Privacy Policy
Last updated : November 30, 2025
1. Introduction
At KeysBattle, we take the protection of your personal data very seriously. This privacy policy describes how we collect, use, share, and protect your information when you use our piano learning platform.
By using KeysBattle, you accept the practices described in this policy. If you do not accept these terms, please do not use our service.
2. Data Controller
The data controller for your personal data is:
- Name: KeysBattle
- Email: contact@keysbattle.com
- Address: [Your address]
3. Data collected
π€ Account data
When you create an account, we collect:
- β’ Email: For authentication and communication
- β’ Username: For your public profile
- β’ Password: Encrypted and securely stored
- β’ Creation date: To manage your account
π Usage data
To improve our service, we collect:
- β’ Scores and statistics: Your game performances
- β’ Game history: Songs played, practice time
- β’ Favorites: Songs you've marked
- β’ Friends: Connections with other users
- β’ Uploads: MIDI files you upload (if admin)
π» Technical data
Automatically collected during your browsing:
- β’ IP address: For security and fraud detection
- β’ Browser type: For site optimization
- β’ Operating system: For compatibility
- β’ MIDI devices: Detected locally (never sent to server)
βοΈ Preference data
Stored locally on your device only:
- β’ Audio settings: Volume, sound profile
- β’ Game preferences: Note speed, color mode
- β’ Cookie consent: Your privacy choices
4. Purpose of processing
We use your personal data for the following purposes:
π― Service provision
Create and manage your account, allow you to play and save your progress.
Legal basis: Contract execution
π Service improvement
Analyze usage to improve user experience and fix bugs.
Legal basis: Legitimate interest
π Security
Protect your account against unauthorized access and detect fraudulent activities.
Legal basis: Legitimate interest and legal obligations
π§ Communication
Send you important notifications about your account and our services.
Legal basis: Contract execution and consent (for newsletter)
π Leaderboards
Display your username and scores in public leaderboards.
Legal basis: Contract execution
5. Data sharing
We never sell your personal data. We only share it in the following cases:
π§ Service providers
- β’ Supabase: Database hosting and authentication (Privacy Policy)
- β’ Vercel/Netlify: Website hosting (depending on deployment)
These providers are contractually required to protect your data and can only use it for specified purposes.
π₯ Other users
Some information is public by nature:
- β’ Username
- β’ Scores in leaderboards
- β’ Public statistics (if you choose to make them public)
βοΈ Legal obligations
We may disclose your data if required by law or to protect our legal rights.
6. Data retention
We retain your personal data as long as necessary:
- β’ Active account: As long as your account exists and is used
- β’ Inactive account: Automatically deleted after 3 years of inactivity
- β’ Cache data: 5 minutes by default
- β’ Technical logs: 30 days maximum
- β’ After deletion: Data anonymized for aggregated statistics only
7. Security
We implement technical and organizational security measures to protect your data:
π Encryption
All communications are encrypted via HTTPS/TLS. Passwords are hashed with bcrypt.
π‘οΈ RLS Protection
Row-Level Security on the database to prevent unauthorized access.
ποΈ Monitoring
24/7 monitoring to detect suspicious activities and intrusion attempts.
π Backups
Regular encrypted backups to prevent data loss.
β οΈ Important: No system is completely secure. In case of a data breach, we will notify you within 72 hours in accordance with GDPR.
8. Your rights (GDPR)
In accordance with the General Data Protection Regulation (GDPR), you have the following rights:
ποΈ Right of access
You can request a copy of all your personal data.
βοΈ Right of rectification
You can correct your inaccurate or incomplete personal information.
ποΈ Right to erasure
You can request deletion of your data ("right to be forgotten").
π« Right to object
You can object to the processing of your data for marketing purposes.
π¦ Right to portability
You can receive your data in a structured format and transfer it to another service.
βΈοΈ Right to restriction
You can request to limit the processing of your data in certain cases.
How to exercise your rights?
To exercise any of these rights, contact us at:
- β’ Email: contact@keysbattle.com
- β’ Subject: "Exercise of my GDPR rights"
We will respond to your request within one month maximum.
9. Protection of minors
KeysBattle is designed to be accessible to all ages. However:
- β’ Users under 16 must obtain consent from their parents or guardians
- β’ We do not knowingly collect data on children without parental consent
- β’ If we discover that a child has provided data without consent, we will delete it
10. International transfers
Your data may be transferred and stored in countries outside the European Union, particularly in the United States (Supabase servers).
For these transfers, we ensure that:
- β’ Providers comply with standard contractual clauses approved by the EU
- β’ The level of data protection is equivalent to that of the EU
- β’ All data is encrypted in transit and at rest
11. Changes to this policy
We may update this privacy policy from time to time. In case of significant changes, we will notify you by:
- β’ Email (if you have an account)
- β’ Banner on the site
We encourage you to review this page regularly to stay informed.
12. Contact us
For any questions about this privacy policy or the use of your data:
- β’ Email: contact@keysbattle.com
- β’ Contact page: /contact
Supervisory authority
If you believe your rights are not being respected, you can file a complaint with the CNIL:
- β’ CNIL (Commission Nationale de l'Informatique et des LibertΓ©s)
- β’ Website: www.cnil.fr
- β’ Address: 3 Place de Fontenoy, 75007 Paris, France