Privacy

Effective 2026-05-02 · Last updated 2026-05-02

Short version. rrradio doesn't ask for your name, email, or any account. The web app uses cookieless privacy-friendly analytics to count plays per station; the iOS app does no analytics. Favorites and recents stay on your device. When you play a station, your device connects directly to that broadcaster's server — same as opening their URL in a browser — so their privacy policy governs that connection.

Who runs this

rrradio is a non-commercial side project by Markus Steinbrecher. The source code is open on GitHub; every change is in public git history. Contact: open an issue on GitHub or email redsukramst@gmail.com.

What the web app collects

The web app at rrradio.org uses GoatCounter for anonymous usage analytics. GoatCounter is privacy-friendly by design: no cookies, no user IDs, no cross-site tracking, IP addresses are hashed and discarded. We use it to count:

Page visits.
Tab switches (e.g. "Browse", "Favorites").
Station plays — by station name only, never tied to a person.
Errors when a stream fails to load — used to find broken stations.
Runtime errors in the app itself (caught JavaScript exceptions, unhandled promise rejections, catalog or worker fetch failures). For each we record the error class (e.g. TypeError), a short message with URLs redacted (capped at 120 characters), the build version, the page path (e.g. / or /station/grrif/), and the station id when relevant. No stack traces, no user agent, no personal data. Used to detect regressions in production.
Visitor country, derived from your IP at request time and immediately discarded; we only see the aggregate count per country.

None of this is linked to any identifier we could later use to recognize you. We see "Switzerland: 589 visits" — not who those visits were from.

What the iOS app collects

The iOS app does no analytics at all. It does not phone home, does not track sessions, does not record any usage data anywhere outside your device.

What stays on your device

The following are stored locally and never sent to any server we control:

Stations you mark as favorites.
Recently played stations.
Theme preference, volume, sleep-timer settings, custom-station URLs you add yourself.

On the web this lives in your browser's localStorage; on iOS in the app's local storage. Clearing your browser's site data (web) or deleting the app (iOS) wipes it instantly.

Connections to broadcaster servers

When you play a station, your device opens an audio stream directly to that broadcaster's server (BR, WDR, BBC, SRG SSR, and so on — see the catalog for the full list). That server receives your IP address — the same as if you typed their stream URL into a browser yourself. We have no access to and no insight into what those broadcasters log. Their privacy policies apply to that connection, not ours.

The same is true for now-playing metadata fetched directly from broadcasters whose APIs allow cross-origin requests (SRG SSR, MDR, SWR, FFH, Klassik Radio, laut.fm).

Cloudflare Worker proxy

For broadcasters whose now-playing APIs don't allow cross-origin requests, the app routes those metadata fetches through a small Cloudflare Worker we operate (rrradio-stats.markussteinbrecher.workers.dev). Cloudflare's standard infrastructure logging applies to those requests (typically: IP address held briefly for abuse prevention, then discarded). The Worker itself stores nothing; it just forwards the broadcaster's JSON back to your browser.

The same Worker also fronts the GoatCounter stats endpoint that backs the app's "Stats" sheet — the API token stays on the server side so the public page never sees it.

What we don't do

No advertising. No ad networks. No third-party trackers.
No fingerprinting (no canvas, no audio-context, no font enumeration).
No accounts, no logins, no email collection.
No cross-site or cross-app tracking.
No selling or sharing data — there's no data to sell.

Cookies

The main app does not set cookies. A separate admin dashboard at /dashboard.html (used only by the operator) holds an admin token in localStorage; ordinary visitors don't see it.

Your rights

Because we don't collect personally identifiable information about app users, we have nothing to link to you and nothing to delete on request. The data we do see is aggregate ("<station> was played <n> times"), which doesn't identify any individual.

If you have a question or concern, open an issue on GitHub or email the address above. We'll respond.

Data retention

GoatCounter aggregate counts — kept indefinitely. They're not personal data; they're "rrradio.org received N visits" and "<station X> was played M times".
Cloudflare Worker access logs — per Cloudflare's defaults, typically 24 hours to a few days. We don't write our own logs on top of that.
On-device data — stays as long as you keep the app installed or haven't cleared site data.

Changes to this policy

If we change something materially (add a different analytics provider, accept user accounts, integrate any kind of tracking, etc.), we'll update this page with a new "Last updated" date. The full edit history is visible in git on GitHub.