audeos.fm

Effective: 2026-05-14

Privacy Policy

This document is a working draft maintained by the operator and is not a substitute for advice from a qualified attorney. We are working to have it reviewed before commercial launch.

1. What we collect

  • Account data: email (used for login + transactional email), bcrypt-hashed password
  • Listener session data: a browser_id stored in the signed audeos_listener_id cookie (1-year max-age); a per-LiveView-session mount_id; joined_at / ended_at timestamps; the listener’s country, derived from their IP address at session-write time
  • Chat data: chat messages with their display name, linked to your account
  • Server logs: web request logs retained 7 days for ops/security; do not contain identifying cookies

2. What we don’t collect

  • Raw IP addresses are never persisted — the IP enters scope only long enough to look up the country code via MaxMind GeoLite2, then goes out of scope before any DB write
  • No third-party analytics, no tracking pixels, no fingerprinting

3. Why we collect each piece

  • Email + password: to authenticate you and send transactional emails
  • Browser_id + mount_id + timestamps: to know how many people are listening at any time and to render listener-history charts in the admin
  • Country: to render the geographic heat map on the admin insights page
  • Chat: to display the channel chat

4. Retention windows

  • Listener sessions: 365 days, then automatically purged by PurgeListenerSessions Oban job
  • Chat messages: indefinite per channel, capped at the channel’s chat_max_messages setting by EnforceChatCap
  • Accounts: until you delete them
  • Audit log (data_subject_requests): 7 years from inserted_at

5. Cookies we set

  • audeos_listener_id (signed, 1-year, strictly necessary — used for listener-session linkage)
  • Login session token (signed, strictly necessary — keeps you logged in)
  • Cloudflare bot-protection cookies (cf_clearance and similar, strictly necessary for security)
  • None of these are tracking cookies — no cross-site identifiers, no advertising IDs, no third-party analytics. Cookie consent banner is not required for this set under EU ePrivacy.

6. Third parties we share data with

  • Cloudflare: CDN + R2 object storage + Turnstile bot challenge — your IP and request data transit Cloudflare’s network
  • MaxMind: GeoLite2 country database is consulted in-process at session-write time; no data is sent to MaxMind (the database is loaded locally)
  • AWS SES: transactional email delivery (magic-link login, data-request confirmations)
  • Sentry: error tracking with PII scrubbing via Audeos.SentryFilter

7. Your rights

  • Access: visit /data-request, choose Export, confirm via email, receive your data as JSON attachment
  • Erasure: visit /data-request, choose Delete, confirm via email; data is hard-deleted, no grace period
  • Rectification: change your email in /users/settings; for other fields, email privacy@audeos.fm
  • Edge cases (lost email access, etc.): email privacy@audeos.fm — handled manually by an admin via the admin UI
  • Listener session caveat: listener-session rows are anonymous from your account’s perspective — they’re keyed by your browser’s audeos_listener_id cookie, not your user_id. When you exercise an Erasure or Access request, we look up sessions whose browser_id matches the cookie on the browser that confirms the request. If you’ve listened from multiple browsers or devices, only the confirming browser’s listening history is included. Sessions from other browsers (whose cookies we cannot link to you) remain in the dataset until their 365-day retention window expires.

8. Children

Service is intended for users aged 13 and over (COPPA). We don’t knowingly collect from anyone under 13.

9. Changes

Posted with a new Effective: date; we do not notify users out-of-band when the policy changes.

10. Contact

privacy@audeos.fm

11. Disclaimer

This document is a working draft maintained by the operator and is not a substitute for advice from a qualified attorney. We are working to have it reviewed before commercial launch.

Disclaimer: this document is a working draft maintained by the operator and is not a substitute for advice from a qualified attorney. We are working to have it reviewed before commercial launch.