Skip to main content
← Back to NoDruma

Privacy Policy

Last updated: February 2026

NoDruma (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service at nodruma.com.

1. Controller Information

The data controller responsible for your personal data is:

NoDruma
Based in Italy, European Union
Email: privacy@nodruma.com

2. Information We Collect

2.1 Information You Provide

Currently, our Service does NOT require user registration. We do not collect names, email addresses, payment information, or login credentials.

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • Search queries and video IDs you submit for processing
  • Timestamps of your activity
  • Browser type and version
  • Device information (type, operating system)
  • IP address and approximate geographic location
  • Referring website or source
  • Service performance metrics and error logs

2.3 Cookies and Tracking

We use cookies and similar technologies. See our Cookie Policy for details.

3. How We Use Your Information

  • Service Delivery: Process audio files and stream results back to you
  • Analytics: Understand usage patterns and improve the Service
  • Technical: Identify and fix bugs, monitor performance
  • Legal: Respond to legal requests and enforce our Terms

4. Third-Party Services

4.1 Umami Analytics

We use Umami for privacy-focused web analytics. Umami is cookieless and does not collect any personal data or track individual users. It collects only aggregated metrics such as page views, referrers, browser types, and device information. All data is stored on our own self-hosted infrastructure. Umami Privacy Info

4.2 Vercel Hosting

Our Service is hosted on Vercel, which may automatically collect IP addresses, request logs, and edge function execution data. Vercel Privacy Policy

4.3 Modal.com GPU Processing

Audio processing occurs on Modal.com infrastructure. Processed audio files are stored temporarily and automatically deleted within 24 hours.

4.4 YouTube API

When you search for songs, we use YouTube's API. Your search queries may be subject to Google's Privacy Policy. We do not share personal information with YouTube beyond what is necessary for search functionality.

5. Data Retention

  • Processed audio: Automatically deleted within 24 hours
  • Analytics data: Aggregated, anonymized metrics retained indefinitely on our self-hosted Umami instance
  • Server logs: Up to 90 days for debugging and security
  • IP addresses: Up to 30 days for security and fraud prevention

6. Your Rights Under GDPR

As a service based in the European Union, we comply with GDPR. You have the right to:

  • Access your personal data and obtain a copy
  • Rectification of inaccurate or incomplete data
  • Erasure (“right to be forgotten”) of your personal data
  • Restriction of processing in certain circumstances
  • Data Portability in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw Consent at any time where processing is based on consent
  • Lodge a Complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@nodruma.com. We will respond within 30 days.

7. Legal Basis for Processing

  • Legitimate Interests: To provide, maintain, and improve the Service
  • Legitimate Interests: For cookieless, privacy-respecting analytics
  • Legal Obligations: To comply with applicable laws

8. Data Sharing

We do NOT sell your data. We share data with third-party service providers only as necessary: Vercel (hosting), Modal.com (processing), YouTube/Google (search). Analytics data is self-hosted and never shared with third parties.

We may disclose information if required by law, in response to legal processes, or to protect our rights and safety.

9. International Data Transfers

We use service providers that may process data outside the EEA (Vercel, Modal.com). Analytics data is processed on our own self-hosted infrastructure within the EU. When data is transferred outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent protections).

10. Data Security

We implement reasonable technical measures to protect your data, including HTTPS encryption, secure cloud infrastructure, and access controls. However, no internet transmission is 100% secure. You use the Service at your own risk.

11. Children's Privacy

Our Service is not intended for users under 16. We do not knowingly collect information from children under 16. If you believe we have, contact us at privacy@nodruma.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use constitutes acceptance.

13. Contact Us

For questions or GDPR requests: privacy@nodruma.com