Privacy Policy

Effective date: March 12, 2026

Your songs are saved to your account, so they follow you across devices. We store your audio on our servers and keep a local copy on your phone for playback.

We store your display name, email, and login info. Audio in your songs is uploaded so you and the people you make music with can hear it. Nobody else can access it.

We use TelemetryDeck for anonymous analytics. No personal data, no tracking, no ads. You can turn it off in settings.

You can delete your account and all your data from the app anytime, or email us at hello@davidcibis.com.

We don’t sell your data and we don’t use it for advertising.

You need to be at least 14 to create an account.

1. Controller

The data controller responsible for processing your personal data is:

David Cibis
Carretera de Caldes 52, Casa 2
08420 Can Duran, Canovelles, Barcelona, Spain

NIE: Y8331867Q
Email: hello@davidcibis.com

We are not required to appoint a Data Protection Officer under Art. 37 GDPR or Art. 34 LOPDGDD. Our activities do not fall within any of the mandatory sectors listed in Art. 34 LOPDGDD, and we do not carry out large-scale processing or systematic monitoring of individuals. For all data protection inquiries, please contact us at the email address above.

2. Data We Collect

2.1 Data Stored Locally on Your Device

The App stores project files and audio recordings locally as a working cache. This data is also synced to our servers (see Section 2.3).

Documents directory: Project files, audio recordings (.m4a). Used for core recording and playback.
Keychain: Access token, refresh token, App Attest key ID. Used for secure authentication (account users only).
UserDefaults: User profile (cached), blocked user IDs, analytics opt-out preference. Used for app settings and performance.

Audio files are protected with the .completeUnlessOpen file protection level. All local data is removed when you uninstall the App.

2.2 Account Data

An account is required to use Ronda. When you create an account, we collect and store the following data on our servers:

User ID (UUID): Internal identification. Legal basis: Art. 6(1)(b).
Email address (email/password users): Authentication, password resets, important notifications. Legal basis: Art. 6(1)(b).
Apple User ID (hashed) (Sign in with Apple users): Authentication. Legal basis: Art. 6(1)(b).
Password hash (email/password users): Authentication. Legal basis: Art. 6(1)(b).
Display name: Visible identity in collaborative projects. Legal basis: Art. 6(1)(b).
Avatar preferences (seed, color, dark mode flag, color threshold, waves flag): Visual representation. Legal basis: Art. 6(1)(b).
Account timestamps (created, updated): Record-keeping. Legal basis: Art. 6(1)(f).

Passwords are never stored in plaintext. They are hashed using the scrypt algorithm before storage.

2.3 Project and Audio Data

Your projects and audio recordings are stored on our servers so they are available across your devices. When you collaborate, this data is also shared with other project members. The following data is processed on our servers:

Project metadata (project ID, name, part/layer counts): Project management and synchronization. Legal basis: Art. 6(1)(b).
Audio files (.m4a): Shared audio within collaborative projects. Legal basis: Art. 6(1)(b).
Project state (CRDT synchronization data): Real-time collaboration synchronization. Legal basis: Art. 6(1)(b).
Invite codes and metadata: Project invitation system. Legal basis: Art. 6(1)(b).
Collaborator roles and membership: Access control within projects. Legal basis: Art. 6(1)(b).

All collaborators in a project can see your display name, avatar, and which recordings you contributed.

2.4 Moderation and Safety Data

User reports (reporter ID, reported user ID, project ID, reason): Reviewing violations and protecting users. Legal basis: Art. 6(1)(f).
Block records (blocker ID, blocked user ID): Preventing unwanted contact. Legal basis: Art. 6(1)(b).

2.5 Feedback Data

Feedback messages (user ID, message text, app version, OS version, device model): Improving the App. Legal basis: Art. 6(1)(f).

2.6 Analytics Data

We use TelemetryDeck, a privacy-first analytics provider, to understand how the App is used in aggregate. TelemetryDeck does not collect IP addresses and does not perform device fingerprinting. User identifiers are double-hashed before transmission, making it impossible to trace analytics data back to individual users.

App lifecycle events (session start, background): Understanding usage patterns. Legal basis: Art. 6(1)(f).
Feature usage events (recording completed, project created, etc.): Improving features. Legal basis: Art. 6(1)(f).
Aggregate storage metrics (project count, storage used): Capacity planning. Legal basis: Art. 6(1)(f).
App version, OS version, device model, locale: Compatibility and debugging. Legal basis: Art. 6(1)(f).

You can opt out of analytics at any time through the toggle in the App’s settings. Your opt-out preference is stored locally on your device and takes effect immediately.

2.7 Push Notification Data

If you enable push notifications, we store your Apple Push Notification service (APNs) device token on our servers to deliver collaboration activity alerts. You can disable push notifications at any time through iOS Settings.

APNs device token: Delivering collaboration notifications. Legal basis: Art. 6(1)(a) (consent).

2.8 Data We Do Not Collect

We do not collect: location data, contacts, calendar data, photos or camera roll access (the camera is used only for QR code scanning), Apple Identifier for Advertisers (IDFA), device vendor ID, hardware serial numbers, or browsing history. IP addresses are not stored by the App. Our infrastructure providers may log IP addresses in accordance with their own privacy policies (see Section 5).

3. How We Use Your Data

We process your personal data exclusively for the following purposes:

Providing the service: Creating and maintaining your account, authenticating you, synchronizing collaborative projects, and delivering audio content to authorized collaborators.
Communication: Sending password reset codes, delivering push notifications for collaboration activity, and responding to support requests or feedback.
Safety and moderation: Processing user reports, enforcing blocks, and investigating violations of our Terms.
Improvement: Analyzing aggregated, anonymized usage patterns to improve features, fix bugs, and plan capacity.
Legal compliance: Retaining data as required by applicable law and responding to lawful requests from authorities.

We do not use your data for advertising, profiling, automated decision-making, or any purpose not described in this policy. We do not sell your data to third parties.

4. Legal Basis for Processing

We rely on the following legal bases under Art. 6(1) GDPR, as further specified by the LOPDGDD:

(a) Consent (Art. 6(1)(a)): For push notifications. You can withdraw consent at any time by disabling notifications in iOS Settings.

(b) Contractual necessity (Art. 6(1)(b)): For processing that is necessary to provide the App’s features you have requested, including account management, authentication, audio hosting, and collaboration synchronization. Even though the App is free, accepting our Terms creates a valid contract.

(f) Legitimate interest (Art. 6(1)(f)): For analytics (with opt-out), moderation and safety, feedback processing, and record-keeping. Our legitimate interest is in improving the App, ensuring user safety, and maintaining operational stability. We have conducted a balancing test and concluded that these interests do not override your rights, particularly given the minimal and non-sensitive nature of the data involved, the use of privacy-preserving analytics (TelemetryDeck), and your ability to opt out.

5. Third-Party Services (Sub-Processors)

We use the following third-party services to operate the App. Each processes data on our behalf under a Data Processing Agreement as required by Art. 28 GDPR.

Vercel (United States): API hosting, PostgreSQL database (Neon), Blob storage. Processes all server-side data: user profiles, project metadata, audio files. Privacy Policy
Neon via Vercel Postgres (United States): Database engine. Processes all database records. Privacy Policy
Cloudflare R2 (United States): Off-site backup storage. Processes audio files and project state (backup copies). Privacy Policy
Resend (United States): Transactional email delivery. Processes email addresses and password reset codes. Privacy Policy
TelemetryDeck (European Union, Germany): Privacy-first analytics. Processes double-hashed user identifier, app version, OS version, device model, locale, usage events. Privacy Policy
Apple, Sign in with Apple (United States): Authentication. Processes identity token and display name (if user allows). Privacy Policy
Apple, APNs (United States): Push notifications. Processes device token and notification payload. Privacy Policy

We do not share your data with any other third parties unless required by law.

6. International Data Transfers

Your data is primarily stored on servers located in the United States operated by Vercel, Cloudflare, and Neon. As the Operator is based in Spain and subject to GDPR, international transfers require an adequate level of protection.

Transfer mechanism: We rely on the EU-U.S. Data Privacy Framework (DPF) adequacy decision adopted by the European Commission on July 10, 2023. Vercel, Cloudflare, Neon, and Resend are certified under the DPF, which provides an adequate level of data protection recognized by the European Commission.

As an additional safeguard, our Data Processing Agreements with these providers also incorporate the EU Standard Contractual Clauses (SCCs) as a fallback transfer mechanism. You may verify DPF certification status at dataprivacyframework.gov.

TelemetryDeck is based in Germany and processes analytics data within the European Union. No international transfer is involved for analytics.

7. Data Retention

We retain your data only as long as necessary for the purposes described in this policy. Specific retention periods are:

Account data: For the duration of your active account. Deleted within 30 days of account deletion.
Audio files and project data (local): Stored on your device. Deleted projects enter a local trash folder for 30 days. Removed when you uninstall the App.
Audio files and project data (collaborative, active): For the duration of the active collaborative project.
Audio files and project data (collaborative, deleted): Soft-deleted (recoverable by project owner) for 14 days. Permanently deleted from active servers after 14 days by automated daily cleanup.
Backup copies (Cloudflare R2): Up to 90 days from the date of backup. Automatically removed by lifecycle policy.
Refresh tokens: Automatically deleted upon expiry (30 days) or logout.
Password reset tokens: Automatically deleted upon expiry (15 minutes) or use.
Invite codes: Automatically deleted after 7-day expiry.
CRDT history snapshots: Pruned after 14 days.
User reports: Retained indefinitely for moderation purposes.
Feedback messages: Retained indefinitely for product improvement. You may request deletion at any time.
Push notification tokens: Retained until explicitly removed or invalidated by Apple.

In accordance with Art. 32 LOPDGDD, when you request deletion of your data, we may retain it in a blocked state for the period during which liability may arise from the processing, after which it will be permanently destroyed.

8. Your Rights

Under GDPR and the LOPDGDD, you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You may request a copy of all personal data we hold about you.

Right to rectification (Art. 16 GDPR): You may request correction of inaccurate personal data. You can update your display name and avatar directly in the App.

Right to erasure (Art. 17 GDPR): You may request deletion of your personal data. You can delete your account directly through the App, which triggers cascading deletion as described in Section 7. For data that cannot be deleted through the App (e.g., user reports where you are the reporter), contact us. In accordance with Art. 32 LOPDGDD, deleted data may be retained in a blocked state for the legally required period.

Right to restriction of processing (Art. 18 GDPR): You may request that we restrict processing of your data under certain circumstances, such as while we verify the accuracy of contested data.

Right to data portability (Art. 20 GDPR): You may request your personal data in a structured, commonly used, machine-readable format. You can export your projects from the App in the .ronda package format, which includes your audio recordings in standard MPEG-4 AAC format and project metadata. For a complete data export (including account data and collaboration metadata), contact us and we will provide your data in JSON and standard audio formats within 30 days.

Right to object (Art. 21 GDPR): You may object to processing based on legitimate interest at any time. For analytics, you can exercise this right immediately by using the opt-out toggle in the App’s settings. For other processing based on legitimate interest, contact us and we will cease processing unless we demonstrate compelling grounds that override your interests.

Right to withdraw consent (Art. 7(3) GDPR): Where we process data based on consent (push notifications), you may withdraw consent at any time without affecting the lawfulness of prior processing. Disable push notifications in iOS Settings.

Right not to be subject to automated decisions (Art. 22 GDPR): We do not carry out automated individual decision-making or profiling that produces legal effects or similarly significant effects on you.

Right to lodge a complaint: You have the right to lodge a complaint with the competent supervisory authority:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
https://www.aepd.es

You may also contact any EU supervisory authority in your country of habitual residence.

To exercise any of these rights, contact us at hello@davidcibis.com. We will respond within 30 days of receiving your request. If we need additional time due to the complexity or volume of requests, we will inform you within the initial 30-day period and may extend by an additional 60 days.

We will verify your identity before processing any request. For account holders, we may ask you to submit the request from the email address associated with your account. We do not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in transit: All communications between the App and our servers use HTTPS/TLS. WebSocket connections use WSS (TLS-encrypted).
Encryption at rest: Data stored on Vercel and Cloudflare R2 is encrypted at rest using their default encryption. Audio and project data are not end-to-end encrypted.
Password security: Passwords are hashed using the scrypt algorithm (N=16384, r=8, p=1) before storage. We never store plaintext passwords.
Token security: Refresh tokens are stored as SHA256 hashes on our servers. Access tokens expire after 1 hour. All token comparisons use timing-safe algorithms.
Device integrity: We use Apple’s App Attest service to verify that API requests originate from a genuine Ronda app running on a real Apple device.
On-device security: Authentication tokens are stored in the iOS Keychain. Audio files use the .completeUnlessOpen protection level.
Rate limiting: All sensitive endpoints (registration, login, password reset, reporting, blocking, account deletion) are rate-limited to prevent abuse.
Input validation: All user inputs are validated for length, format, and content to prevent injection and traversal attacks.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children’s Privacy

The App is not directed at children. You must be at least 14 years old to create an account, in accordance with Article 7 of the LOPDGDD.

We do not knowingly collect personal data from anyone under 14. If we become aware that a user under 14 has created an account or provided personal data without verified parental consent, we will take steps to delete that data and terminate the account promptly.

If you are a parent or guardian and believe your child has provided personal data to us, please contact us at hello@davidcibis.com.

We will update this age threshold if required by changes to applicable law.

11. Cookies and Website Tracking

The Ronda website at https://onronda.com does not use cookies for tracking or advertising purposes. If any technically necessary cookies are used (e.g., for session management), they are limited to what is strictly required for the website to function and do not require consent under Article 22.2 of the LSSI-CE.

The website does not employ any third-party tracking, advertising pixels, or social media plugins.

12. Apple Privacy Manifest

In accordance with Apple’s requirements, the App includes a privacy manifest (PrivacyInfo.xcprivacy) declaring:

NSPrivacyTracking: No (we do not track users across apps or websites as defined by Apple).
Collected data types: User ID (linked to user, for app functionality), product interaction data (not linked to user, for analytics), crash data (not linked to user, for analytics).
Accessed APIs: UserDefaults, file timestamps. Used only for documented, legitimate purposes.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or the App’s features. We will notify you of material changes at least 30 days in advance via email or in-app notification. The “Last Updated” date at the top of this page will be revised accordingly.

We encourage you to review this Privacy Policy periodically. Your continued use of the App after the effective date of any changes constitutes your acknowledgement of the updated policy.

14. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at:

David Cibis
Email: hello@davidcibis.com
Website: https://onronda.com