Skip to content

Privacy Policy Rebel Girl FM

Last updated: July 16, 2026

1. Privacy at a Glance

General Information

The following information provides an overview of what happens to personal data when you use the Rebel Girl FM website or the native Android/iOS app. Personal data is any data that can be used to personally identify you.

Data Collection on the Website and in the App

Who is responsible for data processing?

Data processing for the website and app is carried out by the operator of Rebel Girl FM. Contact details are provided in the section "Information about the responsible party".

How do we collect your data?

Data is generated when you provide information or actively use features. When the website, app catalog, API or media are requested, the technical infrastructure also processes access data such as IP address, requested URL, time and technical error data. App settings, favorites, history and downloads generally remain locally on your device.

What do we use your data for?

Processing is used to provide the website, app, streams, downloads and voluntarily selected features securely and reliably. The website and app do not use Google Analytics, a tag manager, advertising SDKs or advertising profiles.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

2. Hosting

Cloudflare Workers

This website is provided by Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) via Cloudflare Workers with the Astro runtime. Media is delivered through Cloudflare R2 at cdn.rebel-girl-fm.de; the song generator uses Cloudflare Workers, Cloudflare D1 and technical Worker logs. When you visit our website, your requests are processed through Cloudflare's global network. In particular, IP address, browser type and version, operating system, referrer URL, requested URL, hostname and time of the server request may be processed. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in a secure, fast and stable provision of our website). Cloudflare is certified under the EU-US Data Privacy Framework. More information: https://www.cloudflare.com/privacypolicy/

GitHub (Source Code Management)

The source code of this website is managed via GitHub, Inc. (88 Colin P Kelly Jr St, San Francisco, CA 94107, USA). GitHub is used exclusively for source code management. When you normally visit our website, no data is transmitted to GitHub, as delivery is handled via Cloudflare Workers. More information: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement

3. General Information & Mandatory Disclosures

Information about the Responsible Party

The responsible party for data processing on this website and in the Rebel Girl FM app is:

Dirk Sandmann
Zeppelinstr. 6
90763 Fürth
Germany

Phone: +49-15561-903019
Email: info@rebel-girl-fm.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Data Retention

Unless a more specific storage period is stated in this privacy policy, personal data is kept only as long as the respective purpose exists or statutory retention obligations apply. Email inquiries are deleted once the request has been finally handled and no further retention obligation applies. Song generator archive entries remain stored until they are deleted or no longer needed for operating the project. Technical security and server logs are retained according to the periods of the respective service provider or operational necessity.

General Information on the Legal Basis for Data Processing

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR. If processing is necessary for the performance of a contract or pre-contractual measures, we process on the basis of Art. 6(1)(b) GDPR. In the case of processing to comply with a legal obligation, on the basis of Art. 6(1)(c) GDPR. Processing may also be based on our legitimate interest under Art. 6(1)(f) GDPR.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke consent that has already been given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation. We will then no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

Right to Lodge a Complaint with a Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy. Competent supervisory authority for Bavaria: Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent technically feasible.

Information, Correction, and Deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if applicable, a right to correction or deletion of this data. For this purpose and for further questions on the subject of personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases: if you dispute the accuracy of your personal data stored by us; if the processing of your personal data was/is unlawful; if you reject the deletion of your personal data and instead request the restriction; if the purpose of data processing has ceased but you need the data for the assertion, exercise, or defense of legal claims.

4. Data Collection on This Website

Server Log Files

Cloudflare automatically processes technical access data that your browser transmits when loading pages. This includes in particular IP address, browser type and version, operating system, referrer URL, requested URL, hostname, time of request and technical error data. Cloudflare Workers Observability may collect Worker logs and request metadata for error analysis. Rebel Girl FM does not use this data for advertising analysis, tracking profiles or merging with marketing data. Processing is based on Art. 6(1)(f) GDPR.

LocalStorage (No Cookies Used)

This website does not use its own tracking cookies. We use your browser's LocalStorage for local settings and functions, for example language preference (de/en/es), download counters and limits, Rebel Player playback settings, song voting data and local song generator drafts. This data remains in your browser and is not automatically transmitted to our servers or third parties. You can delete LocalStorage at any time through your browser settings. Processing is based on Art. 6(1)(f) GDPR.

Read-aloud feature

The Lore and About Us pages offer a read-aloud feature. This feature uses the Speech Synthesis interface available in your browser or operating system. Rebel Girl FM does not transmit the text to be read to its own servers and does not store personal data from this feature. Depending on your browser, operating system or installed voice, speech output may be processed locally or by the respective browser/system provider.

Inquiry by Email

If you contact us by email, your inquiry including all resulting personal data (name, email address, inquiry) will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR). The data sent to us by email remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies.

5. SSL/TLS Encryption

The website and app request server, API and media content through encrypted HTTPS/TLS connections. This protects transmitted content and technical access data against unauthorized interception while in transit.

6. Third-Party Services & External Resources

YouTube

This website links to YouTube channels and may embed YouTube content. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For normal links, a connection to YouTube is established only when you click the link. For embedded content, technical data such as IP address, browser information and the visited page may be transmitted to YouTube/Google when the respective page loads. If you are logged into your YouTube account, YouTube may associate the visit with your profile. Use is based on Art. 6(1)(f) GDPR. More information: https://policies.google.com/privacy

Twitch

This website links to Twitch and may embed Twitch content in the Rebel Player. The operator is Twitch Interactive, Inc., 350 Bush Street, 2nd Floor, San Francisco, CA 94104, USA. When you visit a page with embedded Twitch content or use Twitch mode, a connection to Twitch is established. Your IP address, browser information and usage data may be transmitted to Twitch. Embedding is based on Art. 6(1)(f) GDPR. More information: https://www.twitch.tv/p/legal/privacy-notice/

External Resources (FlagCDN & Cloudflare R2)

The website uses FlagCDN to display flag icons. When these icons are loaded, your IP address is technically transmitted to the provider. Our media files (audio, video, images, covers and downloads) are delivered via Cloudflare R2 and cdn.rebel-girl-fm.de. When accessing these media, technical access data is transmitted to Cloudflare. Use is based on Art. 6(1)(f) GDPR.

Suno (External Playlist Links)

On our playlist page, we link to playlists on Suno (suno.com). When you click such a link, you leave our website and are redirected to suno.com. Only by clicking the link is a connection to Suno's servers established, during which your IP address and browser information are transmitted to Suno. We have no influence on the data processing by Suno. For more information, see Suno's privacy policy: https://suno.com/privacy. The linking is based on Art. 6(1)(f) GDPR (legitimate interest in presenting our music).

Tally.so (Feedback Form)

For the feedback form at /feedback we use Tally.so (Tally B.V., Belgium). When you open the feedback page, the form is loaded through Tally. Tally processes the voluntarily entered content and technical access data to provide and transmit the feedback. The legal basis is Art. 6(1)(a) GDPR when you actively submit the form, and Art. 6(1)(f) GDPR for technical delivery. More information: https://tally.so/help/gdpr

7. Note on AI-Generated Content

Parts of the content on this website (music, texts, images, character profiles and lore) have been or are created with the help of AI services. Finished website content is curated by the website operator, stored in the project or in Cloudflare R2, and delivered by Rebel Girl FM. When visitors access finished content, no visitor data is transmitted to AI providers. All characters, biographies, roles, age details, contact details within the lore and other information that may appear personal on this website are fictional and do not describe real people. No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

Song Generator, OpenRouter and D1 Archive

The song generator processes the text you enter, selected character, language, mood, duration and format through a server-side Cloudflare Workers API. For text generation, the prompt is forwarded via OpenRouter to server-side allowlisted free text models; paid models are not enabled in the application. OpenRouter may technically process the request outside the EU. The API uses origin checks, rate limits, size limits, allowed values, prompt-format checks and input filters. For rate limiting, the IP address may be processed briefly for technical purposes; the Cloudflare D1 archive stores song title, idea, character, lyrics, German translation, style and timestamp, but no IP addresses or full user-agent strings. Please do not enter personal or confidential data there.

8. Privacy in the Native App (Android and iOS)

Scope and Core Principle

This section applies to the native Rebel Girl FM app for Android and iOS. The app does not require a user account and contains no push advertising, subscription or song generator. Favorites, history, settings and offline downloads are not synchronized with a Rebel Girl FM account.

App Catalog, API and Cloudflare CDN

The app loads the media catalog from rebel-girl-fm.de, song data through the versioned app API, and audio, video, image and lyrics files from cdn.rebel-girl-fm.de. Cloudflare and our servers may process technically required access data such as IP address, time, requested URL, response and error data, and the app user agent. The purposes and legal bases are delivery of the requested app content and our legitimate interest in secure and stable operation under Art. 6(1)(b) and/or (f) GDPR. The Cloudflare information under "Hosting" also applies.

Data Stored Locally on the Device

The app stores the language, Wi-Fi download setting, background display setting, shift reminders, first-start notice, audio and video favorites, playback history of up to 100 entries, and references to downloaded audio files in protected app storage. This data remains on the device and is not automatically transmitted to Rebel Girl FM or third parties.

Streaming, Lyrics, Downloads and Network Status

Audio, videos, covers and lyrics are loaded from the Cloudflare CDN over HTTPS only at your request. Audio can be downloaded to app-specific document storage and played offline; videos remain online-only. If "Wi-Fi only" is enabled, the app locally checks whether Wi-Fi or Ethernet is available. Network status is not stored permanently or transmitted for analytics.

Optional Local Shift Reminders

Shift reminders are disabled by default. Only after you enable them does the app request notification permission and schedule reminders locally on the device in the Europe/Berlin time zone. No push message is sent through a Rebel Girl FM server, no push token is created and no notification identifier is transmitted to us. Reminders can be disabled in the app or system settings.

Background Playback and Media Controls

Audio playback started by the user may continue in the background. Android uses a media playback service, wake lock and visible media notification; iOS uses the audio background mode. The title and playback status may appear in system media controls. This feature is used only for playback and does not transmit additional personal data to Rebel Girl FM.

Permissions

The app uses internet access for the catalog and media, optional notification permission for shift reminders, and technical Android permissions for background audio playback, wake lock and restoring local reminders after a restart. The app does not request access to location, contacts, camera or microphone. Audio downloads are stored in app-specific storage and do not require general access to your photos or files.

Sharing and External Links

When you share a title, the app passes the action you initiated to the operating system share sheet. Only the target app you select processes the shared content under its own privacy rules. Links to Suno, Mastodon, YouTube, Telegram, Twitch, TikTok, Funkwhale, Discord, the privacy policy and legal notice open in an external app only after your selection. From that point, the respective provider independently processes technical access data in particular.

No Tracking, Advertising or Device Identifiers

The app contains no analytics, advertising, Firebase, crash-reporting or tracking SDKs. Rebel Girl FM does not create usage profiles, use an advertising ID, or read contacts, location data or other device identifiers. Only technically necessary access and security data from requested HTTPS connections may be generated on the server side.

Retention and Deletion in the App

Local data remains stored until you delete it in the app settings, remove individual downloads or uninstall the app. Favorites, history and downloads can be deleted separately. Uninstalling generally removes app-specific local storage according to operating-system rules. Technical server and security logs are subject to the periods described under Hosting and are not removed by deleting local app data.

App Stores and Operating-System Providers

If you obtain the app through Google Play or the Apple App Store, Google or Apple independently processes download, account, device and, where applicable, payment or diagnostic data. Rebel Girl FM does not receive complete store account or payment data. The privacy terms of the store and operating system you use also apply.

9. Updates to This Privacy Policy

This privacy policy is currently valid as of July 16, 2026. Continued development of the website and app, new features, or changed legal or regulatory requirements may require an update. The current version can always be accessed on this page.