Privacy Notice
Last updated: 11 June 2026
ICO Registration Reference: ZC164843
1. Who We Are
BeatID Online is operated by BEAT ID LTD, a company incorporated in England and Wales (Companies House number 17175762).
Registered address: Office 18878, 182-184 High Street North, London, England, E6 2JA
BEAT ID LTD is the data controller for all personal data processed through the BeatID Online platform.
For all data protection and privacy enquiries, contact us at privacy@beatid.me.
We are registered with the UK Information Commissioner’s Office (ICO) under registration reference ZC164843.
2. About This Notice
This Privacy Notice explains what personal data we collect when you use BeatID Online, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
It applies to:
- Hosts who create and control game rooms
- Players who join game rooms to compete in music trivia
- All visitors to BeatID Online
3. What Personal Data We Collect and Why
3.1 All Users (Hosts and Players)
| Data | Source | Purpose | Lawful Basis |
|---|---|---|---|
| Firebase Anonymous UID (pseudonymous identifier) | Generated automatically by Firebase Authentication on page load | Identifying your session to enable real-time multiplayer gameplay and associating your actions (guesses, scores) with your player session | Legitimate interests (UK GDPR Art. 6(1)(f)) — necessary to operate the multiplayer game |
| Player nickname (free text, max 24 characters) | Provided by you when joining a game room | Displaying your name on the in-game leaderboard and to other players in your game room | Legitimate interests (UK GDPR Art. 6(1)(f)) — enabling identification during gameplay |
| Gameplay data (song guesses, response times, scores, round results) | Generated during gameplay | Scoring, leaderboard ranking, and determining round results in real time | Legitimate interests (UK GDPR Art. 6(1)(f)) — core game functionality |
3.2 Hosts
| Data | Source | Purpose | Lawful Basis |
|---|---|---|---|
| Host UID (Firebase anonymous identifier) | Generated by Firebase Authentication | Identifying you as the room host so only you can control the game (start rounds, play previews, end game) | Legitimate interests (UK GDPR Art. 6(1)(f)) — game host authorisation |
| Music search queries | Entered by you when selecting playlists, albums, or artists | Passed in real time to the Apple Music API to retrieve search results. We do not store your search queries. | Legitimate interests (UK GDPR Art. 6(1)(f)) — enabling music selection |
3.3 Score Claiming (iOS App Migration)
| Data | Purpose | Lawful Basis |
|---|---|---|
| Nickname and final score | Temporarily stored to enable you to “claim” your score in the BeatID iOS app via a deep link. This data is written to a temp_migrations collection and automatically deleted after 7 days. | Legitimate interests (UK GDPR Art. 6(1)(f)) — enabling cross-platform score portability at your request |
3.4 Local Storage on Your Device
We store the following items in your browser’s local storage (similar technology to cookies):
| Item | Purpose | Classification |
|---|---|---|
beatid-player-nickname | Remembering your chosen nickname so you do not have to re-enter it each time you join a game | Functional preference (requires consent) |
beatid-player-id / beatid-host-id | Maintaining your anonymous Firebase session across page reloads | Strictly necessary for authentication functionality (exempt from consent under PECR) |
| Firebase Auth tokens (IndexedDB) | Firebase Authentication session tokens for anonymous sign-in | Strictly necessary (exempt from consent under PECR) |
For more detail on our use of local storage and third-party scripts, see our Cookie Policy.
3.5 Data We Do Not Collect
We want to be clear about what we do not collect:
- We do not collect or store your name, email address, or phone number.
- We do not collect or store your IP address for analytics or tracking.
- We do not use advertising trackers, third-party analytics, or tracking pixels.
- We do not collect payment or financial data (the service is free).
- We do not collect location data, device identifiers, or biometric data.
4. Sharing Your Personal Data
We do not sell your personal data. We share it only in the following circumstances:
4.1 With Other Players
Your chosen nickname and score are displayed to other players in the same game room during and after gameplay. This is an inherent part of the multiplayer experience.
4.2 With Third-Party Service Providers (Data Processors)
We use the following third-party services to operate BeatID Online. Each processes your data on our instructions:
| Service Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Google Firebase (Authentication, Firestore, App Hosting) | Anonymous authentication, real-time game database, and application hosting | Anonymous UIDs, nicknames, gameplay data, room state | United States |
| Apple Inc. (Apple Music API / MusicKit JS) | Music catalogue search and 30-second song preview playback | Search queries (not stored), IP address (via browser network requests to Apple CDN) | United States |
4.3 International Data Transfers
Both Google Firebase and Apple are based in the United States. The US is not subject to a UK adequacy decision for general data transfers. We rely on the following safeguards to protect your data:
- Google LLC: Certified under the EU-US Data Privacy Framework with the UK Extension (UK-US Data Bridge), adopted 12 October 2023. Google’s Data Processing Agreement with UK Addendum also applies.
- Apple Inc.: Participant in the EU-US Data Privacy Framework. Apple’s processing of search queries and CDN requests is governed by their developer terms and privacy policy.
4.4 Legal Obligations
We may disclose your data if required to do so by law, court order, or to protect our legal rights.
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Game room data (room state, player subcollections) | 30 days after the game ends, then automatically deleted |
Score claim / migration data (temp_migrations) | 7 days after creation, then automatically deleted |
| Leaderboard entries | 90 days, then automatically deleted |
Local storage (beatid-player-nickname) | Until you clear your browser data, or until you withdraw consent via the cookie/storage settings |
| Firebase Auth anonymous session | Managed by Firebase — anonymous accounts are automatically cleaned up after extended inactivity |
6. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
| Right | What It Means |
|---|---|
| Right of Access | Request a copy of the personal data we hold about you |
| Right to Rectification | Ask us to correct inaccurate or incomplete data |
| Right to Erasure | Ask us to delete your data (“right to be forgotten”) |
| Right to Restriction | Ask us to pause processing of your data in certain circumstances |
| Right to Data Portability | Receive your data in a structured, machine-readable format |
| Right to Object | Object to processing based on legitimate interests |
Because BeatID Online uses anonymous authentication (no email, no account), exercising these rights may require you to provide your Firebase UID so we can identify your data. Your UID is stored in your browser’s local storage under beatid-player-id or beatid-host-id.
To exercise any of these rights, contact us at privacy@beatid.me. We will respond within one calendar month.
7. Right to Complain
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
- Website: ico.org.uk/make-a-complaint
- Telephone: 0303 123 1113
We would welcome the opportunity to resolve any concern directly — please contact privacy@beatid.me first.
8. Children
BeatID Online is a music trivia game that may be accessed by users of all ages. We are committed to protecting the privacy of children. We collect only the minimum data necessary for gameplay (anonymous UID, nickname, and game scores) and do not require or encourage children to provide additional personal information.
We do not knowingly collect email addresses, real names, or other directly identifying personal data from any users, including children under 13. If you are a parent or guardian and believe your child’s data should be deleted, please contact privacy@beatid.me.
9. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Firebase Authentication for anonymous sign-in — we do not store passwords or personal credentials
- Firestore Security Rules restricting data access to authorised users (hosts can control their own rooms; players can only access their own data within a room)
- HTTPS encryption for all data in transit
- Automated data deletion (TTL) to minimise data retained
10. Changes to This Notice
We may update this Privacy Notice from time to time. The “Last updated” date at the top of this page shows when the notice was last revised. Continued use of BeatID Online after changes take effect constitutes acceptance of the updated notice.
11. Contact Us
BEAT ID LTD
Office 18878, 182-184 High Street North
London, England, E6 2JA
Email: privacy@beatid.me
ICO Registration: ZC164843
Companies House: 17175762