Download for iOSfor iPad
Website & Social Privacy Policy Cookie Policy Social Media
App Privacy Policy Terms of Service

Privacy Policy – Tonaly for iOS and macOS

Last updated: 2025-12-19

1. Overview

This Privacy Policy explains how Tonaly for iOS and macOS (the “Application”) processes personal data (“Personal Data”) when you use the Application.

Some data processing is required to provide the Application. Other processing is optional and takes place only if you explicitly consent within the Application.

This Privacy Policy is intended to be valid worldwide. Where local data protection laws apply (including the GDPR in the EU/EEA/UK and applicable US state privacy laws), additional rights may apply as described below.

2. Owner and Data Controller

Christian Hengst | Design & Code
Elsaßstraße 1
Atelier H/M/R
50677 Cologne, Germany
Email: support@tonaly.app

3. Categories of Personal Data

Depending on your use of the Application and your settings, the following categories of data may be processed:

  • Usage Data (e.g. feature interactions, app events, approximate location such as country or city)
  • Device and technical data (e.g. device model, operating system, app version)
  • Crash and diagnostic data (technical error reports)
  • Purchase and subscription metadata
  • Email address (only in specific contexts, such as TestFlight or optional advertising services)

4. Purposes of Processing

Personal Data is processed for the following purposes:

  • Providing and maintaining core app functionality
  • Subscription and in-app purchase validation
  • App stability, security, and troubleshooting
  • Synchronization of user content across devices
  • Beta testing (if TestFlight is used)
  • Advertising, analytics, and remarketing (only with your explicit consent)

5. Services Used by the Application

Required Services (necessary for the operation of the Application)

These services are essential to provide the Application and cannot be disabled.

Apple In-App Purchases

All payments and subscriptions are processed exclusively by Apple. The Application and its Owner do not have access to payment credentials such as credit card numbers or bank details. Apple processes payment data as an independent data controller under its own privacy policy.

Adapty (subscriptions, purchases, receipt validation)

Adapty is used to manage subscriptions and in-app purchases, validate receipts, and determine access to paid features.

Adapty may process the following categories of data:

  • Device and app information (e.g. device model, operating system, app version)
  • App or device identifiers (excluding IP addresses)
  • Purchase and subscription metadata (e.g. product identifiers, purchase status, renewal status)
  • App interaction events related to paywalls and purchase flows

IP address collection is disabled. No payment information (such as credit card numbers or payment method details) is accessible to the Application or to Adapty.

Sentry (crash reporting and stability monitoring)

Sentry is used to detect crashes and technical errors in order to improve reliability and performance.

Sentry may process:

  • Crash and error reports (e.g. stack traces, error messages)
  • Device information (e.g. device model, operating system version)
  • App information (e.g. app version, build number)

IP address collection is disabled. No intentional collection of personally identifiable information (such as names, email addresses, or payment data) takes place.

iCloud (Apple – data synchronization)

If activated in the App Settings, the Application uses iCloud to synchronize user data such as saved songs and settings across devices associated with the same Apple ID.

This data is stored and processed by Apple under the user’s iCloud account and is subject to Apple’s privacy policy.

These services are disabled by default and are activated only if you give explicit consent within the Application. Consent can be withdrawn at any time.

App Tracking Transparency (ATT)

On iOS and iPadOS, if you consent to optional tracking, Apple’s App Tracking Transparency (ATT) prompt is shown after the in-app consent dialog.
Tracking identifiers (such as IDFA) are accessed only if ATT permission is granted.

Meta / Facebook SDK (advertising, analytics, remarketing)

If you consent, Meta services may be used for:

  • Advertising
  • Analytics
  • Remarketing (e.g. Custom Audiences, Lookalike Audiences)

Depending on configuration and consent, Meta may process:

  • Usage Data and interaction events
  • Advertising identifiers (e.g. IDFA)
  • Approximate location data (country, city)
  • Network-related data (such as IP address)
  • Email address (only if explicitly provided for remarketing purposes)

You can revoke your consent at any time in the Application under “General Information”.

6. Trackers and Interest-Based Advertising Controls

If you have given consent for optional advertising services, you may also control interest-based advertising through:

  • Device-level advertising settings
  • Industry opt-out programs (e.g. YourOnlineChoices in the EU, Digital Advertising Alliance in the US)

These programs allow users to manage advertising preferences across multiple providers.

When sharing song links, recipients may be redirected to song.tonaly.app, which attempts to open the Tonaly app. Please refer to the privacy policy of that website for information about data processing.

User Guide (GitBook)

The Tonaly user guide is hosted on GitBook at https://guide.tonaly.app.
Please refer to GitBook’s privacy policy for details on their data processing practices.

Where required by applicable law (such as the GDPR), Personal Data is processed based on one or more of the following legal bases:

  • Performance of a contract: providing the Application and its features
  • Consent: optional services such as advertising and analytics
  • Legal obligations: compliance with applicable laws
  • Legitimate interests: improving stability, security, and performance

9. Data Retention

Personal Data is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law or based on your consent.

10. International Data Transfers

Some service providers may process data in countries outside your country of residence. Where required, such transfers are carried out using legally recognized safeguards to ensure an adequate level of data protection.

11. Children’s Privacy

The Application is not intended for children below the age rating specified in the Apple App Store.
The Owner does not knowingly collect Personal Data from children below that age.

12. Your Rights

Depending on your location, you may have the right to:

  • Access your Personal Data
  • Request correction or deletion of your Personal Data
  • Restrict or object to certain processing
  • Withdraw consent at any time
  • Receive a copy of your data in a portable format
  • Lodge a complaint with a data protection authority

Requests can be submitted using the contact details in Section 2. Where data is processed in an anonymized or non-identifiable form (e.g. crash reports), deletion requests may not be technically attributable to an individual user.

13. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. The date of the last update is shown at the top of this document.
If changes affect processing based on consent, new consent will be requested where required by law.