Audio Hero Privacy Policy
Effective Date: June 2026
Audio Hero respects your privacy. The application has no telemetry, no advertising, and no tracking. There is no Audio Hero user account or Audio Hero server. Core playback and device control happen entirely on your local network. A small number of optional features (listed below) make requests to public services on the internet, and only when you turn them on or use them. The Pro cloud-sync feature uses your own Microsoft account and stores its single sync file inside your own OneDrive - Audio Hero has no servers, no database, and never sees that file.
1. Data Collection
Audio Hero does not collect any personal information.
The application:
- Does not require an Audio Hero account. There is no Audio Hero account system and no Audio Hero server. The optional cloud-sync feature uses your own Microsoft account and your own OneDrive (see Section 2.3).
- Does not collect names, email addresses, device identifiers, or any other personally identifying information.
- Does not track usage, behavior, sessions, crashes, or analytics of any kind.
- Does not use cookies, fingerprinting, or similar tracking technologies of its own. (The optional PC-streamed web players described in Section 2.4 open third-party music sites in a built-in browser window; those sites keep their own sign-in cookies on your PC, exactly as they would in any web browser.)
- Does not transmit your listening history, ratings, or playlists to any Audio Hero server (there is no Audio Hero server).
2. Network Communication
2.1 Local network only (always)
The following traffic stays entirely inside your home network:
- HEOS device discovery: SSDP multicast on
239.255.255.250:1900. - HEOS device control: JSON commands over a TCP socket on port
1255to the IP address of your HEOS-compatible speaker, receiver, or amplifier. - Legacy Denon receivers: HTTP control on port
8080or80, and optionally telnet on port23, to the IP address of the receiver. - Local file streaming (Pro): a temporary HTTP server is launched on a random local port and bound to your LAN IP. It serves only the audio file you have chosen, and only to the LAN IP of the HEOS device that is going to play it. It is not exposed to the internet.
2.2 Optional internet requests
The following requests are sent to the public internet only when you use or enable the related feature. They are anonymous: no account, no identifier, and no payload other than what the request needs (a search query you typed, the metadata of the song currently playing, or the request for an audio stream you selected).
| Service | Purpose | When it is contacted |
|---|---|---|
| Microsoft Store | Pro upgrade purchase, license check, and app update checks | On startup and when you check for updates or purchase Pro |
Microsoft Identity Platform (login.microsoftonline.com) |
Sign-in for the optional Pro cloud-sync feature | Only if you click "Sign in with Microsoft" in Settings (Pro) |
Microsoft Graph (graph.microsoft.com) |
Reading and writing the single audiohero-sync.json file inside the private Audio Hero folder of your own OneDrive |
Only while you are signed in for cloud sync (Pro) |
| radio-browser.info | Internet radio catalog search | When you use the internet radio browser |
| somafm.com | SomaFM channel list | When you open the SomaFM section of the radio catalog |
| Internet radio stream hosts | The actual audio stream you selected (e.g. Radio Paradise, KEXP, BBC, NPR, etc.) | While that station is playing |
| TheAudioDB | Artist and track metadata for the Track Info panel | Pro: while a track is playing, if Track Info is enabled |
| Deezer (public API) | Artist and track metadata for the Track Info panel | Pro: while a track is playing, if Track Info is enabled |
| Wikipedia | Artist biographies for the Track Info panel | Pro: while a track is playing, if Track Info is enabled |
| MusicBrainz | Music metadata cross-references for the Track Info panel | Pro: while a track is playing, if Track Info is enabled |
MusicBrainz and Wikipedia require a User-Agent header that identifies the calling application. Audio Hero sends the literal string AudioHero/<version> (https://bommerts.com/audiohero) for this purpose. No other identifying information is sent.
You can avoid all optional internet traffic by not using the Internet Radio feature, by turning off the Track Info panel in Settings, and by not signing in to cloud sync. The Microsoft Store update and license checks are handled by Windows itself and run only on app startup.
2.3 Optional Pro cloud sync (Microsoft account + OneDrive)
Pro users can optionally sign in with a personal Microsoft account so their Audio Hero settings, votes, starred favorites, saved streams, and music-source order stay in sync between PCs. This feature is off by default. When you sign in:
- Sign-in is handled by the Microsoft Authentication Library (MSAL). Your password is entered into the Microsoft sign-in page (or the Windows account broker in the Microsoft Store build) and never passes through Audio Hero.
- Audio Hero asks for the smallest possible OneDrive permission:
Files.ReadWrite.AppFolder. This grants access only to a private folder named after the app inside your OneDrive. Audio Hero cannot read, write, or list any of your other OneDrive files. - Audio Hero also requests
User.Readso it can display the email address of the signed-in account in Settings, andoffline_accessso you do not have to re-enter your password on every launch. - Inside the app folder, Audio Hero maintains a single JSON file named
audiohero-sync.jsoncontaining your settings, votes, starred favorites, saved streams, and music-source order. The same data already stored in%LOCALAPPDATA%\Audio Hero\settings.json. - The sync file is uploaded to and downloaded from Microsoft Graph (
graph.microsoft.com) over HTTPS. There is no Audio Hero server in between. Audio Hero has no servers, no database, and no way to read the file. - You can sign out at any time from Settings. Signing out clears the cached MSAL tokens on your PC. To delete the sync file itself, remove the Apps -> Audio Hero folder from onedrive.live.com.
2.4 Optional PC-streamed web players (YouTube Music, Apple Music, HEOS + PC)
Audio Hero can play certain web music services on your HEOS device by opening the service's own website in a built-in browser window on your PC, capturing the audio locally, and streaming it to your device over your local network. This covers the YouTube Music and Apple Music sources and the HEOS + PC source (which can also play Amazon Music, Pandora, Tidal, Deezer, SiriusXM, Spotify, iHeartRadio, and TuneIn). These features run only when you open one of those sources.
- The built-in browser connects directly to the chosen service (for example
music.youtube.comormusic.apple.com), the same way your normal web browser would. Audio Hero does not proxy or store this traffic, and there is no Audio Hero server in between. - You sign in with your own account for that service, inside the service's own web page. That sign-in is kept in a private browser profile stored on your PC so you do not have to sign in every time. Audio Hero never sees or stores your password for these services.
- The captured audio is streamed only to the LAN IP of your HEOS device, over the same kind of temporary local HTTP server described in Section 2.1. It is not exposed to the internet.
- Each service has its own privacy policy and terms that govern your use of its site.
3. Data Storage
Audio Hero stores everything it remembers in a single JSON file at %LOCALAPPDATA%\Audio Hero\settings.json on your own PC. By default nothing in this file is transmitted off your device. If you opt in to the Pro cloud-sync feature (Section 2.3), a copy of most of these fields is mirrored to a private folder inside your own OneDrive.
What is stored:
- The IP addresses and friendly names of discovered or saved HEOS and legacy devices.
- UI preferences such as window size, view mode (full, compact, ultra-compact, tray), and theme options.
- Your thumbs-up and thumbs-down votes on tracks, used to drive the optional skip-on-thumbs-down behavior.
- Starred favorites and your custom music-source order.
- Saved internet radio stations and custom streams you have added.
- Sleep timer preferences and other feature toggles.
If you choose to sign in to HEOS music services from within Audio Hero, your HEOS account password is encrypted at rest using Windows Data Protection API (DPAPI) in CurrentUser scope. This means only the same Windows user account on the same PC can decrypt it. Plaintext passwords from older versions of Audio Hero are automatically migrated to the encrypted form on first run after upgrade. HEOS service passwords are never uploaded to OneDrive even when cloud sync is enabled.
You can delete the entire %LOCALAPPDATA%\Audio Hero folder at any time to reset the application to a clean state.
4. Third-Party Services
Audio Hero does not use analytics platforms, advertising networks, or user tracking of any kind. There is no Audio Hero server collecting your activity.
The third-party services listed in Section 2.2 (and the PC-streamed web players in Section 2.4) are contacted directly from your PC, only when you use the feature they power. Each of those services has its own privacy policy that governs what they do with the requests they receive:
- Microsoft Privacy Statement (covers the Microsoft Store)
- radio-browser.info
- SomaFM
- TheAudioDB
- Deezer (public API)
- Wikimedia Foundation (Wikipedia)
- MetaBrainz Foundation (MusicBrainz)
Internet radio stream URLs come from radio-browser.info or are added by you. The radio station you choose will see the connection from your PC, the same way it would if you opened the stream in any browser or media player.
5. Security
- All third-party service calls listed in Section 2.2 use HTTPS.
- HEOS account credentials are encrypted at rest with Windows DPAPI (CurrentUser scope).
- Microsoft sign-in tokens for the optional cloud-sync feature are stored by MSAL using the standard Windows token cache (DPAPI in CurrentUser scope, or the Windows Account Manager broker in the Microsoft Store build). They never leave your PC.
- The local HTTP file server is bound to your LAN IP and is reachable only by devices on the same network. It is shut down as soon as local file playback ends.
- The Pro upgrade is processed entirely by the Microsoft Store. Audio Hero never sees your payment information.
- Audio Hero has no remote management surface and accepts no inbound connections other than the local HTTP file server described above.
6. Children's Privacy
Audio Hero does not knowingly collect any information from children or users of any age. The application has no accounts, no profiles, and no submission forms.
7. Changes to This Policy
This privacy policy may be updated in future versions of the app or as the set of optional internet features changes. Any changes will be reflected with an updated effective date at the top of this page.
8. Contact
If you have questions about this privacy policy, you may contact: