Privacy Policy

Last updated: April 9, 2026

1. Who we are

Tonfolk (“we”, “us”, “our”) operates the website tonfolk.com. This policy explains how we collect, use, and protect your personal data when you use our website and services.

Responsible party (Verantwortlicher) according to the GDPR: Maximilian Weber, Krohnskamp 48, 22301 Hamburg, Germany. Email: privacy@tonfolk.com

2. Legal basis for processing (GDPR Art. 6)

We process personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a)) - when you sign up for an account or opt in to communications.
  • Contract performance (Art. 6(1)(b)) - to provide our service (account management, voice recommendations).
  • Legitimate interest (Art. 6(1)(f)) - for service improvement, security, and fraud prevention.

3. Data we collect

We collect the following data:

  • Account data - email address, display name, and avatar URL when you create an account (via email/password or Google sign-in).
  • User-generated content - voice ratings, book suggestions, and voice suggestions you submit.
  • Usage data - affiliate link clicks (anonymized), pages visited. We do not use third-party analytics or tracking tools.
  • Technical data - IP address, browser type, and device information processed by our hosting provider for delivering the website.

We do not collect payment data, health data, biometric data, or precise location data.

4. How we use your data

  • To provide and maintain your account and our services.
  • To display your ratings and suggestions on the platform.
  • To measure affiliate link effectiveness (anonymized).
  • To respond to support requests.

We never sell your personal data to third parties.

5. Third-party services and data transfers

We use the following third-party services that may process your data. Some of these providers are located in the United States. Data transfers to the US are conducted based on the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).

  • Supabase Inc. (San Francisco, USA) - database hosting and user authentication. Stores your account data, ratings, and suggestions. Supabase uses AWS infrastructure. Data processed: email, display name, hashed password, session tokens.
  • Vercel Inc.(San Francisco, USA) - website hosting and content delivery (CDN). Processes your IP address and request metadata to deliver web pages. Server-side functions (API routes) run on Vercel's edge network.
  • Google LLC(USA) - OAuth sign-in (if you choose “Sign in with Google”). When using Google sign-in, Google shares your name, email, and profile picture with us. We also load book cover images from the Google Books API (no personal data shared).
  • Google Analytics 4 (USA) - website usage analytics, only with your consent. Sets cookies to collect anonymized data (pages visited, session duration, device type). IP anonymization is enabled. Google Privacy Policy.
  • ElevenLabs / Fish Audio - voice preview platforms. We link to their websites via affiliate links. No personal data is shared with them unless you click an affiliate link and visit their site, at which point their own privacy policies apply.

6. Affiliate links

Tonfolk contains affiliate links to third-party services (ElevenLabs, Fish Audio). When you click these links, the destination site may set cookies to attribute the referral. We record that a click occurred (with your anonymized user ID, the book, and the voice) to measure effectiveness. We do not share your personal data with affiliate partners.

7. Cookies and analytics

We use essential cookies required for the website to function (session tokens for authentication). These are strictly necessary and do not require consent under GDPR.

With your consent, we also use Google Analytics 4 (GA4) to understand how visitors use our site. GA4 sets cookies (e.g., _ga, _ga_*) to collect anonymized usage data such as pages visited, time on site, and device type. IP addresses are anonymized. Google may process this data on servers in the United States.

You can manage your cookie preferences at any time via the “Cookies” link in the footer. If you decline analytics cookies, no tracking data will be collected and any existing analytics cookies will be removed. You can also block Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8. Data retention

  • Account data is retained for the lifetime of your account.
  • When you delete your account, your personal data is removed. Your ratings and suggestions are anonymized (author attribution removed) and retained for the benefit of the community.
  • Affiliate click data is retained indefinitely in anonymized form.
  • Server logs (IP addresses) are automatically deleted after 30 days by our hosting provider.

9. Your rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Rectification of inaccurate data (Art. 16).
  • Erasureof your data (“right to be forgotten”, Art. 17). You can delete your account at any time from the Account page.
  • Restriction of processing (Art. 18).
  • Data portability (Art. 20).
  • Object to processing based on legitimate interest (Art. 21).
  • Withdraw consent at any time (Art. 7(3)).
  • Lodge a complaint with a supervisory authority. The responsible authority for Hamburg is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI).

To exercise these rights, contact us at privacy@tonfolk.com.

10. Data security

We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), database-level access controls (Row Level Security), secure password hashing (bcrypt via Supabase Auth), and regular security updates. No system is 100% secure, but we take reasonable steps to protect your information.

11. Children's privacy

Our service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date. We will notify registered users of material changes via email.

13. Contact

For questions about this privacy policy, contact us at privacy@tonfolk.com.