Privacy

Who runs this

rrradio.org is a non-commercial side project by Markus Steinbrecher. The source code is open on GitHub; every change is in public git history. Contact: open an issue on GitHub or email support@rrradio.org.

What the web app collects

The web app at rrradio.org uses GoatCounter for anonymous usage analytics. GoatCounter is privacy-friendly by design: no cookies, no user IDs, no cross-site tracking, IP addresses are hashed and discarded. We use it to count:

• Page visits.
• Tab switches (e.g. "Browse", "Favorites").
• Station plays — by station name only, never tied to a person.
• Errors when a stream fails to load — used to find broken stations.
• Broken-station reports you submit manually. The report includes the station id/name, stream host (not full URL query strings), app platform/version, and the current playback error message when available.
• Runtime errors in the app itself (caught JavaScript exceptions, unhandled promise rejections, catalog or worker fetch failures). For each we record the error class (e.g. TypeError), a short message with URLs redacted (capped at 120 characters), the build version, the page path (e.g. / or /station/grrif/), and the station id when relevant. No stack traces, no user agent, no personal data. Used to detect regressions in production.
• Visitor country, derived from your IP at request time and immediately discarded; we only see the aggregate count per country.

None of this is linked to any identifier we could later use to recognize you. We see "Switzerland: 589 visits" — not who those visits were from.

What the iOS app collects

The iOS app does not track sessions or send background analytics. If you tap "Report broken station", it sends the same anonymous structured report as the web app: station id/name, stream host, app version, and current playback error message when available. It does not include your name, email, device identifier, or Apple account.

The iOS app can keep a small on-device diagnostic log so you can copy troubleshooting details from Settings. This is off by default. If you turn on "Collect Diagnostics", it stores the last 100 operational events for up to 14 days, such as catalog load status, playback state changes, stream host, station id, and sanitized error messages. It does not include full stream URLs, track titles, artist names, device identifiers, or Apple account data, and it is not sent anywhere unless you copy it yourself.

What stays on your device

The following are stored locally and never sent to any server we control:

• Stations you mark as favorites. On iOS, if iCloud Sync is enabled, favorites are also stored in your private iCloud database so they can restore after reinstall.
• Station lists and stations you add yourself. On iOS, if iCloud Sync is enabled, these are also stored in your private iCloud database so they can restore after reinstall.
• Recently played stations.
• Theme preference, accent color, volume, sleep-timer settings, landing-page choice, favorites-view layout, language choice, wake-default preference, and car-mode preference. On iOS, if iCloud Sync is enabled, these app preferences are also stored in your private iCloud database.
• Wake alarm settings and any Shortcuts automation you create for scheduled playback.
• iOS listening history, if you enable it in Settings. The default retention is 90 days; you can choose 30 days, 1 year, or forever, export it, or clear it from the app.
• iOS diagnostics, only if you turn on Collect Diagnostics; capped to the last 100 events and 14 days.

On the web this lives in your browser's localStorage; on iOS in the app's local storage, with the iCloud Sync exception described above. Clearing your browser's site data (web) wipes the web copy. Deleting the iOS app wipes on-device data; synced iCloud data remains available for restore until you remove it from the app's iCloud Sync settings.

The iOS wake-to-radio guide explains why reliable autoplay uses Apple's Shortcuts automation system: Wake-to-radio reliability guide.

Connections to broadcaster servers

When you play a station, your device opens an audio stream directly to that broadcaster's server (BR, WDR, BBC, SRG SSR, and so on — see the catalog for the full list). That server receives your IP address — the same as if you typed their stream URL into a browser yourself. We have no access to and no insight into what those broadcasters log. Their privacy policies apply to that connection, not ours.

The same is true for now-playing metadata fetched directly from broadcasters whose APIs allow cross-origin requests (SRG SSR, MDR, SWR, FFH, Klassik Radio, laut.fm).

Logos and trademarks

rrradio.org is an independent directory. It is not affiliated with, endorsed by, or sponsored by any of the broadcasters, stations, or networks it lists. Station names and logos are the trademarks of their respective owners, and appear here only to help you identify a station and its stream — the same way a printed radio guide or an on-screen programme guide shows them.

Wherever possible the logo shown is the broadcaster's own published artwork or a freely-licensed image, and we are actively migrating the catalog off any remaining non-free images. We don't alter logos beyond resizing for display, and we never present a broadcaster's mark as our own — rrradio.org has its own logo.

If you own a station's brand and would prefer its logo not appear here — or want it corrected or replaced — open an issue on GitHub or email support@rrradio.org and we'll remove or update it promptly.

Cloudflare Worker proxy

For broadcasters whose now-playing APIs don't allow cross-origin requests, the app routes those metadata fetches through a small Cloudflare Worker we operate (stats.rrradio.org). Cloudflare's standard infrastructure logging applies to those requests (typically: IP address held briefly for abuse prevention, then discarded). The Worker itself stores nothing; it just forwards the broadcaster's JSON back to your browser.

The same Worker also fronts the GoatCounter stats endpoint that backs the app's "Stats" sheet — the API token stays on the server side so the public page never sees it.

What we don't do

• No advertising. No ad networks. No third-party trackers.
• No fingerprinting (no canvas, no audio-context, no font enumeration).
• No accounts, no logins, no email collection.
• No cross-site or cross-app tracking.
• No selling or sharing data — there's no data to sell.

Cookies

The main app does not set cookies.

Your rights

Because we don't collect personally identifiable information about app users, we have nothing to link to you and nothing to delete on request. The data we do see is aggregate ("<station> was played <n> times"), which doesn't identify any individual.

If you have a question or concern, open an issue on GitHub or email the address above. We'll respond.

Data retention

• GoatCounter aggregate counts — kept indefinitely. They're not personal data; they're "rrradio.org received N visits" and "<station X> was played M times".
• Cloudflare Worker access logs — per Cloudflare's defaults, typically 24 hours to a few days. We don't write our own logs on top of that.
• On-device data — stays as long as you keep the app installed or haven't cleared site data.
• iOS iCloud Sync data — favorites, station lists, added stations, and app preferences stay in your private iCloud database until you remove rrradio.org data from iCloud or disable/delete it through Apple's iCloud controls.
• iOS diagnostics — off by default; when enabled, capped to 100 events and pruned after 14 days. Turning it off clears the local diagnostic log.
• iOS listening history — off by default; when enabled, kept for your selected retention window (30 days, 90 days by default, 1 year, or forever) until you clear it or delete the app.

Changes to this policy

If we change something materially (add a different analytics provider, accept user accounts, integrate any kind of tracking, etc.), we'll update this page with a new "Last updated" date. The full edit history is visible in git on GitHub.