Privacy Policy

1. Data Controller

BeatGym is the data controller for the processing of your personal data. For any privacy-related inquiries, contact us at the email address provided on our social channels.

2. Data We Collect

We collect the following personal data: Email address (for account creation and login), Username (for your public profile), User type (developer, producer/musician, or music enthusiast), Game scores and accuracy (for core gameplay functionality), Feedback messages (if you choose to submit feedback).

With your explicit consent, we also collect analytics data via PostHog (anonymized events, page interactions). You may withdraw consent at any time.

3. Legal Basis for Processing

We process your personal data based on: Performance of a contract (account creation, game functionality), Consent (analytics tracking, which you can opt into or out of), Legitimate interest (improving our service, responding to feedback).

4. Third-Party Processors

We use the following third-party services: Supabase (database and authentication — hosted on AWS), PostHog (product analytics — EU-hosted, opt-in only), Google (OAuth social login — only if you choose to use it).

Data Processing Agreements (DPAs) are in place with each processor.

5. Your Rights

Under GDPR, you have the following rights: Right to access — request a copy of all data we hold about you, Right to rectification — correct inaccurate data, Right to erasure — delete your account and all related data, Right to data portability — export your data in JSON format, Right to withdraw consent — for analytics tracking at any time.

You can exercise these rights from your Profile page or by contacting us.

6. Data Retention

We retain your personal data for as long as your account is active. Scores and gameplay data are retained for service functionality. Upon account deletion, all associated data is permanently removed within 30 days.

7. Data Security

We implement appropriate technical measures including encrypted connections (HTTPS), JWT-based authentication, rate limiting, and Content Security Policy headers. However, no online service is 100% secure.

8. Contact

For any GDPR-related requests or questions, please reach out via our social media channels or use the feedback form within the app.