Last updated: 25 April 2026
 

This Privacy Policy explains what personal data we collect when you use Piano Age Calculator ("PAC", "Service"), available at pianoagecalculator.com, and how we use, store and protect that data. Our goal is not only to comply with applicable data protection law, including the EU General Data Protection Regulation (GDPR), but to be transparent and earn your trust.

If you have any questions about this Policy, please contact us at info@onlinepianoatlas.com.
 

1. Data Controller
 

The data controller responsible for your personal data is:

Online Piano Atlas Kft. Registered office: 1172 Budapest, Besenyszög utca 45, Hungary Company registration number: 01-09-390474 Tax number: HU10866447 Email: info@onlinepianoatlas.com

In this Policy, "we", "us" and "our" refer to Online Piano Atlas Kft.
 

2. Scope of this Policy
 

This Policy applies to the Piano Age Calculator service at pianoagecalculator.com, including its public Try-it page and the member calculator accessed via subscription.

This Policy does not cover other websites operated by us (such as onlinepianoatlas.com), which have their own privacy notices.
 

3. What Personal Data We Collect, Why, and on What Legal Basis
 

We only collect personal data that we genuinely need to provide and protect the Service. The categories below describe what we collect, why we collect it, and the legal basis under Article 6 GDPR.
 

3.1 Visitors to the public Try-it page

The Try-it page lets anyone search the database without registering or paying. We do not record any personal data from Try-it page searches. The page may receive standard server-level information (such as IP address) in transit, but this is not stored as a search log entry.

Cookies set on the public site are described in Section 7.
 

3.2 Account registration and subscription

When you create an account and subscribe to the Service through pianoagecalculator.com (operated on the Wix platform), we process:

• Your name

• Your email address

• Your billing details (passed directly to our payment processor — see Section 5)

• Your subscription plan, start date and renewal/expiry date

• Your account password (stored hashed by Wix; we never see it in plain text)
   

Purpose: to create and manage your account, provide access to the paid Service, send you transactional emails about your subscription, and meet our legal accounting obligations.

Legal basis:

• Performance of a contract (Article 6(1)(b) GDPR) — to provide the Service you paid for

• Legal obligation (Article 6(1)(c) GDPR) — Hungarian Accounting Act requires us to retain invoice data for 8 years
   

3.3 Search activity by logged-in members

Each time you perform a piano age search inside the member calculator, we record:

• Your name and email address (so we can link the search to your account)

• The brand and serial number you searched for

• The result returned (matched year, "not manufactured", out-of-range, etc.)

• The category (Grand or Upright) and language used

• Your IP address

• Your device type, browser and operating system (derived from the User-Agent string)

• The country your IP resolves to (via GeoIP lookup)

• The page type (member or demo)

• The timestamp of the search
   

Purpose: to provide the Service, to operate internal usage analytics, to detect and prevent misuse of subscriptions (in particular unauthorised account sharing), and to improve the database and Service.

Legal basis:

• Performance of a contract (Article 6(1)(b) GDPR) — for delivering the Service

• Our legitimate interests (Article 6(1)(f) GDPR) — for security, fraud prevention and protection against subscription abuse, balanced against your interests and rights. You may object to processing based on legitimate interests at any time (see Section 9).
   

3.4 What we do NOT collect
 

• We do not record personal data from the public Try-it page

• We do not store your payment card details on our servers

• We do not sell or rent personal data to third parties

• We do not use your data for third-party advertising

• We do not perform automated decision-making with legal effects on you within the meaning of Article 22 GDPR
   

4. Anti-Abuse Monitoring
 

To protect paying members from subscription abuse, we operate an automated monitoring system that analyses search activity per account. This is described in our Terms and Conditions (Section 5).

The monitoring uses the same data described in Section 3.3 (no additional categories are collected for this purpose). When the system detects a usage pattern that may indicate unauthorised account sharing, it generates an internal alert to us. We then review the alert manually and decide on an appropriate action, which may range from no action, to a warning email to the account holder, to a request for password change, to suspension of the account in serious cases.
 

Legal basis: legitimate interests (Article 6(1)(f) GDPR) in protecting the integrity of paid subscriptions and preventing fraud. We have carried out a balancing test and consider this monitoring proportionate, because (a) the data is already lawfully collected to deliver the Service, (b) the analysis is limited to detecting clear abuse patterns, (c) no automated punitive action is taken — a human reviews each alert, and (d) the alternative (no protection at all) would harm both us and our paying members.
 

5. Service Providers (Data Processors)
 

We use a small number of carefully selected service providers to operate the Service. They process personal data on our behalf, under contract, and only for the purposes we specify.
 

ProviderPurposeLocation

Wix.com Ltd.Website hosting, account management, member loginIsrael / EU / USA (Wix is a global service)

Hetzner Online GmbHBackend server hosting (opus.piano.hu — calculator API and analytics database)Germany

PayPal (Europe) S.à r.l. et Cie, S.C.A.Payment processingLuxembourg / EU

Stripe Payments Europe Ltd.Payment processingIreland / EU

ip-api.comGeoIP country lookup from IP addressEU / global

Google LLC (Google Analytics)Aggregate usage statisticsEU / USA
 

Data transfers outside the EEA: Where a provider processes data outside the European Economic Area (EEA), the transfer is protected by appropriate safeguards under Articles 44–49 GDPR, primarily the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions.
 

6. How Long We Keep Your Data (Retention)
 

We do not keep personal data longer than necessary.

Data categoryRetention period

Account data (name, email, subscription status)For the lifetime of your account, plus up to 30 days after account deletion (for backup safety)

Invoices and billing records8 years from the end of the calendar year of the invoice (Hungarian Act C of 2000 on Accounting)

Search logs (analytics records described in Section 3.3)90 days, after which records are automatically deleted

Alert logs (anti-abuse monitoring)90 days

Server logs (web server access logs)Up to 30 days

If you delete your account, we erase your personal data within 30 days, except for billing records that we are legally required to keep, and except where we need to retain specific data to defend legal claims.
 

7. Cookies
 

We use a small number of cookies on pianoagecalculator.com. The exact list depends on which Wix features are active, but the main categories are:

Strictly necessary cookies — required for login, session management and the cookie consent banner itself. These do not require your consent under EU ePrivacy rules.

Analytics cookies (Google Analytics) — used to produce aggregate, non-identifying statistics about how visitors use the site (page views, country, device type). These are only set if you accept analytics cookies in the consent banner.

You can change your cookie choices at any time by clicking the cookie settings link in the consent banner, or by clearing cookies in your browser. Refusing analytics cookies does not affect your ability to use the Service.
 

8. Security
 

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. Measures include:

• HTTPS/TLS encryption for all data in transit

• Hashed password storage (handled by Wix)

• Restricted access to backend servers and the analytics database

• Database credentials kept outside the public web root

• Regular software updates on our hosting infrastructure
   

No system is 100% secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) within 72 hours where required, and we will inform affected users without undue delay where the breach is likely to result in a high risk.
 

9. Your Rights Under the GDPR
 

If you are in the EEA, you have the following rights regarding your personal data:

• Right of access — to obtain a copy of the personal data we hold about you

• Right to rectification — to have inaccurate or incomplete data corrected

• Right to erasure ("right to be forgotten") — to ask us to delete your data, subject to legal retention obligations

• Right to restrict processing — to ask us to limit how we use your data in certain cases

• Right to data portability — to receive your data in a structured, commonly used and machine-readable format

• Right to object — to object to processing based on our legitimate interests, including the anti-abuse monitoring described in Section 4

• Right to withdraw consent — where we rely on your consent (such as for analytics cookies), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal
   

To exercise any of these rights, email us at info@onlinepianoatlas.com. We will respond within one month (extendable by up to two further months for complex requests, in accordance with Article 12(3) GDPR). We may ask you to verify your identity before acting on the request.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority. The competent authority in Hungary is:

National Authority for Data Protection and Freedom of Information (NAIH) Address: 1055 Budapest, Falk Miksa utca 9–11, Hungary Web: naih.hu Email: ugyfelszolgalat@naih.hu
 

10. Children
 

The Service is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
 

11. Changes to this Policy
 

We may update this Privacy Policy from time to time. The "Last updated" date at the top shows when the latest version took effect. For material changes that affect how we process your personal data, we will notify registered users by email or through the Service before the change takes effect.
 

12. Contact
 

If you have any questions, requests or concerns regarding your personal data or this Policy, please contact us:

Online Piano Atlas Kft. 1172 Budapest, Besenyszög utca 45, Hungary Email: info@onlinepianoatlas.com