← Back to home

Privacy Policy

Last updated: March 2026

The short version

We collect only what we need to run the service. We never sell your data. You can delete your account at any time. That's really it.

What we collect

  • Your Spotify email address — to send you the monthly playlist recap (only if you turn that on).
  • Your Spotify user ID — to create playlists in your library.
  • A Spotify refresh token — stored encrypted, used only to refresh your access token each month so we can create your playlist. We never read your listening history beyond fetching top tracks for the playlist itself.
  • Your preferences — playlist size and whether you want emails. Stored in our database.

What we do NOT collect

  • Passwords (we use Spotify OAuth — we never see your password)
  • Payment information
  • Location data
  • Browsing history outside this app
  • Any data beyond what's listed above

How we use your data

We use your data only to:

  • Create your monthly Spotify playlist
  • Send you a recap email (only if you've opted in — you can turn this off any time in your dashboard)
  • Remember your preferences (playlist size, email toggle)

We do not use your data for advertising, profiling, or any purpose beyond running this service.

Who sees your data

Your data is stored in Supabase (database) and processed by Resend (email delivery). Both are reputable services with strong privacy practices. We do not sell, rent, or trade your personal information to any third party.

Data retention

We keep your data as long as your account is active. If you cancel the service, your preferences and tokens are deactivated. To request full deletion of your data, email us and we'll remove everything within 30 days.

Your rights

  • Access: You can see everything we store about you in your dashboard.
  • Correction: Update your preferences any time in your dashboard.
  • Deletion: Cancel your service in the dashboard or contact us for full deletion.
  • Portability: Your playlists live in Spotify — they belong to you.

Cookies

We use a single session cookie to keep you logged in (managed by NextAuth.js). We do not use tracking or advertising cookies.

Changes to this policy

If we make significant changes, we'll update the “last updated” date at the top of this page. Continued use of the service after changes means you accept the updated policy.