Privacy Policy
Last updated 2026-06-02
Draft template. This document is a starting point and not legal advice. Please have it reviewed by a qualified lawyer and complete the bracketed fields before relying on it.
This Privacy Policy explains how [Your name / legal entity]("we", the "controller") collects and processes personal data when you use Zingder (the "Service"), in accordance with the EU General Data Protection Regulation (GDPR).
1. Who we are
The data controller is [Your name / legal entity], Belgium. For any privacy question or to exercise your rights, contact [your-contact-email].
2. Data we collect
- Account data: email address and password (stored hashed by our authentication provider).
- Profile data: name, and optionally phone, birthday, voice part, and vocal range that you choose to provide.
- Choir and content data: choirs you belong to, your role, uploaded scores/audio/annotations, ratings, events, and invites.
- Technical data: essential cookies for authentication and access, and standard server logs (such as IP address and timestamps) used for security and reliability.
3. Why we process it and our legal bases
- To provide the Service (accounts, choirs, scores, events) — performance of a contract (Art. 6(1)(b)).
- To keep the Service secure and prevent abuse — our legitimate interests (Art. 6(1)(f)).
- Optional profile details and AI features you choose to use — your consent (Art. 6(1)(a)), which you can withdraw at any time.
- To comply with legal obligations where applicable (Art. 6(1)(c)).
4. Service providers (processors)
We use trusted providers that process data on our behalf under data-processing agreements, including:
- Supabase — database, authentication, and file storage.
- Vercel — application hosting and delivery.
- [AI provider] — processing of content you submit to AI-assisted features. [Name your provider and confirm their terms.]
We do not sell your personal data.
5. International transfers
Some providers may process data outside the European Economic Area. Where that happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses. [Confirm each provider's transfer mechanism.]
6. Retention
We keep personal data for as long as your account is active and as needed to provide the Service. When you delete content or your account, we delete or anonymise the associated data within a reasonable period, except where limited retention is required by law or to resolve disputes. Backups are rotated on a limited schedule.
7. Your rights
Subject to applicable law, you have the right to:
- access the personal data we hold about you;
- rectify inaccurate or incomplete data;
- erase your data ("right to be forgotten");
- restrict or object to certain processing;
- data portability;
- withdraw consent at any time, without affecting prior processing;
- lodge a complaint with your local data-protection authority.
To exercise any of these rights, contact [your-contact-email].
8. Cookies
We use only essential cookies needed to sign you in and to enforce access during the private beta. We do not use advertising or third-party tracking cookies.
9. Children
The Service is not directed to children under the age of digital consent in their country. If you believe a child has provided us personal data, contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy. Material changes will be notified through the Service or by email where appropriate. The "last updated" date above reflects the current version.
11. Contact
For privacy questions or requests, contact [your-contact-email].