1. Introduction

Welcome to Webarmonium. This Privacy Policy explains how we handle data when you use our platform at webarmonium.net ("Service"). We are committed to protecting your privacy and being transparent about our minimal data practices.

By using Webarmonium, you agree to the data practices described in this policy.

2. Data We Collect

2.1 No Personal Information Required

Webarmonium does not require you to create an account, provide your name, email address, or any other personal information. You can use our Service completely anonymously.

2.2 Anonymous Session Data

When you join a collaborative room, we create temporary session identifiers:

• Session UUID: A randomly generated unique identifier (UUID v4) assigned to your browser session
• Room Participation: Temporary record that you are in a specific room
• Cursor Position: Real-time coordinates of your cursor/touch position for collaborative visualization
• Gesture Data: Anonymized musical gesture information (tap, hold, drag patterns) for audio generation
• Drawing Strokes: Canvas drawing data shared with other room participants

Important: These identifiers are temporary, cannot be linked to your identity, and are automatically deleted after 24 hours of inactivity.

2.3 Technical Data

Our server automatically logs minimal technical information for security and performance monitoring:

• IP Address: Your IP address is logged by our server for security purposes (rate limiting, abuse prevention) but is not linked to your session and is anonymized in logs after 7 days
• Browser Type: Basic information about your browser (user agent) for compatibility purposes
• Connection Timestamps: When you connect and disconnect from the Service
• WebSocket Events: Technical events for debugging (e.g., connection errors, latency measurements)

2.4 Third-Party Data Sources

Webarmonium's background audio visualization uses public data from external APIs:

• Wikipedia API: Recent changes and edit activity (public data only)
• Hacker News API: Public story submissions and activity
• GitHub API: Public repository activity and events

We do not send any of your personal information to these services. We only retrieve publicly available data for artistic purposes.

3. How We Use Your Data

3.1 Service Functionality

The anonymous session data we collect is used exclusively to:

• Enable real-time collaborative music creation with other users in the same room
• Synchronize cursor positions and drawing strokes across participants
• Generate algorithmic music based on your gestures and room activity
• Maintain environmental memory for pattern learning (limited to 24 hours)

3.2 Security and Performance

Technical data is used to:

• Prevent abuse and protect against malicious activity
• Monitor system performance and diagnose technical issues
• Enforce rate limiting (maximum connections per IP)
• Improve Service stability and responsiveness

3.3 Analytics (If Enabled)

We may use privacy-respecting analytics tools to understand:

• Number of visitors and room sessions
• Popular features and usage patterns
• Technical issues and errors

Any analytics we use will be configured to anonymize IP addresses and respect Do Not Track (DNT) browser settings.

4. Data Retention

4.1 Automatic Deletion

All session data is automatically deleted according to these schedules:

• Active Sessions: Deleted immediately when you leave a room or close your browser
• Environmental Memory: Gesture patterns and room learning data deleted after 24 hours
• Server Logs: IP addresses anonymized after 7 days, logs rotated after 30 days

4.2 No Long-Term Storage

Webarmonium does not maintain user profiles, session histories, or any persistent record of your activity beyond the automatic retention periods listed above.

5. Data Sharing

5.1 No Third-Party Sharing

We do not sell, rent, or share your data with third parties for marketing, advertising, or any other commercial purposes.

5.2 Room Participants

When you join a collaborative room, other participants can see:

• Your anonymous cursor position and color assignment
• Your drawing strokes on the shared canvas
• Audio generated by your gestures (as part of the collaborative experience)

They cannot see your IP address, browser information, or any identifying information.

5.3 Legal Requirements

We may disclose data if required by law, legal process, or government request, but given our minimal data collection, there is very little information we could provide.

6. Cookies and Local Storage

6.1 No Tracking Cookies

Webarmonium does not use advertising cookies or cross-site tracking cookies.

6.2 Local Storage

We may use browser local storage to save your preferences:

• Audio settings (volume, enabled/disabled state)
• Visual preferences (dark mode, immersive mode)
• Version checker information (to notify you of updates)

This data is stored locally on your device and is never transmitted to our servers. You can clear it at any time through your browser settings.

6.3 WebSocket Session

Our real-time communication uses WebSocket connections, which may create temporary session tokens in your browser. These are deleted when you close your browser tab.

7. Your Rights

Under GDPR and other privacy laws, you have the following rights:

7.1 Right to Access

You can request information about any data we hold about you. Given our anonymous architecture, there is likely no identifiable data to provide.

7.2 Right to Deletion

You can request deletion of your data at any time. Session data is automatically deleted when you leave a room or after 24 hours of inactivity.

7.3 Right to Object

You can object to any data processing. However, without minimal session data, the collaborative features of Webarmonium cannot function.

7.4 Right to Data Portability

As we do not store personal profiles or long-term user data, there is no portable data to export.

7.5 Exercising Your Rights

Given the anonymous nature of our service and automatic data deletion, there is typically no identifiable data to access, delete, or port.

8. Security

We implement appropriate technical and organizational measures to protect data:

• HTTPS/TLS Encryption: All data transmitted between your browser and our servers is encrypted using industry-standard TLS protocols
• Secure WebSocket: Real-time communication uses secure WebSocket connections (WSS)
• Rate Limiting: Protection against abuse and denial-of-service attacks
• Minimal Data: We only collect what is absolutely necessary for Service functionality
• Automatic Deletion: Data is deleted automatically, reducing exposure risk
• No Persistent Storage: No databases storing user profiles or long-term session data

9. Children's Privacy

Webarmonium does not knowingly collect any information from children under 13 years of age. Our Service is open to all ages, but we do not target children specifically. Parents and guardians should supervise children's use of the Service.

10. International Users

Webarmonium is hosted on servers located in the European Union. If you access the Service from outside the EU, your data may be transferred to and processed in the EU. By using the Service, you consent to this transfer.

We comply with GDPR requirements for all users, regardless of location.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

• The "Last Updated" date at the top will be revised
• Significant changes will be announced on our homepage or via in-app notification
• Continued use of the Service after changes constitutes acceptance of the updated policy

12. Third-Party Services

12.1 External APIs

Webarmonium retrieves data from third-party public APIs (Wikipedia, Hacker News, GitHub) for artistic visualization. These requests are made from our server, not your browser, so your IP address is not exposed to these services.

12.2 CDN and Libraries

We use Content Delivery Networks (CDNs) for JavaScript libraries (Tone.js, Socket.io). These may log your IP address according to their own privacy policies:

• cdnjs.cloudflare.com (Cloudflare CDN)

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you can find contact information on our website.

14. Supervisory Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your data violates GDPR.