This Privacy Policy explains what data SmarteRadio collects, why, who it is shared with, and the rights you have over it. It is written to be honest about how little personal data the service needs: you can listen without an account, and we do not build listener profiles or run advertising or analytics trackers in the apps.
1. What this policy covers
SmarteRadio is a Smart TV radio platform that pairs live broadcast streams with short, AI-generated notes about the song that is playing. It runs as a website, as per-country white-label apps, and as packaged apps for LG and Samsung TVs. This single policy covers all of the following surfaces, which behave identically with respect to data — only the brand name and country list differ:
| Surface | What it is | Personal data involved |
|---|---|---|
Apex sitesmarteradio.com |
The country picker and informational pages (Home, About, this page). | None. Static pages, no cookies, no trackers. |
White-label country appssmarteradio.com/<country>/, LG webOS, Samsung Tizen, Android |
The listening apps (e.g. United States, Germany, France, United Kingdom, Israel). Each is a branded build of the same software. | No account. Technical data only (see §3): your IP address as a necessary part of streaming, plus crash diagnostics. |
| Admin dashboard | An internal, staff-only tool for managing stations and deployments. Not available to the public. | Staff email address and login session (see §7). |
- 1. What this policy covers
- 2. Who we are
- 3. What we collect
- 4. What we do not collect
- 5. Why we use it & legal bases
- 6. Third parties & data sharing
- 7. International transfers
- 8. Cookies & local storage
- 9. How long we keep data
- 10. Your rights (GDPR/UK)
- 11. US / California rights
- 12. Children
- 13. Security
- 14. Changes
- 15. Contact
2. Who we are
SmarteRadio ("we", "us", "the service") operates the smarteradio.com website and the SmarteRadio family of radio apps, including the per-country white-label apps. For the purposes of the EU and UK General Data Protection Regulation (GDPR), the data controller is:
- Desoline (SmarteRadio)
- Contact: privacy@smarteradio.com
The same operator is responsible for every white-label country app. White-label apps may carry a different brand name or logo, but the data practices described here apply to all of them.
3. What we collect
The listening apps work without registration. We do not ask you for your name, email, phone number, payment details, or location, and there is no login. The only data involved in normal listening is technical and is described below.
a. Streaming connection data (IP address)
To play a radio station, your device connects over the internet and your IP address is necessarily exchanged, just as with any website or streaming service:
- Our backend (hosted on Google Cloud Run) and our hosting/load-balancing layer receive your IP address and browser/device User-Agent as part of serving requests. These appear in standard server access logs.
- Radio streams played over a secure (HTTPS) connection are played directly by your device. In that case the third-party station/stream host receives your IP address and User-Agent, because your device connects to them directly. We do not control those third-party hosts; their handling of that data is governed by their own policies.
- Radio streams that are not secure (HTTP) are relayed through our own server (a proxy), so the station host sees our server rather than your device.
- Station artwork (logos) is always relayed through our server, so logo providers and their CDNs do not receive your IP address or set cookies on your device.
b. Crash and error diagnostics
If the app encounters an error, it may send an automatic, anonymous crash report to our backend so we can fix bugs. A report contains: the error type, message and stack trace, the page URL where it happened, the app version, a timestamp, and your browser/device User-Agent (truncated). It does not contain your name, email, or any account identifier (there is no account). These reports are written to our operational logs and are not stored in a user database.
c. Now-playing & song-insight data (Firebase Firestore)
To show the live "now playing" track and its AI-generated insight, the app connects to Google Firebase Firestore and reads public station data (what's playing on a station and the insight text). This connection exposes your IP address to Google as the network provider, but the app reads only shared station data — it does not read or write anything about you, and you are an anonymous reader (no Firebase login). The app does not enable Firestore offline persistence, so this data is held in memory only and is not written to a durable store on your device.
d. Local preferences on your device
The app saves two small preferences in your browser's local storage so the app remembers them between visits: your theme (light/dark) and your last-played station. These never leave your device and are not personal information. See §8.
e. Admin accounts (staff only)
The internal admin dashboard is not part of the public apps. Authorised staff sign in with an email and password (via Google Firebase Authentication). We store the staff email address, an internal role, an approval flag, and a creation timestamp, plus a login session reference. See §7 and §9.
4. What we do not collect
- No accounts for listeners — the listening apps have no sign-up, login, or profile.
- No advertising and no ad SDKs — we do not serve ads or use advertising identifiers.
- No analytics or tracking SDKs in the public apps — no Google Analytics, no Facebook/Meta pixel, no Mixpanel, Segment, Amplitude, or similar.
- No listener profiles or history on our servers — we do not record who listens to what. There is no listener, analytics, or play-history database.
- No precise location — we never request device GPS/geolocation. Weather and news shown in the app are based only on the country of the app you chose, not on you.
- No microphone, camera, contacts, or messages access.
- No selling of personal data, ever.
5. Why we use data, and our legal bases
Under the GDPR we must have a lawful basis for each use of personal data. The limited data we touch is used as follows:
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| IP address / connection data | Deliver the website and stream audio to your device; basic security and abuse prevention. | Performance of a service you requested, and our legitimate interest in operating and securing the service (Art. 6(1)(b)/(f)). |
| Server access logs | Operate, secure, and debug the infrastructure. | Legitimate interest in a reliable, secure service (Art. 6(1)(f)). |
| Crash/error diagnostics | Detect and fix bugs and crashes. | Legitimate interest in maintaining a working product (Art. 6(1)(f)). |
| Local theme & last-station preferences | Remember your choices on your device. | Stored on your device only; strictly necessary to provide the feature you used. |
| Staff email & session (admin) | Authenticate authorised staff to the internal tool. | Legitimate interest in securing internal systems; for the staff member, performance of the employment/engagement relationship (Art. 6(1)(b)/(f)). |
6. Third parties & data sharing
We do not sell or rent personal data. We rely on the following providers (sub-processors), which may receive technical data such as your IP address purely to deliver their part of the service:
| Provider | Role | What it receives |
|---|---|---|
| Google Cloud Platform (Cloud Run, Firebase Hosting, Cloud Logging) | Hosting, request routing, operational logs. | IP address + User-Agent in access logs while serving requests. |
| Google Firebase / Firestore | Delivers live now-playing and song-insight data to the app. | IP address (as a network endpoint) during the realtime connection. No listener account or profile. |
| Google Vertex AI (Gemini) | Generates the song-insight text on our backend. | Only the song's artist and title. No listener/user data is ever sent to the AI. |
| Third-party radio stations / stream hosts | Provide the audio you listen to. | For secure (HTTPS) streams, your IP + User-Agent (direct connection). For insecure (HTTP) streams, nothing — relayed via our proxy. Each station has its own privacy policy. |
| Open-Meteo | Weather shown in the app. | Only a fixed city name for the app's country. No user data, no IP forwarded by us. |
| rss2json / public RSS feeds (e.g. BBC, NPR, Der Spiegel, France 24) | Headlines shown in the app. | Only the country's feed selection. No user data forwarded by us. |
| Grafana Cloud (Faro) | Monitoring of the internal admin tool only. | Admin-tool error/performance telemetry. Not used in public apps. |
Fonts used in the apps are bundled and served from our own domain at build time, so no font request is made to Google Fonts or any third-party font CDN at runtime.
We may also disclose data if required by law, to enforce our terms, or to protect the rights, property, or safety of our users or the public.
7. International data transfers
SmarteRadio operates white-label apps in the EU (e.g. Germany, France), the UK, Israel, and the US. Our infrastructure runs primarily in Google Cloud's us-central1 (United States) region, and the admin-tool monitoring provider (Grafana Cloud) is in the United States. This means personal data such as IP addresses may be processed in the United States and other countries.
Where we transfer personal data of EU/UK users outside the EEA/UK, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) (and the UK International Data Transfer Addendum), which our cloud providers (Google) make available under their data-processing terms.
8. Cookies & local storage
The public website and apps do not set cookies. The country picker and informational pages set no cookies and run no trackers. The listening apps store only the following non-personal values in your device's local storage:
smarteradio-theme— your light/dark theme choice.smarteradio_last_station— the station you last played, so it can resume.sr_vid+sr_vid_issued— a rotating random identifier (UUID v4) used only by the listening apps to compute aggregate audience-measurement statistics (e.g. returning-visitor counts in the operator dashboard). It is not linked to any name, email, account, location or other personal data, and it is automatically rotated to a new random value at least every 13 months in line with the French CNIL's audience-measurement guidance.
You can clear these at any time through your browser/TV settings. Because we set no cookies, use no third-party analytics or advertising trackers, and the only identifier we store is the short-lived rotating sr_vid described above (which qualifies as strictly necessary for audience measurement under the ePrivacy Directive Article 5(3) exemption as implemented by the CNIL), there is no cookie-consent banner. The only cookie we use anywhere is a strictly-necessary session cookie in the internal admin dashboard (__Host-admin-session), which is required for staff to stay logged in and is not used on the public apps.
9. How long we keep data
- Server access logs and crash diagnostics: retained for a limited operational period (Google Cloud Logging's default retention, around 30 days, unless a shorter or longer period is configured) and then deleted automatically.
- Local device preferences: kept on your device until you clear them; we never receive them.
- Now-playing / insight data: this is shared station data, not personal data; it is short-lived and refreshed continuously.
- Staff admin accounts: kept for as long as the person needs access; the login session reference expires within 12 hours and account records are removed when access is revoked.
10. Your rights (EU/UK GDPR)
If you are in the EU, the UK, or another region with similar laws, you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate data;
- Erase your data ("right to be forgotten");
- Restrict or object to processing based on legitimate interests;
- Data portability for data you provided;
- Withdraw consent where processing is based on consent.
In practice, because the listening apps have no accounts and we hold no listener profiles, the only personal data tied to an individual on our side is short-lived technical data (e.g. an IP address in a log) that we usually cannot link back to a specific person. To exercise any right, email us at privacy@smarteradio.com and we will respond within the time required by law (generally one month).
You also have the right to lodge a complaint with your local data protection supervisory authority — for example, your national authority in the EU, or the Information Commissioner's Office (ICO) in the UK — if you believe we have not handled your data properly.
11. United States / California privacy rights
If you are a California resident, the California Consumer Privacy Act (CCPA/CPRA) gives you rights regarding your personal information. To be clear about our practices:
- We do not sell or share your personal information for cross-context behavioural advertising, and we never have.
- The only categories of personal information we may handle are internet/network activity (such as IP address and User-Agent in logs and crash reports). We do not collect identifiers like names or emails from listeners, nor any sensitive personal information.
- You have the right to know what we collect, to delete it, to correct it, and to not be discriminated against for exercising these rights.
To make a request, contact privacy@smarteradio.com.
12. Children
SmarteRadio is a general-audience radio service and is not directed at children. We do not knowingly collect personal information from children, and the listening apps do not require or collect any personal details from anyone. If you believe a child has provided us personal information, contact us and we will delete it.
13. Security
We use industry-standard measures to protect the limited data we handle: encrypted (HTTPS/TLS) connections, hosting on Google Cloud's managed and access-controlled infrastructure, default-deny database rules so the public apps can read only public station data and cannot read or write user records, and hardened, hash-only session storage with step-up re-authentication for sensitive internal operations. No method of transmission or storage is completely secure, but we work to protect your information and limit what we hold in the first place.
14. Changes to this policy
We may update this policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, provide a more prominent notice. The current version is always available at smarteradio.com/privacy/.
15. Contact us
For any privacy question or request, contact:
- Desoline (SmarteRadio)
- Email: privacy@smarteradio.com