Privacy Policy

Last Updated: December 7, 2025 | Effective Date: December 7, 2025

1. Introduction

Lareira Digital S.L. (CIF: ESB10583672) ("we," "our," "us," or the "Company") operates Resonote (the "App"), a music journaling application that helps you track and remember the songs that resonate with you each day.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the App.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address (required for account creation and authentication)
  • Username (required for account identification)
  • Password (stored only as a cryptographically secure hash using Argon2; we never store or have access to your plain-text password)
  • Timezone preference (for accurate date display of your music entries)

User-Generated Content:

  • Music track URLs you share with the App
  • Personal notes you attach to your music entries
  • Dates and times when you add tracks to your journal

2.2 Information Collected Automatically

Track Metadata:

When you share a music URL, we automatically fetch publicly available metadata from the respective music platform, including:

  • Track title
  • Artist name
  • Album name
  • Album artwork URL
  • Track duration

Technical Information:

  • We do NOT collect device identifiers or advertising IDs
  • We do NOT collect location data
  • We do NOT collect analytics or usage statistics
  • We do NOT use crash reporting services
  • We do NOT track your behavior within the App

2.3 Information We Do NOT Collect

We want to be clear about what we do NOT collect:

  • Device identifiers (IMEI, Android ID, etc.)
  • Advertising identifiers
  • Location data (GPS, IP-based location, etc.)
  • Contact lists or address books
  • Call logs or SMS messages
  • Photos or media files (beyond the URLs you explicitly share)
  • Browsing history
  • Biometric data
  • Financial or payment information (donations are processed externally via Ko-fi)

3. How We Use Your Information

We use your information solely for the following purposes:

To Provide the Service:

  • Authenticate your account and maintain your session
  • Store and display your music journal entries
  • Fetch and display track metadata from supported platforms
  • Synchronize your data across sessions

To Communicate With You:

  • Send password reset emails when requested
  • Respond to your support inquiries

We do NOT use your information for:

  • Advertising or marketing purposes
  • Selling or renting to third parties
  • Profiling or behavioral analysis
  • Automated decision-making

4. Third-Party Services

4.1 Music Platform APIs

To fetch track metadata, we interact with the following third-party services:

Spotify:

  • We use the Spotify Web API to retrieve track information
  • Only publicly available track metadata is accessed
  • We do not access your Spotify account or listening history
  • Spotify's Privacy Policy: https://www.spotify.com/legal/privacy-policy/

YouTube / YouTube Music:

  • We use the YouTube oEmbed API to retrieve video/track information
  • Only publicly available metadata is accessed
  • We do not access your YouTube account or watch history
  • YouTube's Privacy Policy: https://policies.google.com/privacy

SoundCloud:

  • We use the SoundCloud oEmbed API to retrieve track information
  • Only publicly available metadata is accessed
  • We do not access your SoundCloud account or listening history
  • SoundCloud's Privacy Policy: https://soundcloud.com/pages/privacy

4.2 Email Service

For password reset functionality, we use SMTP email services to send transactional emails to your registered email address. These emails contain only password reset links and no marketing content.

4.3 Donations

If you choose to support Resonote, you will be redirected to Ko-fi, an external platform. We do not collect or process any payment information. Please refer to Ko-fi's Privacy Policy for information on how they handle your data: https://ko-fi.com/home/privacy

5. Data Storage and Security

5.1 Data Storage

  • Your data is stored on secure servers located in the European Union
  • All data is stored in encrypted databases
  • Backups are performed regularly and stored securely

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in Transit: All data transmitted between the App and our servers uses TLS/HTTPS encryption
  • Encryption at Rest: Sensitive data is encrypted in our databases
  • Password Security: Passwords are hashed using Argon2, a memory-hard hashing algorithm resistant to GPU and ASIC attacks
  • Access Control: Access to user data is strictly limited to authorized personnel
  • Authentication Tokens: We use JWT (JSON Web Tokens) with short expiration times for session management
  • No Plain-Text Storage: We never store passwords or authentication tokens in plain text

5.3 Security Limitations

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

6.1 Active Accounts

We retain your personal data for as long as your account remains active and as necessary to provide you with our services.

6.2 Account Deletion

Upon account deletion:

  • Your account information will be permanently deleted within 30 days
  • Your music journal entries and associated data will be permanently deleted
  • Backup copies may persist for up to 90 days before being automatically purged

6.3 Legal Requirements

We may retain certain information as required by law or for legitimate business purposes, such as:

  • Compliance with legal obligations
  • Resolution of disputes
  • Enforcement of our agreements

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

7.1 Access

You have the right to request a copy of the personal data we hold about you.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Deletion

You have the right to request deletion of your personal data. You can delete your account at any time through the App or by contacting us.

7.4 Data Portability

You have the right to request a copy of your data in a structured, commonly used, and machine-readable format.

7.5 Withdrawal of Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

7.6 Exercising Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days.

8. Children's Privacy

8.1 Age Restriction

Resonote is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction).

8.2 No Knowing Collection

We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information promptly.

8.3 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@resonote.eu, and we will delete such information from our systems.

9. International Data Transfers

9.1 Data Location

Our servers are located in the European Union. If you access the App from outside the EU, your data will be transferred to and processed in the EU.

9.2 Safeguards

We ensure that any international transfer of personal data is subject to appropriate safeguards in accordance with applicable data protection laws.

10. Changes to This Privacy Policy

10.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

10.2 Notification

We will notify you of any material changes by:

  • Posting the updated Privacy Policy in the App
  • Updating the "Last Updated" date at the top of this policy
  • Sending you a notification through the App (for significant changes)

10.3 Continued Use

Your continued use of the App after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.

11.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

11.3 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

11.4 No Sale of Personal Information

We do not sell your personal information to third parties.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

12.1 Legal Basis for Processing

We process your personal data based on:

  • Contract: Processing necessary to provide our services to you
  • Consent: Where you have given explicit consent
  • Legitimate Interest: For our legitimate business interests, where not overridden by your rights

12.2 Data Controller

Lareira Digital S.L. acts as the data controller for personal data collected through the App.

12.3 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in your country of residence.

13. Do Not Track Signals

The App does not track users across third-party websites and therefore does not respond to Do Not Track (DNT) signals.

14. Third-Party Links

The App may contain links to third-party websites or services (such as music platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Lareira Digital S.L.

For data protection inquiries specifically:

16. Consent

By using Resonote, you consent to:

  • The collection and use of your information as described in this Privacy Policy
  • The transfer of your information to our servers as described above
  • The processing of your information as described above