Privacy Policy
Summary: This is a private, self-hosted music statistics application. Your data stays on this server and is only shared with Spotify as required to provide the service. We do not sell or share your data with third parties.
1. What data do we collect?
To provide the music statistics service, we collect and store:
- Account data: Username, email address (optional), and a securely hashed password
- Spotify connection: Your Spotify account URI and OAuth tokens to sync your listening history
- Listening history: Track names, artist names, album names, play timestamps, and listening duration
- Historical imports: If you upload your Spotify GDPR export, we store that listening history as well
- Technical data: Session cookies, basic security logs, and rate limiting data
2. Why do we process your data?
We process your data for the following purposes:
- To provide login and account management functionality
- To fetch and display your Spotify listening statistics
- To import and analyze your historical listening data
- To send verification and password reset emails (if email is provided)
- For security purposes (rate limiting, session management)
3. Data sharing
Your data is shared with:
- Spotify: We communicate with Spotify's API to fetch your listening history. Spotify's privacy policy applies to data they process.
- Email provider: If you provide an email address, verification and password reset emails are sent through our configured email service.
We do not sell your data or share it with advertisers.
4. Where is your data stored?
All data is stored on this server. The listening history database, account information, and cached data are stored locally. Backups may be made for data safety purposes.
5. Cookies
We use session cookies to:
- Keep you logged in
- Remember your language preference
- Protect against cross-site request forgery (CSRF)
These cookies are essential for the service to function and are not used for tracking or advertising.
6. Data retention
- Account data: Retained until you delete your account
- Listening history: Retained indefinitely to provide historical statistics
- Email verification links: Expire after 24 hours
- Password reset links: Expire after 1 hour
- Session data: Expires when you log out or after inactivity
7. Your rights
You have the right to:
- Access: View all the listening data we have stored about you
- Deletion: Request deletion of your account and all associated data
- Revoke access: Disconnect your Spotify account at any time from your account settings, or from Spotify's app permissions page
- Data export: Request a copy of your data
8. How to delete your data
To delete your account and all associated data:
- Contact the administrator of this instance
- Or, if available, use the account deletion feature in your account settings
Upon deletion, all your listening history, account information, and Spotify tokens will be permanently removed.
9. Contact
For questions about this privacy policy or to exercise your data rights, please contact the administrator of this instance.
This is a private instance.
If you have questions about your data, please contact the server administrator.
10. Changes to this policy
This privacy policy may be updated from time to time. Continued use of the service after changes constitutes acceptance of the updated policy.
Last updated: February 2026