Privacy Policy

Last updated: May 21, 2026

This Privacy Policy explains how Radyora processes your personal data when you use the website, mobile application, and other services associated with radyora.app, together referred to as the “Service”.

The processing of personal data is carried out in accordance with the General Data Protection Regulation (“GDPR”) and other applicable privacy and data protection laws. For information about cookies and similar technologies, please see the Cookie Policy. For rules governing use of the Service, please see the Terms and Conditions.

1. Data controller

The data controller responsible for the processing of personal data is:

Radyora

Email: [email protected]

2. Geographic scope of the Service

The Service is initially intended for users in Portugal and Spain, but it may be made available and used by users in other countries. Radyora may include radio stations, podcasts, episodes, RSS feeds, and other audio content associated with different countries, regions, languages, and markets.

The processing of personal data may vary depending on the user’s country/region, the platform used, the features available, applicable legal requirements, consent preferences, and the technical or advertising providers used in each context.

3. Personal data we process

Depending on how you use the Service, we may process different categories of personal data.

3.1. Data provided by the user

User account: name, username, email address, password protected through appropriate technical mechanisms, account identifier, preferences, and data associated with the profile.

Contacts and communications: name, email address, message content, and other data you send us when contacting us, including support requests, correction requests, content removal requests, communications from rights holders, or other enquiries.

Optional communications: email address and, when provided, name or communication preferences, if you subscribe to newsletters, alerts, campaigns, or other Radyora communications.

3.2. Data collected automatically

Technical data: IP address, device type, operating system, application version, browser, language, approximate country or region, date and time of access, technical identifiers, session data, and information necessary for the technical operation of the Service.

Usage data: pages visited, screens viewed, clicks, player interactions, searches, filters used, countries, regions or categories consulted, radio stations viewed, radio stations played, podcasts consulted, episodes played, features used, traffic source, and other events related to use of the Service.

Performance and diagnostic data: technical logs, error events, crashes, performance data, loading times, server requests, and information necessary for security, maintenance, diagnostics, and improvement of the Service.

3.3. Favourites, history, and personalization

When you use features such as favourites, recently played radio stations, consulted podcasts, played episodes, preferences, or personalization, we may process data such as the account or device identifier, the identification of the associated radio stations, podcasts, or episodes, the date and time of the interaction, and information necessary to provide those features.

This data allows us, for example, to save favourite radio stations, podcasts, or episodes, display recently played content, improve the browsing experience, organize related suggestions, and sync preferences across devices, where applicable.

3.4. Data related to radio stations, podcasts, rights holders, and removal requests

When a radio station, broadcaster, podcaster, production company, rights holder, representative, streaming provider, podcast hosting provider, or technical provider contacts us to request a correction, update, attribution change, stream change, RSS feed change, logo or cover image replacement, content removal, or another rights-related request, we may process the data necessary to review and respond to the request.

This data may include name, role, represented entity, professional email address, information about the radio station, podcast, episode, feed, stream, or content concerned, reasonable proof of ownership or representation, and the content of the communication.

4. Purposes and legal bases

We process personal data for the purposes and on the legal bases indicated below.

4.1. Account creation and management

We process data to create accounts, allow authentication, manage sessions, enable account recovery, protect the account, and provide associated features.

Legal basis: performance of a contract and legitimate interest in the security of the Service.

4.2. Provision of the Service

We process data to enable the operation of the website and application, including browsing, radio playback, podcast or episode playback, favourites, recently played radio stations, consulted podcasts, played episodes, preferences, radio station pages, podcast pages, search, filters, countries, languages, categories, and other features.

Legal basis: performance of a contract and legitimate interest in ensuring the operation, stability, and improvement of the Service.

4.3. Experience personalization

We process data to remember preferences, display favourite radio stations, podcasts, or episodes, recently played radio stations, consulted podcasts, played episodes, related suggestions, and improve the organization of content shown to the user.

Legal basis: performance of a contract, consent where required, and/or legitimate interest in improving the user experience.

4.4. Communication and support

We process data to respond to messages, support requests, privacy questions, rights holder requests, removal requests, information corrections, and other communications sent by the user or by third parties.

Legal basis: legitimate interest in responding to requests, performance of a contract where applicable, and legal obligation where the communication concerns the exercise of legal rights.

4.5. Security, abuse prevention, and technical maintenance

We process technical data and logs to protect the Service, prevent fraud, abuse, abusive scraping, cyberattacks, unauthorized access, irregular use, technical failures, and other threats to the security or integrity of the platform.

Legal basis: legitimate interest in protecting the Service, users, and third parties, and compliance with legal obligations where applicable.

4.6. Statistics, analytics, and Service improvement

We may process usage data and technical data to measure performance, understand how the Service is used, detect errors, improve features, optimize the experience, evaluate usage by country, region, language, category, or content type, and develop new features.

Legal basis: consent where required by law for cookies, identifiers, or non-essential technologies; and/or legitimate interest where the analysis is strictly necessary, limited, and proportionate.

4.7. Advertising and monetization

The Service may display first-party or third-party advertising. Where applicable, we may process technical data, usage data, online identifiers, consent preferences, and contextual information to display, limit, measure, or personalize ads.

Legal basis: consent where required for personalized advertising, advertising identifiers, or similar technologies; legitimate interest or page context where applicable and permitted by law for non-personalized or contextual advertising.

4.8. Marketing communications

When the user subscribes to Radyora communications, we may process the email address and preferences to send news, campaigns, updates, or information related to the Service.

Legal basis: consent. The user may withdraw consent at any time.

4.9. Legal compliance and defence of rights

We may process data to comply with legal obligations, respond to competent authorities, manage complaints, preserve evidence, protect the rights of Radyora, users, or third parties, and respond to requests related to copyright, trademarks, related rights, personality rights, or other rights.

Legal basis: legal obligation and/or legitimate interest in the defence of rights.

5. Cookies, identifiers, and similar technologies

The website and application may use cookies, local storage, technical identifiers, device identifiers, advertising identifiers, SDKs, pixels, tags, and similar technologies.

These technologies may be used to:

Ensure the technical operation of the Service.

Store preferences.

Maintain authenticated sessions.

Store or display favourites, history, recently played radio stations, consulted podcasts, or played episodes.

Measure usage and performance.

Detect errors and improve stability.

Display and measure advertising.

Measure campaigns or traffic sources.

Strictly necessary technologies may be used without consent when they are essential to provide the requested Service. Statistics, advertising, marketing, or non-essential personalization technologies will be used where required by law and in accordance with the user’s consent preferences.

For more information about categories, purposes, duration, and preference management, please see the Cookie Policy.

6. Recipients and service providers

We may share personal data with service providers that help us operate, protect, maintain, analyse, and improve the Service. Where they act as processors, these providers must process data only according to our instructions and adopt appropriate security and confidentiality measures.

Depending on the features used, we may rely on providers for:

Hosting, infrastructure, databases, and storage.

Content delivery network, performance, and security.

Authentication, account management, and transactional communications.

Analytics, statistics, error monitoring, and performance monitoring.

Advertising, ad measurement, and consent management.

Email communications, support, and request management.

Log processing, abuse prevention, and security.

Technical playback, organization, or updating of streams, RSS feeds, podcasts, episodes, and associated metadata.

We may also share data where necessary to comply with legal obligations, respond to requests from competent authorities, protect rights, prevent abuse, investigate security incidents, or defend the legitimate interests of Radyora, users, or third parties.

7. Distribution platforms and independent third parties

When you download or use the application through platforms such as Apple’s App Store or Google Play, those platforms may process personal data as independent controllers, according to their own privacy policies and terms.

Radyora does not fully control the processing carried out by those platforms, including data related to app installation, device, store account, reviews, purchases, platform metrics, or reports provided by app stores.

The Service may also allow access to streams, websites, RSS feeds, official pages, podcast platforms, hosting platforms, services, or third-party content. These third parties may process data according to their own policies when the user interacts directly with them or when their services are used to provide content.

8. International data transfers

Some service providers or technology partners may process personal data outside the European Economic Area.

Where international data transfers occur, we will adopt appropriate safeguards under applicable law, including, where necessary, Standard Contractual Clauses approved by the European Commission, adequacy decisions, supplementary technical and organizational measures, or other legally recognized mechanisms.

9. Data retention periods

We retain personal data only for the period necessary to fulfil the purposes described in this Policy, unless the law requires or permits a longer period.

Account data: while the account is active. After account deletion, we may retain minimal data for a limited period where necessary for legal compliance, fraud prevention, security, dispute resolution, or defence of rights.

Favourites and preferences: while the account is active or while the feature is used. After account deletion, this data will be deleted or anonymized, except for temporary and proportionate technical retention.

Recently played radio stations, consulted podcasts, played episodes, and personalization data: for the period necessary to provide the feature or until the user deletes the information, where that option is available.

Communications and support requests: for the period necessary to respond to the request and retain an appropriate record, where necessary for management, evidence, legal compliance, or defence of rights.

Rights holder requests: for the period necessary to review, respond to, and retain reasonable evidence of the request, the decision taken, and any related communications.

Technical and security logs: for periods limited and proportionate to the purposes of security, diagnostics, abuse prevention, and technical maintenance.

Marketing data: until consent is withdrawn or the subscription is cancelled, without prejudice to the retention of minimal proof of consent or objection where legally necessary.

Cookies and similar technologies: as described in the Cookie Policy and according to the user’s preferences.

10. Data subject rights

Under the GDPR, the user may exercise, where applicable, the following rights:

Right of access: obtain confirmation as to whether we process your personal data and access that data.

Right to rectification: correct inaccurate or incomplete data.

Right to erasure: request deletion of your personal data, within the applicable legal limits.

Right to restriction of processing: request restriction of processing in certain situations.

Right to data portability: receive the data you provided in a structured, commonly used, machine-readable format, where applicable.

Right to object: object to processing based on legitimate interest, including certain forms of direct marketing.

Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

To exercise your rights, please contact us at [email protected]. We may request additional information to confirm your identity and protect data security.

The user also has the right to lodge a complaint with the competent supervisory authority. In Portugal, the supervisory authority is the CNPD — Comissão Nacional de Proteção de Dados. In Spain, you may contact the AEPD — Agencia Española de Protección de Datos, without prejudice to your right to contact the competent authority in your country/region of residence.

11. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, improper disclosure, or unlawful processing.

These measures may include, depending on the context, access controls, credential protection, password encryption or hashing, security logs, technical monitoring, anti-abuse mechanisms, backups, internal access limitation, and other practices proportionate to the risk.

Despite the measures adopted, no system is completely infallible. The user should also protect their credentials and use the Service responsibly.

12. Minors

The Service is not intended for minors under 16 without authorization and supervision from their legal representatives, or another minimum age applicable in the user’s country or region.

If we become aware that personal data of a minor has been collected improperly, we will take appropriate measures to delete or limit that processing. If you believe improper collection has occurred, please contact us at [email protected].

13. Third-party links and services

The Service may include links to websites, streams, RSS feeds, official pages, podcast platforms, hosting platforms, services, or third-party content. This Privacy Policy applies only to processing carried out by Radyora.

We do not control the privacy practices of third parties and recommend that users consult their respective privacy policies and terms before using those services or providing personal data.

14. Changes to this Policy

We may update this Privacy Policy periodically to reflect legal, technical, operational, or functional changes to the Service.

The version in force will always be available on the Service with the date of last update. Where changes are relevant, we may communicate them through the Service or by other appropriate means.

15. Contact

For any question relating to privacy, data protection, exercise of rights, or processing of personal data, please contact us at:

Email: [email protected]