Effective October 15, 2024

1. Introduction

Swish Music is committed to protecting your personal information and privacy. This Privacy Policy explains how we collect, use, and share information when you use our app, which integrates Spotify and YouTube Data APIs, and outlines your rights regarding the data we handle.

2. Data Collection

We collect information you provide directly to us, such as your email address. We also collect data from third-party services like Spotify and YouTube when you authorize access to these platforms through our app. This includes:

Spotify:

Display Name
Account Type (e.g., basic, premium, or free)
Spotify User ID (unique identifier for your Spotify Account)
Playlist Data (e.g., playlist names, content, and metadata)
Refresh Token (for maintaining access to your data)

Google (including YouTube):

First Name
Google Account ID (unique identifier for your Google Account)
YouTube Playlist Data (e.g., playlist names, content, and metadata)
Refresh Token (for maintaining access to your data)

3. Purpose of Data Collection

We use your data for the following purposes:

Personalizing your experience within the app (e.g., importing your desired playlists, using your name to generate a Swish Music username for account creation, customizing messages based on your account type).
Integrating secure registration and log-ins with authenticated data from Spotify and Google.

4. Data Storage and Security

All user data is stored in a secure, encrypted database managed by Amazon RDS (Relational Database Service). We use industry-standard security protocols to ensure the safety of your data, including encryption and access controls. We also take steps to minimize data retention and delete user information when it is no longer needed. While Amazon RDS provides the infrastructure for data storage, we are responsible for the management and security of your data within our system.

5. Data Sharing

We do not sell, rent, or otherwise share your personal data with third parties. We have not implemented any functionality in our app to transfer or disclose user data to external entities. Your data remains within our control and is used solely for the purposes outlined in this Privacy Policy.
If this changes in the future, we will update this policy to reflect any new data-sharing practices and ensure that all third parties we might engage are bound by contractual agreements to handle your data securely and in compliance with applicable laws.

6. User Rights

You have the right to:

Access, modify, or delete your personal information at any time.
Revoke permissions granted to Spotify and YouTube by unlinking your accounts within the app or through the respective platform’s settings.

7. Cookies and Tracking Technologies

We use cookies with JSON Web Tokens solely to manage sessions, track your activity, and handle authentication.
Third-party services integrated with our app (e.g., Spotify, YouTube, SoundCloud) may set cookies or similar tracking technologies on your device. These cookies are governed by the privacy policies of those third-party services.
You can manage your cookie preferences through your browser settings. For information on how to manage cookies, please consult the help section of your browser or visit aboutcookies.org.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. After this period, we will delete or anonymize the data unless otherwise required by law.

9. Third-Party Links and Services

Our app may include links to third-party websites or services. This Privacy Policy does not apply to those services, and we encourage you to review their privacy practices.

10. Compliance with Data Protection Laws

We comply with all applicable data protection laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), which grants you, including if you are from the EU, the right to control your personal data.

11. Handling Google Data

Data Use: We use data collected from Google (including YouTube) solely for providing or improving user-facing features within our app. By using our app, you acknowledge that your data is subject to the Google Privacy Policy. We do not use this data for advertising, retargeting, or any other monetization purposes.
Data Transfer Restrictions: We do not transfer Google data to ad networks, data brokers, or other monetization-related entities. Data may only be transferred under the following circumstances:

To provide or improve user-facing features with explicit user consent.
For security purposes, such as investigating abuse.
To comply with applicable laws.
As part of a merger, acquisition, or sale of assets with prior user consent.

Data Access: Human access to Google data is strictly limited to:

Instances where user consent has been obtained.
Security investigations or compliance with laws.
Internal operations where the data is aggregated and used in accordance with applicable legal requirements.

Prohibitions: We do not use Google data for:

Serving ads, including personalized or interest-based advertising.
Determining credit-worthiness or lending purposes.
Selling or transferring user data to third parties.

Compliance Assurance: We are committed to complying with Google’s Limited Use requirements. Our data handling practices adhere strictly to the terms specified, ensuring that Google user data is used only as outlined in this Privacy Policy and in accordance with all applicable laws.
Authorized Data Deletion and Account Unlinking: Users have several options to delete authorized Google data:

If you unlink your Google account on our settings page:

We will revoke all access to your Google Data and delete your Google Account ID and any associated tokens. Unique identifiers that can be traced back to the user (e.g. playlist IDs) will also be deleted.
Generic imported metadata, such as playlist names or song IDs, will be kept, but users also have the option to delete all data while unlinking. If you choose this option, all Google and YouTube-related data in your account will immediately be deleted.
We may retain your Google account’s first name only if it was used to generate your current username (i.e., you signed up with Google, added an email, but didn’t change your generated Swish Music username).

If you deletes your Swish Music account on our settings page:

We will immediately revoke all access to your Google Data and delete all authorized data. All Google and YouTube-related data in your account will also be deleted.

If you request the deletion of your data by contacting us directly, we commit to ensuring that the data is handled according to your preferences and in compliance with applicable laws.
You can also revoke our access to your Google data by visiting your account’s Google security settings page. This action will remove the app’s permissions and ensure that your data is no longer accessible to us.

12. Handling Spotify Data

Data Transfer Restrictions: We do not transfer Spotify data to ad networks, data brokers, or other monetization-related entities.
Third-Party Processors: We use third-party processors, such as Amazon Web Services (AWS) for data storage via RDS, to operate our app. Any transfer of Spotify data to these processors is done in compliance with our privacy policy and user permissions. We ensure these processors handle your data securely through contractual agreements, but we remain responsible for its security and management.
End-User Agreement: Our end-user agreement includes disclaimers about Spotify warranties and prohibits modification, reverse-engineering, or decompiling of Spotify content. It also clarifies our responsibility for the app and its functionality.
Account Unlinking: If you unlink your Spotify account:

We will delete your Spotify User ID and any associated tokens, meaning we will no longer be able to access any Spotify data. Unique identifiers that can be traced back to the user (like playlist IDs) will also be deleted.
Any generic imported metadata like playlist names or song IDs will be kept, but users have the option to also delete this data as well. If you choose to unlink your account and delete your data, all Spotify-related information from the link will be removed immediately.
We may retain your display name only if it was used to generate your current username (i.e., you signed up with Spotify, added an email, but didn’t change your generated Swish Music username).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page, and we will notify you of significant through in-app notifications on the About page. We encourage you to review this page regularly to stay informed of any updates. Continued use of the app after any changes signifies your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions or concerns regarding this Privacy Policy, please contact us at devs@swishmusic.io.