Can I use the music commercially?

Yes! All tracks created with Tunio can be used in commercial projects without additional licensing.

How does the AI host work?

AI hosts add variety to the stream, announcing shows, news and more with natural-sounding voices.

Can I integrate with my stream?

Absolutely! Tunio easily integrates with OBS, Twitch, YouTube and other popular platforms via API.

Personal Data Processing Policy - Tunio

Name: Tunio AI Radio Platform
Rating: 4.8 (150 reviews)
Author: Tunio

I. Introduction

PERSONAL DATA PROCESSING POLICY / PRIVACY NOTICE

By accessing the Tunio platform (the "Company", "we"), or by entering into a contract with us, you acknowledge that your personal data will be processed in line with this Personal Data Processing Policy (the "Policy").

IMPORTANT: Tunio is provided exclusively to business customers and professionals who are at least eighteen (18) years old. By using the platform you confirm that you meet this requirement.

We are committed to protecting the confidentiality and integrity of any personal data entrusted to us, including information about the services you use, their configuration, location, purpose, and technical parameters.

This Policy describes how we protect personal data, the purposes and legal grounds for processing, and the safeguards we apply when interacting with partners, processors, and supervisory authorities. It applies to every website, application, product, or service related to the Tunio platform.

The Policy was drafted in accordance with Regulation (EU) 2016/679 ("GDPR"), the ePrivacy Directive, and applicable national laws of the European Union and the European Economic Area.

We may revise this Policy from time to time. Please review the latest version published at https://tunio.ai to stay informed about updates.

By continuing to use our services you agree to this Policy.

II. Legal Grounds and Definitions

2.1. Legal grounds for processing personal data

We process your personal data on the basis of the following legal instruments:

Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR");
Directive 2002/58/EC (ePrivacy Directive) and its national implementations;
Applicable legislation of EU/EEA Member States;
Contracts concluded with you or with your organisation;
This Policy and related internal procedures;
Your consent, where required for specific processing activities.

2.2. Key terms

Personal data - any information relating to an identified or identifiable natural person ("data subject").

Processing - any operation performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, restriction, erasure, or destruction.

Data subject - an individual whose personal data is processed by the Company.

Controller - the natural or legal person that determines the purposes and means of the processing of personal data; for Tunio this is Tunio.

Processor - a natural or legal person that processes personal data on behalf of the controller.

Third party - any person other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Restriction of processing - the marking of stored personal data with the aim of limiting their processing in the future.

Confidential information - information that must be protected from unauthorised disclosure under law or contract.

III. Processing Principles

We adhere to the GDPR principles of personal data processing:

Lawfulness, fairness, and transparency;
Purpose limitation - data are collected for specified, explicit, and legitimate purposes only;
Data minimisation - we limit processing to what is necessary;
Accuracy - we keep data accurate and, where necessary, up to date;
Storage limitation - we retain data no longer than required for the stated purposes;
Integrity and confidentiality - we use appropriate technical and organisational safeguards;
Accountability - we document compliance and demonstrate it to supervisory authorities when requested.

IV. Purposes of Processing

We process personal data to:

Create, manage, and authenticate user accounts and administrator profiles;
Deliver, personalise, and improve AI-generated radio streams and related features;
Provide customer support, incident response, and service communications;
Invoice clients, accept payments, and maintain financial records;
Meet legal obligations, including anti-fraud, tax, and accounting requirements;
Conduct analytics, security monitoring, and service optimisation;
Send product news, marketing communications, and event invitations where consent or legitimate interest permits.

V. Categories of Personal Data and Collection Methods

5.1. Core data

Identification details (name, surname, role, company, business contact details);
Professional background and industry information provided during onboarding;
Account credentials, identifiers, and authentication tokens;
Service configuration data and usage preferences;
Communication history with our team (email, chat, tickets, call notes).

5.2. Transactional and financial data

Billing addresses, tax numbers, and contract references;
Payment details processed through PCI-DSS compliant partners;
Records of invoices, payments, refunds, and chargebacks.

5.3. Technical and telemetry data

Device identifiers, browser type, operating system, and session metadata;
IP address, approximate geolocation, and connection diagnostics;
Log files, API calls, crash reports, and performance metrics;
Cookie identifiers or similar technologies, in accordance with section XIII.

5.4. Special categories

We do not intentionally collect special categories of personal data within the meaning of GDPR Article 9. If such information is provided inadvertently, it will be erased or anonymised unless processing is legally required.

5.5. Sources of data

Information you or authorised colleagues submit through web forms, contracts, or support channels;
Automated collection from the Tunio platform and integrated tools;
Data provided by partners (e.g., payment or hosting providers) acting on our instructions;
Publicly available business registries and sanction lists used for compliance checks.

VI. Retention Periods

We periodically review how long personal data are kept and align retention schedules with EU and Member State legislation.

Account and contract data: retained for the duration of the contract plus the applicable statutory limitation period (typically 6 years in many EU jurisdictions).
Financial and tax documentation: stored for up to 10 years or the period required by national accounting rules.
Support correspondence and incident records: stored for up to 3 years after closure, unless a longer period is required for legal defence.
Security and telemetry logs: stored for up to 18 months unless needed longer to investigate or prevent security incidents.
Marketing preferences: kept until you withdraw consent or object to processing.

When data are no longer required, they are securely deleted, anonymised, or aggregated unless further storage is mandated by law.

VII. Access to Your Data and Disclosures

7.1. Internal access

Access to personal data inside the Company is provided only to authorised employees and contractors who:

Have signed confidentiality and data protection agreements;
Have completed mandatory privacy and security training;
Require the data to perform their professional duties;
Use company-managed devices and authentication controls.

7.2. External disclosures

We may share personal data with the following categories of recipients strictly for the purposes described in section IV:

Cloud infrastructure and hosting providers within the EU/EEA or covered by adequacy decisions;
Payment processors, banks, and financial institutions;
Professional advisers such as auditors, legal counsel, and accountants;
Marketing, analytics, and customer engagement platforms;
Logistics or field service partners assisting with on-site deployments;
Supervisory authorities, law enforcement, or courts where legally required;
Successors in case of corporate restructuring, merger, or acquisition, subject to safeguards.

7.3. Disclosure conditions

Any disclosure is carried out under data processing agreements or other legal instruments that ensure adequate safeguards, data minimisation, and audit rights.

VIII. International Data Transfers

When personal data leave the EU/EEA, we rely on one or more of the following safeguards:

Adequacy decisions issued by the European Commission;
Standard Contractual Clauses adopted by the Commission, supplemented with transfer impact assessments;
Binding corporate rules or approved codes of conduct;
Explicit consent from the data subject for specific transfers when no other safeguard is available;
Derogations set out in GDPR Article 49 for occasional and necessary transfers.

We monitor legal developments, document transfer assessments, and update contractual safeguards when required.

IX. Consent Management

We request consent when required by law (for example, for certain marketing activities or optional cookies).

You may withdraw consent at any time by updating your account preferences or contacting us. Withdrawal does not affect processing carried out before the withdrawal and may limit access to certain features.

Where consent is not the applicable legal basis, we rely on legitimate interest or contractual necessity and document the balancing test where required.

X. Data Subject Rights

You may exercise the following rights under the GDPR:

Access - obtain confirmation whether we process your data and receive a copy;
Rectification - correct inaccurate or incomplete data;
Erasure - request deletion where processing is no longer necessary or lawful;
Restriction - request limited processing while accuracy or legality is assessed;
Portability - receive data you provided in a structured, machine-readable format and transmit it to another controller;
Objection - object to processing based on legitimate interests, including profiling or direct marketing;
Withdraw consent - revoke consent at any time where processing relies on consent;
Lodge a complaint - contact your local supervisory authority (see section XV).

We respond to verified requests without undue delay and within one month, extendable by two additional months for complex cases. We may ask for identification documents to ensure security.

XI. Responsibilities of the Company

Tunio undertakes to:

Process personal data strictly in line with the GDPR, national laws, and this Policy;
Implement appropriate technical and organisational measures to protect data;
Maintain records of processing activities and conduct Data Protection Impact Assessments where required;
Promptly investigate and remediate any non-compliance;
Cooperate with supervisory authorities and data subjects;
Appoint a data protection contact point and ensure privacy governance;
Train staff members who handle personal data;
Maintain business continuity and incident response procedures.

XII. Security Measures

We apply layered security controls appropriate to the risks associated with our services. These measures include:

Encryption in transit (TLS 1.2+) and at rest for critical datasets;
Network segmentation, firewalls, and intrusion detection systems;
Centralised logging, monitoring, and automated alerting;
Vulnerability management, penetration testing, and secure development lifecycle practices;
Role-based access control, multi-factor authentication, and periodic access reviews;
Backup, disaster recovery, and high-availability configurations;
Vendor due diligence and contractual security obligations.

We regularly review and improve our security posture in line with recognised standards such as ISO/IEC 27001 and NIST guidance.

XIII. Cookies and Similar Technologies

We use cookies and comparable identifiers to operate the platform, measure performance, and personalise content.

Cookies may be categorised as strictly necessary, functional, analytics, or marketing. Some cookies are first-party; others are provided by trusted partners (e.g., analytics or advertising networks).

Where consent is required, we display a cookie banner or preference centre allowing you to manage choices. You can also configure your browser to block cookies, although some features may not function properly.

XIV. Communication with Supervisory Authorities

We notify competent supervisory authorities of personal data breaches without undue delay and, where feasible, within 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to data subjects.

Our notifications contain information required by GDPR Article 33, including the nature of the breach, likely consequences, and measures taken or proposed.

We cooperate with supervisory authorities on investigations, audits, and consultations, and keep them informed of significant changes to our processing activities when required.

XV. Oversight and Complaints

The lead supervisory authority for Tunio within the EU/EEA is determined based on the location of our establishment and the affected data subjects.

Data subjects may contact their local supervisory authority to lodge a complaint. Contact details for EU data protection authorities are available at https://edpb.europa.eu.

XVI. Liability and Remedies

If you suffer material or non-material damage due to a breach of the GDPR, you are entitled to seek compensation from the Company in accordance with Article 82 GDPR and national laws.

We may also be subject to administrative fines or other corrective measures imposed by supervisory authorities. We maintain internal procedures to handle claims and cooperate with competent bodies.

XVII. Final Provisions

This Policy is governed by EU law and, where applicable, the national law of the Member State in which the relevant processing takes place.

We may modify the Policy to reflect regulatory changes or business needs. The date of the latest revision is indicated below. Continued use of the Tunio platform after changes take effect constitutes acceptance of the updated Policy.

Date of approval: 27 October 2025

Date of last revision: 27 October 2025