FREE: 5 Premium Sheets, worth $10+ Claim yours →
Pianisso
Back to home

Privacy Policy

Last updated 2026-04-19

This policy explains what data we collect when you use Pianisso, why we collect it, and the rights you have over it. It applies to pianisso.com and all Pianisso subdomains.

1. Who is the controller

The data controller responsible for your personal data is SB Media OG (trading as Pianisso), Schareckstraße 3, 5640 Bad Gastein, Austria. UID: ATU82613129. You can reach us at office@sbmedia.at.

2. What data we collect

We collect only what we need to give you a working account and a personalized experience:

  • Account data — email, display name, hashed password, preferred language, and your role (member, admin).
  • Order and membership data — products purchased, invoice data, subscription status, and Stripe customer identifiers.
  • Usage data — pages viewed, sheets opened, downloads, favorites, ratings, AI Discovery queries, and quiz answers. With your consent, this also includes anonymized session recordings and heatmaps.
  • Support and communication data — emails you send us, support tickets, and your responses to our emails (opens, clicks, bounces).
  • Technical data — IP address, user agent, device type, and consent choices. IPs are used only for rate limiting, fraud prevention, and regional analytics, and are not stored beyond what's strictly necessary.

3. Legal basis

We process your data under Art. 6 GDPR: contract performance (account, orders, membership), legitimate interest (security, fraud prevention, minimal error logging), your consent (analytics and marketing cookies, newsletter), and legal obligation (tax retention).

4. Who processes your data

We rely on a small set of carefully chosen processors. Each is bound by a Data Processing Agreement:

  • Supabase (Frankfurt, EU) — authentication and primary database.
  • Cloudflare (EU edge + R2 EU bucket) — hosting, CDN, file storage, and cookieless traffic analytics.
  • Stripe Payments Europe (Ireland) — checkout, subscriptions, invoices. Your payment card never touches our servers.
  • Resend (EU) — transactional and marketing emails.
  • PostHog (EU cloud) — product analytics, session replay, and heatmaps. Loaded only with your analytics consent.
  • Google Tag Manager (loaded only with your marketing consent) — used to configure future advertising tags. No data is sent to Google unless marketing consent is granted.

5. How long we keep your data

Account data: as long as your account exists. Orders and invoices: 7 years (Austrian tax law). Guest carts: 7 days. Email activity: 30 days. Analytics events: 12 months. Support tickets: 2 years. On account deletion, we remove or anonymize everything that is not subject to a legal retention obligation.

6. Your rights

Under the GDPR you have the right to access, correct, delete, restrict, or port your data, and to object to certain processing. You can request a full data export or account deletion from your account page, or by emailing office@sbmedia.at. You also have the right to file a complaint with the Austrian data protection authority (dsb.gv.at).

7. Cookies and tracking

We set essential cookies required for the site to work (session, cart, language, consent decision). Analytics and marketing cookies are only set after you accept them in the consent banner. You can change your choices anytime via the 'Cookie preferences' link in the footer.

8. Children

Pianisso is not directed at children under 16. If you're under 16, please have a parent or guardian create the account and manage payments.

9. Changes to this policy

If we materially change how we handle your data, we'll update this page and, for existing accounts, notify you by email.