Privacy Policy
Last updated: May 25, 2026 · Data Controller: NHM
This policy describes how the OnAir app (iOS, Web,
Windows) processes personal data. OnAir is a real-time audio
communication service for private rooms managed by their administrators.
Data Controller
NHM — info@nhm.it
Data we collect
- Display name and room code provided at login. Used to identify you in the room and in the participants history.
- Room password used ONLY for authenticating entry (never stored in clear server-side: the server compares against the room's hash).
- IP address you connect from. Used for (a) routing the WebRTC stream, (b) abuse detection, (c) nginx logs with 7-day retention.
- Audio from your microphone and other participants: real-time via WebRTC (mediasoup SFU). Audio is not recorded by the server unless the room admin explicitly enables a recording (you'll see a visual cue in the app).
- Chat messages, mentions, emoji reactions, attachments: stored in MariaDB for the room's lifetime + 30 days.
- Anonymous technical telemetry: bitrate, jitter, packet loss, peer counts. Aggregated, no person identifier.
- APNs device token (iOS app only, if notifications enabled): opaque identifier generated by Apple for your device, associated with the room you're in. Used solely to deliver chat push notifications. Removed when you leave the room or disable notifications.
Data we do NOT collect
- Precise geolocation (app does not request Location).
- Contacts, photos, calendar, email, biometrics.
- Ads, third-party analytics (no Google Analytics, no Facebook Pixel, etc.). The app does no user profiling.
Purpose and legal basis
- Service delivery (GDPR art. 6.1.b — contract performance): audio, chat, participants history.
- Security (GDPR art. 6.1.f — legitimate interest): nginx logs, rate limiting, abuse IP bans.
Third-party sharing
NHM does not sell your data. Data stays on NHM servers (hosted in the EU). Exceptions:
- Apple, solely for iOS app distribution via App Store and for push notification delivery (APNs).
The STUN and TURN servers used for WebRTC NAT traversal are self-hosted by NHM on the same infrastructure as the service: no third party receives connection metadata.
Retention
- Participant sessions: invalidated after 5 minutes of inactivity.
- Chat: room lifetime + 30 days.
- nginx logs: 7 days.
- Real-time audio: not retained (unless explicit recording).
Your rights (GDPR)
You have access, rectification, erasure, opposition, portability rights. Write to info@nhm.it. We respond within 30 days.
On iOS you can delete your local credentials (room code, name, Keychain password) at any time from the login screen → "Elimina dati" (Delete data).
Security
All communications run on TLS (HTTPS, WSS) and WebRTC DTLS-SRTP. Room passwords stored only as Argon2id hash. Daily encrypted database backups at rest.
Changes to this policy
For substantive changes we'll notify you on app open, or by email if you have an admin account. The date above is always the latest revision.
Complaints
You may file a complaint with the Italian Data Protection Authority if you believe the processing violates the GDPR.