Tune Perfect
Join Lobby

Privacy Policy

Last updated: June 8th, 2025

1. Data Controller and Contact Information

Responsible Party (Controller)

The data controller for this website is the operator of Tune Perfect, a non-commercial open-source project. You can contact us at support@tuneperfect.org or through our GitHub repository.

Data Protection Officer

If you have questions about data protection, you can contact us at support@tuneperfect.org.

2. General Information About Data Processing

Scope of Personal Data Processing

We process personal data of our users only to the extent necessary to provide a functional website and our gaming services. Tune Perfect is a non-commercial, open-source project that does not generate revenue. The processing of personal data takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Legal Basis for Data Processing

Insofar as we obtain consent from the data subject for personal data processing operations, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of providing our free gaming service, Art. 6 para. 1 lit. b GDPR serves as the legal basis.

When processing personal data that is necessary for compliance with a legal obligation, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

When processing personal data that is necessary to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest (such as maintaining the security and functionality of our free service) and if the interests, fundamental rights and freedoms of the data subject do not outweigh this interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3. Server Log Files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. f GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

4. Website Analytics with PostHog

We use PostHog, an open-source product analytics platform, to better understand how our users interact with our website. This helps us improve our services and provide a better user experience. PostHog is configured to respect your privacy and operates in a cookie-less mode.

What data do we collect?

  • Pageviews and Events: We track which pages you visit and what actions you take, such as starting a download. This includes information like your operating system, browser version, and screen resolution.
  • Anonymized Data: We do not store your full IP address. User identification is managed in-memory and does not persist across sessions, meaning we do not track you over time.

Why do we collect this data?

  • To analyze website traffic and user behavior to improve our content and offerings.
  • To identify which platforms (e.g., Windows, macOS, Linux) are most popular for downloads.
  • To monitor the performance and stability of our website.

The legal basis for this processing is our legitimate interest (Art. 6 para. 1 lit. f GDPR) in optimizing and securing our website. For more information, please refer to PostHog's Privacy Policy.

5. Information We Collect

Account Information

  • Email address (required for account creation and verification)
  • Username (optional, for your profile display)
  • Password (securely hashed and stored)
  • Profile image (optional)

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)

OAuth Information

  • When you sign in with Discord or Google, we store your account ID from those services
  • We do not store your passwords from third-party services

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)

Game Data

  • Your game scores and high scores
  • Lobby participation data
  • Game session information

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of contract)

Technical Information

  • User agent information (for security purposes)
  • Session tokens (for keeping you logged in)
  • Account creation and update timestamps
  • IP addresses (for security and fraud prevention)

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests in security and fraud prevention)

6. How We Use Your Information

  • To create and manage your account
  • To provide the karaoke gaming experience
  • To save your game progress and high scores
  • To enable multiplayer lobby functionality
  • To send account verification emails
  • To maintain the security of your account and prevent fraud
  • To comply with legal obligations
  • To improve our services based on usage patterns

7. Data Storage and Security

  • Your data is stored securely in our database with appropriate technical and organizational measures
  • Passwords are hashed using industry-standard encryption (argon2id)
  • We use secure tokens for authentication
  • Email verification is required for account activation
  • Access to personal data is restricted to authorized personnel only
  • We regularly review and update our security measures

8. Data Sharing and Third Parties

We do not sell, trade, or share your personal information with third parties, except:

  • When required by law or legal process
  • To protect our rights, property, and safety, or that of our users
  • With your explicit consent
  • With service providers who assist us in operating our website (under strict data processing agreements)

Any third-party service providers are carefully selected and contractually bound to process data only according to our instructions and in compliance with GDPR. As a non-commercial project, we have no financial incentive to share your data.

9. International Data Transfers

If we transfer personal data to countries outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules
  • Certification schemes

10. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

  • Right of access (Art. 15 GDPR): You can request information about your personal data we process
  • Right to rectification (Art. 16 GDPR): You can request correction of inaccurate personal data
  • Right to erasure (Art. 17 GDPR): You can request deletion of your personal data
  • Right to restriction of processing (Art. 18 GDPR): You can request limitation of processing
  • Right to data portability (Art. 20 GDPR): You can request your data in a portable format
  • Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time

To exercise these rights, please contact us at support@tuneperfect.org.

11. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. When you delete your account:

  • Most of your personal data will be deleted. Some information, like high scores associated with your profile, may be retained anonymously.
  • We may retain some data for legitimate interests, such as fraud prevention or to comply with legal obligations.

12. Cookies

We use essential session cookies to maintain your login status and ensure the basic functionality of our service. We do not use cookies for tracking or advertising purposes.

13. Links to Other Websites

Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

14. Children's Privacy

Our service does not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

16. Contact Us

If you have any questions about this Privacy Policy, you can contact us at support@tuneperfect.org.