Privacy Policy

Email Addresses

Your email address is the only personal data we collect from you. It is required when you create a listing or contact a seller. We use your email address exclusively for anonymized message forwarding through our PianoHub Messenger and store it only as long as necessary for this purpose.

If you send a support request via the contact form, we store your email address to reply to you. This communication is not anonymized.

Retention period: For listings: Until deletion or expiration of the listing. For contact requests: As long as the associated listing is online. For support requests: Until final processing or earlier upon request.

Legal basis: Art. 6 (1) lit. b GDPR (Performance of a Contract) or Art. 6 (1) lit. f GDPR (legitimate interest in providing support services)

PianoHub Messenger

Our self-developed PianoHub Messenger enables anonymized communication between buyers and sellers. When you send a message through PianoHub, it is sent via an automatically generated forwarding address. Your real email address is never disclosed to the other party.

The content of your messages is only temporarily cached for forwarding and then immediately deleted. We do not permanently store message contents on our servers.

Retention period: Email addresses of communication partners: As long as the associated listing is online. Message contents: Only for technical delivery (a few seconds).

Legal basis: Art. 6 (1) lit. b GDPR (Performance of a Contract)

Listing Data

When you create a listing, we store the information you provide about the instrument (brand, model, price, location, description, images, etc.) as well as your email address. This data is used to display the listing on the platform and enable contact requests. Most of this data is publicly visible, with the exception of your email address and optionally your name.

Retention period: Until deletion of the listing by you or automatically after expiration of the listing period.

Legal basis: Art. 6 (1) lit. b GDPR (Performance of a Contract)

Partner Data (PianoHub Partners only)

If you apply as a specialist dealer for the partner program or become a partner, we process additional business data such as: store name, management, business email address, website, and business address. This data is used exclusively to verify your partner status and provide partner features.

Retention period: As long as the partner status is active. After termination of the partner status, the data will be deleted unless there are legal retention obligations.

Legal basis: Art. 6 (1) lit. b GDPR (Performance of a Contract)

Technically Necessary Cookies

We use the following cookies to ensure the functionality of the website and improve your user experience:

• NEXT_LOCALE: Stores the language you selected in the website settings. Retention period: Until browser is closed (session cookie).
• pianohub_currency: Stores your preferred currency for price display. Retention period: 1 year.
• pianohub_sortBy: Stores your preferred sorting order for listings. Retention period: 1 year.
• pianohub_pageSize: Stores your preferred number of listings per page. Retention period: 1 year.
• pianohub_csrf_token: Protects forms against Cross-Site Request Forgery (CSRF) attacks. This security cookie ensures that requests actually originate from you. Retention period: 8 hours.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in providing a user-friendly website). These cookies are technically necessary and do not require consent.

Cookies from Embedded Video Services

When you actively click Play on an embedded video in a listing, your browser connects to the servers of YouTube (youtube-nocookie.com) or Vimeo. These providers may then set technical cookies on your device. These cookies are neither set nor controlled by us and are subject to the respective providers's privacy policies. Since the player only loads after your active click, that click constitutes consent under Art. 6(1)(a) GDPR. For further details, see the External Services section above under "Embedded Videos".

Local Storage (localStorage)

In addition to cookies, we use your browser's local storage to save the following settings locally on your device:

• settings: Stores the website settings you configured.
• search-filters: Stores your search filters and display settings.
• watchlist: Stores the IDs of listings on your watchlist.
• info-banner: Stores whether you have dismissed the information banner.

Retention period: Unlimited, until you clear your browser cache or manually remove the data

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in providing convenient user features). The data is stored exclusively locally in your browser and not transmitted to our servers.

Frontend Hosting (Website Delivery)

The PianoHub website is hosted and delivered via specialized hosting providers (Vercel Inc., San Francisco, USA and/or Netlify Inc., San Francisco, USA). When you visit PianoHub or submit forms, your requests are routed through the respective hosting infrastructure.

Technical data such as your IP address, browser information, and timestamps may be temporarily processed. The providers use global Content Delivery Networks (CDN) that distribute data across various regions for optimal loading speed. Both providers operate in compliance with GDPR based on Standard Contractual Clauses.

The hosting providers do not permanently store personal user data and have no access to the contents of your listings or messages, which are stored exclusively in our backend database.

Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA and Netlify Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in performant and reliable website delivery)

Privacy Policies: Vercel | Netlify

Backend and Database

All permanently stored data on PianoHub (listing data, email addresses for message delivery, relay conversations, etc.) is stored in our backend database, which is hosted by an external database service provider.

We carefully select our service providers and ensure that they operate in compliance with GDPR and run servers within the EU or in countries with adequate data protection standards. The service provider has access to the data solely for the purpose of providing the technical infrastructure.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a functional platform)

Email Delivery

For sending emails (confirmation emails for listings, forwarding via PianoHub Messenger, etc.), we use external email delivery service providers (SMTP providers). These service providers have access to email contents solely for the purpose of technical delivery.

Email service providers store messages only temporarily for delivery and delete them afterwards. We use exclusively GDPR-compliant providers.

Legal basis: Art. 6 (1) lit. b GDPR (Performance of a Contract) or Art. 6 (1) lit. f GDPR (legitimate interest in reliable email delivery)

Cloudflare Turnstile (Bot Protection)

To protect against spam and automated requests, we use Cloudflare Turnstile. This service checks whether form requests come from real users. Unlike traditional CAPTCHAs, Turnstile is privacy-friendly and GDPR-compliant.

When using forms (create listing, contact form, send message), IP addresses and technical information (browser fingerprint) may be briefly transmitted to Cloudflare to validate the request. No personal data is permanently stored.

Provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in preventing abuse and spam)

Cloudflare Privacy Policy

Google Fonts (Typography)

PianoHub uses Google Fonts for displaying typefaces. However, these are not loaded from Google servers but are automatically downloaded during website build time and hosted as part of our website infrastructure (self-hosting via Next.js).

This means: When you visit PianoHub, no requests are sent to Google servers and no data (such as your IP address) is transmitted to Google. The fonts are provided exclusively through our website infrastructure.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in appealing typographic design of the website without data transmission to third parties)

Embedded Videos (YouTube, Vimeo)

Some partner listings may contain embedded videos from YouTube (Google LLC) or Vimeo (Vimeo Inc.). We use a privacy-first loading mechanism that only establishes a connection to the providers upon your active consent.

On page load (before clicking Play):

Only a preview thumbnail is displayed. YouTube thumbnails are loaded directly from YouTube's CDN – your IP address is transmitted to Google's servers, but no cookies or tracking mechanisms are activated. Vimeo thumbnails are fetched via Vimeo's public oEmbed API – this also sends a request containing your IP address to Vimeo's servers.

When you click Play:

Only when you actively click Play is a video player loaded and a direct connection established to the servers of Google LLC (youtube-nocookie.com) or Vimeo Inc. From this point, the providers may collect data including: your IP address, browser and device information (browser type, operating system, screen resolution), the URL of the page you are visiting, and video playback data (e.g. play duration, pause behavior). Technical cookies may also be set by the providers.

YouTube videos are exclusively embedded via youtube-nocookie.com. This more privacy-friendly variant of YouTube does not set cookies for personalized advertising and does not transmit data about your behavior on our site to Google for advertising purposes.

Legal basis: Art. 6(1)(f) GDPR for loading preview thumbnails (legitimate interest in usably presenting partner content), Art. 6(1)(a) GDPR for playing videos (consent by actively clicking Play).

Privacy policies of the providers: YouTube (Google) | Vimeo

No Other Google Services

Apart from the self-hosted Google Fonts and the YouTube video embedding described above, PianoHub deliberately avoids using other Google services such as Google Analytics, Google Maps, or Google reCAPTCHA. There is no Google tracking and no usage analytics by Google. YouTube videos are exclusively embedded via youtube-nocookie.com and only load after your active consent – without Google receiving data about your browsing behavior on our site for advertising purposes.

Website Analytics

To better understand the usage and performance of PianoHub, we use Vercel Web Analytics. This service collects basic website metrics such as page views, visitor sources (referrers), device information, and geographic regions (at country level).

Vercel Web Analytics is fully cookieless and GDPR-compliant. No personal data such as IP addresses is stored or associated with you. Analysis is performed exclusively on an aggregated basis to improve website performance and user experience.

There is no cross-site tracking, profiling, or sharing of data for advertising purposes.

Provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing and improving our website)

Vercel Privacy Policy