquiry is resolved + statutory retention if applicable |
We use GoatCounter (operated by Martin Tournoij, hosted in the EU) for privacy-friendly, cookie-less web statistics. GoatCounter does not set cookies, does not track users across sites, and does not store personal data. No cookie banner is required. More info: goatcounter.com/help/gdpr.
No newsletter or marketing emails are collected via the website.
b) When using the JazzVizor app (Free or Premium)
| Data Category | Purpose | Legal Basis | Retention / Location |
|---|---|---|---|
| Your songs, setlists, licks, imported MusicXML files, PDF leadsheets | App functionality | Art. 6 (1) b GDPR — contract fulfilment | Stored exclusively on your device. Until you delete them or uninstall the app. Never transmitted to the provider. |
| Bluetooth connection data (optional — for compatible smart glasses, e.g. Rokid CXR / Brilliant Halo) | Local transmission of chord display to paired glasses, only when explicitly enabled by the user | Art. 6 (1) a GDPR — consent (user enables the feature) | Only during the active session. No connection data is stored or transmitted to the provider. |
c) When purchasing or using a Premium subscription
Premium subscriptions are sold and processed exclusively by Apple (App Store) and Google (Play Store) as merchant of record. The provider receives only aggregated payout reports and a pseudonymous subscription-status token via the third-party service RevenueCat Inc. (subscription state management). The provider never sees credit-card numbers, billing addresses, or full user identity. These subscription tokens are not anonymous within the meaning of GDPR Recital 26 — they qualify as pseudonymous personal data because they can be used to single out a specific subscription on a specific device.
| Data Category | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Pseudonymous app-store user identifier (Apple originalTransactionId / Google purchaseToken / RevenueCat app-user ID) | Unlocking and validating Premium features on the user's devices; subscription lifecycle management (renewal, cancellation, refunds) | Art. 6 (1) b GDPR — performance of contract | Duration of the subscription + bookkeeping retention pursuant to § 132 BAO (Austrian Federal Fiscal Code — 7 years) for records relevant to the provider's own accounting |
No personal data (name, email, payment details) is shared with the provider by Apple or Google in connection with a subscription. The provider sees only a pseudonymous active-subscription token, not the identity behind it. The provider does not maintain its own user accounts. RevenueCat acts as a processor under a Data Processing Agreement pursuant to Art. 28 GDPR — see §4.
4. Recipients
The following parties may receive data in connection with the app, the website, or Premium subscriptions:
- Apple Distribution International Ltd. (Hollyhill Industrial Estate, Hollyhill, Cork, Ireland) — primary EU-facing party for App Store / iPadOS / macOS distribution and StoreKit billing · acts as independent controller for billing data and as merchant of record for EU VAT · onward transfers to Apple Inc. (Cupertino, USA) based on EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework
- Google Commerce Limited (Gordon House, Barrow Street, Dublin, Ireland) — primary EU-facing party for Play Store distribution and Play Billing on Android · acts as independent controller for billing data and as merchant of record for EU VAT · onward transfers to Google LLC (Mountain View, USA) based on EU Standard Contractual Clauses and/or the EU-US Data Privacy Framework
- RevenueCat Inc. (San Francisco, USA) — primarily a processor for the provider, acting as a technical wrapper around Apple StoreKit and Google Play Billing for subscription-status validation · contract per Art. 28 GDPR · transfers based on EU Standard Contractual Clauses
- Netlify Inc. (San Francisco, USA — website hosting provider; infrastructure regions selectable in EU where applicable) — acts as processor for server logs · contract per Art. 28 GDPR · transfers based on EU Standard Contractual Clauses
We do not use advertising trackers, analytics services inside the app (Google Analytics, Facebook Pixel, etc.), or profiling providers.
5. Data Transfer to Third Countries
Apple, Google, and RevenueCat partly process data in the United States. Such transfers are based on EU Standard Contractual Clauses (Art. 46 (2) c GDPR) and/or the EU-US Data Privacy Framework, as governed by the respective vendor's own privacy policies.
6. Your Rights as a Data Subject
You have the right at any time to:
- Access (Art. 15 GDPR) — see which data is processed about you
- Rectification (Art. 16 GDPR) — correction of inaccurate data
- Erasure (Art. 17 GDPR) — "right to be forgotten"
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR) — export your data
- Objection (Art. 21 GDPR) — against processing based on legitimate interests
- Withdrawal of consent (Art. 7 (3) GDPR) — where processing is based on consent
For any of these requests, please send an informal email to michael@musicappvienna.com. You will receive a response within 30 days.
7. Right to Lodge a Complaint
You have the right to file a complaint with a data protection supervisory authority:
Austrian Data Protection Authority (DSB)
Barichgasse 40-42, 1030 Vienna, Austria
www.dsb.gv.at · dsb@dsb.gv.at
8. Obligation to Provide Data
Providing personal data is neither legally nor contractually required to use the Free version of the app and the website. For a Premium subscription, you must have a valid Apple ID or Google Account; the data required by Apple / Google for billing is provided by you to them directly, not to the provider.
9. Automated Decision-Making / Profiling
There is no automated decision-making within the meaning of Art. 22 GDPR. The app uses algorithmic functions (e.g. scale recommendation, harmonic analysis), but these process only chord and song data — no personal data.
10. Children's Privacy
JazzVizor is a general audience tool and is not specifically directed at children under 13. The app does not provide user accounts, social features, advertising, or behavioural profiling, and does not collect personal data relating to user-created musical content. The only personal data the provider may receive in connection with the app are pseudonymous subscription identifiers from Apple or Google (see §3c), server logs (see §3a), and email correspondence you choose to send.
The app does not knowingly collect personal data from children under the applicable minimum age set out in COPPA (US: under 13) or GDPR Art. 8 (EEA: 13–16 depending on member state — 14 in Austria per § 4 Abs. 4 DSG). Should we ever introduce a feature that processes personal data of identifiable minors (e.g. accounts, cloud sync, social functions), we will obtain verifiable parental consent where required, and this Privacy Policy will be updated accordingly before activation.
11. Changes to This Privacy Policy
This privacy policy will be updated whenever new app features or legal changes require it. The current version is always available at musicappvienna.com/datenschutz.html.
Last updated: June 2026