Paused — Radio Latte is playing on another device.
Radio Latte Radio Latte
For Venues RadioLatte Live! For Creators Sign in Open the radio
Legal / Privacy Policy

Radio Latte Privacy Policy

Effective date: 2026-05-21 Last updated: 2026-05-21

This policy applies to both surfaces of the Radio Latte service:

  • Venue Service — the radiolatte.com website, the venue streaming player, and the business-to-business venue subscription. Used by commercial venues such as cafés, restaurants, bars, hotel lobbies and small retailers.
  • Mobile App — the Radio Latte iOS application available on the App Store, used by individual consumers for ads-free radio listening and AI-assisted song creation (the Creators flow).

The same legal entity is the data controller for both. Where a clause applies to only one of the two products, the heading says so. Everything else applies to both.

1. Controller

Radio Latte is provided by RBN SPC LTD, company registration number HE403962, VAT number CY10403962Q, with registered office at Makariou 228, 3030 Limassol, Building A, office 714, Limassol, Cyprus (“Radio Latte”, “The Company”, “we”, “us”, or “our”).

For privacy questions: legal@radiolatte.com

2. Personal Data We Collect

2.1 Venue Service (B2B)

For business customers using the venue subscription, we collect:

  • account data: email address, magic-link login codes, session identifiers, account status;
  • business and venue data: business name, venue trading name, venue address, country, venue type, operating hours, contact name if provided;
  • billing data: Stripe customer ID, subscription ID, plan, payment status, invoice metadata, billing country, VAT ID if provided;
  • playback and service data: active session state, device label, IP address, stream heartbeat, playback events, errors, current venue/channel settings;
  • support data: emails, messages, attachments, and issue details you send us;
  • website and security data: IP address, browser/device data, request logs, cookie/session data, abuse-prevention logs.

We do not intentionally collect payment card numbers for venue subscriptions. Payments are processed by Stripe or another payment provider we select.

2.2 Mobile App (B2C)

The Mobile App is designed to use as little personal data as possible. We collect:

  • Anonymous device identifier. A random UUID generated on first launch of the Mobile App and stored in your device’s iCloud Keychain. This identifier is NOT linked to your Apple ID, real name, email address, or any advertising identifier. It survives reinstall on the same Apple ID via iCloud Keychain sync. We use it as the only anchor for your username and star-wallet balance; you remain otherwise anonymous to us.

  • Username (if you choose or accept one). A lowercase handle 3–20 characters long, either picked by you in the app or auto-generated by the app on your request (format: anonymous-xxxxx). Stored in our database against your anonymous device identifier. The username appears publicly as the artist credit on songs you create through the Creators flow, with the suffix (RL) added to identify Radio Latte–produced songs. Usernames are globally unique.

  • Lyric and title text you submit through the Creators flow. When you tap “Create AI version” or “Validate” we send the text you wrote to one or more AI safety and structuring services:

    • When your device supports it, processing happens on-device via Apple Intelligence (Foundation Models). Text in that path never leaves your device.
    • When on-device processing is unavailable, text is sent over HTTPS to Cloudflare Workers AI (Llama 3.1 8B Instruct) hosted by our subprocessor Cloudflare. We do NOT store your lyric or title text on our servers after the AI call returns. Our subprocessor may retain submitted text briefly for abuse detection in line with their own policy. See our AI and Catalog Transparency Statement for the full processing pipeline.
  • Track reports. If you report a track you hear in RadioLatte Live!, we store: the track identifier, the station it played on, the reason category you picked (inappropriate / audio quality / copyright / other), any optional free-text description you choose to add, your anonymous device identifier, and a timestamp. We use this to act on the report and to detect tracks that draw repeated complaints.

  • In-app purchase data via Apple. When you buy a star pack through the App Store, Apple Inc. is the merchant of record. We do NOT see your Apple ID, your payment method, your billing address, or your real name. Apple sends us a validated receipt indicating which product (e.g. stars10) you bought; we use that receipt to credit the corresponding stars to the wallet associated with your anonymous device identifier. Apple’s own privacy policy governs the payment transaction.

2.3 What the Mobile App does NOT collect

For clarity, the Mobile App does NOT request, access or transmit any of the following:

  • email address;
  • real name, postal address, date of birth or phone number;
  • precise or approximate location data;
  • contacts, calendar entries, photos, microphone or camera access;
  • Apple ID, IDFA, IDFV, or any device-identifying value other than the anonymous UUID described above;
  • third-party advertising or analytics identifiers;
  • automatic crash reports tied to your identity (the app uses Apple’s OSLog locally for diagnostics that stay on your device unless you share them with us in a support exchange);
  • listening history (track plays and station selections stay on your device).

2.4 Children

Both the Venue Service and the Mobile App are rated for users aged 16 and over and are not directed at children. We do not knowingly collect personal data from children under 13 (or the equivalent local age threshold). If you believe a child has provided us personal data, contact legal@radiolatte.com and we will delete it.

3. How We Use Data

3.1 Venue Service

We use data to:

  • create and manage accounts;
  • authenticate venue customers with magic links or codes;
  • provide streaming access;
  • issue venue license certificates;
  • process payments, renewals, invoices, tax, and subscription status;
  • enforce one-active-stream and anti-abuse controls;
  • provide support;
  • improve catalog quality and service reliability;
  • maintain security, fraud prevention, and logs;
  • comply with legal, tax, accounting, and dispute obligations.

3.2 Mobile App

We use data to:

  • provide free radio listening through RadioLatte Live! and the AI-assisted Creators song-creation flow;
  • bind your username to your anonymous device identifier so the same identity follows you across reinstalls and devices on the same Apple ID;
  • generate structured lyrics from your free-text input via on-device or cloud AI;
  • run safety checks on titles and lyrics before any song is baked, both to comply with App Store and local law and to protect the catalog from harmful content;
  • process reports about tracks you hear and route them to our admin team for review;
  • credit star purchases to your wallet after Apple validates the receipt;
  • prevent abuse, including rate-limiting bake requests and blocking repeat-offender devices from the Creators flow.

4. Lawful Bases

For GDPR and equivalent laws, we rely on:

  • contract: to provide the service, subscriptions, account access, playback, billing, license certificates (Venue) and to operate the Mobile App’s free listening, Creators flow, and star economy as described in the Terms;
  • legitimate interests: to secure the service, prevent abuse, run content moderation including AI safety checks, understand service reliability, respond to support requests, and improve the product;
  • legal obligation: for tax, accounting, payment, and compliance records, and for responding to lawful requests from competent authorities;
  • consent: for non-essential cookies, marketing emails, or analytics where required.

5. Cookies, Local Storage and On-device Storage

5.1 Venue Service (web)

We use essential cookies or local storage for login, sessions, checkout, security, and service operation. See the Cookie Policy for details. We do not currently use non-essential analytics, advertising, or tracking cookies; we will update this policy and provide a consent mechanism before we do.

5.2 Mobile App

The iOS app stores the following on your device only and never transmits them to us automatically:

  • star wallet counters (free + bought balances), in iOS UserDefaults;
  • drafts of in-progress songs (title, lyric text, section structure, last-edited timestamp), in iOS UserDefaults;
  • the anonymous device UUID described in section 2.2, in iCloud Keychain.

Data leaves your device only when you take a specific action (claim a username, request AI structuring or safety review, submit a track report, buy stars).

6. Sharing and Subprocessors

We may share personal data with service providers that help us operate Radio Latte. The Mobile App’s subprocessors include:

  • Apple Inc. — App Store distribution and In-App Purchase processing (merchant of record). When your device supports it, also the on-device Apple Intelligence engine used for lyric structuring and safety review (on-device processing means the text does not leave your device).
  • Cloudflare — hosting (Cloudflare Pages), Workers AI for lyric structuring and safety review (Llama 3.1 8B Instruct), D1 database for usernames / track reports / IAP redemption ledger, R2 object storage for catalog audio, and edge security.
  • Sicktempo — our music-generation backend for the Creators flow. Sicktempo receives an opaque ticket identifier when a song is baked; it never receives your username, your anonymous device identifier, your email, or any other identifying information about you.

The Venue Service’s subprocessors include the Mobile App list above plus the payment processor and email delivery providers used for venue accounts.

We maintain a draft subprocessor list separately. We may also share personal data with professional advisers, or with authorities or third parties where legally required or necessary to protect rights.

7. International Transfers

Some providers may process data outside your country or outside the European Economic Area. Where required, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, or equivalent transfer mechanisms.

8. Retention

We keep personal data only as long as needed for the purposes described above.

8.1 Venue Service draft retention targets

  • login codes: about 10 minutes, plus short security logs;
  • session records: up to 90 days or until logout/revocation;
  • subscription and invoice records: as required for tax/accounting/legal obligations;
  • venue license records: for the active subscription and a reasonable dispute period;
  • playback/security logs: normally 12 to 24 months unless needed for security, dispute, or legal reasons;
  • support emails: normally up to 24 months after last contact unless needed longer.

8.2 Mobile App retention targets

  • anonymous device identifier and username binding: retained while the device record remains active; deleted on user request via legal@radiolatte.com (subject to a 30-day reconciliation window);
  • track reports: retained 24 months after the report is resolved or dismissed, then deleted;
  • lyric and title text submitted to AI services: NOT retained on our servers after the response is returned. The Workers AI subprocessor may retain submitted text briefly for abuse detection in line with their policy;
  • IAP receipt validation records: retained 12 months for accounting and refund processing.

9. Your Rights

Depending on your location, you may have rights to:

  • access personal data;
  • correct inaccurate data;
  • delete data;
  • restrict processing;
  • object to processing;
  • receive a portable copy;
  • withdraw consent;
  • complain to a data protection authority.

To exercise rights, contact legal@radiolatte.com. For Mobile App users, please include your username so we can locate the record; we cannot otherwise re-identify you because the device identifier is intentionally anonymous.

10. Security

We use reasonable technical and organizational measures to protect personal data, including access controls, secure cookies where applicable, HTTPS for all network calls from the Mobile App, server-side authentication on every API endpoint, provider security controls, and limited access to operational systems.

No online service can be guaranteed completely secure.

11. Business Customers and Staff

If you provide personal data about staff or other business contacts in the Venue Service, you are responsible for ensuring that you have a lawful basis to provide it and that those individuals receive appropriate privacy information.

12. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated through the website, the Mobile App, email (for venue customers), or another reasonable method. The latest version is posted at radiolatte.com/legal/privacy-policy with the updated effective date.

13. Contact

Privacy contact: legal@radiolatte.com

Legal entity: RBN SPC LTD

Company registration number: HE403962

Registered address: Makariou 228, 3030 Limassol, Building A, office 714, Limassol, Cyprus

VAT number: CY10403962Q

← Back to legal hub

Radio Latte
Radio Latte
Great Music, Always.
Legal hub Transparency Terms Privacy Cookies info@radiolatte.com

RBN SPC LTD · Company reg. HE403962 · VAT CY10403962Q · Makariou 228, 3030 Limassol, Building A, office 714, Cyprus

General: info@radiolatte.com  ·  Legal & privacy: legal@radiolatte.com