Privacy Policy

TL;DR

Waitlist signup

Because MusicChat is still in Spotify's Development Mode, access is limited. Our waitlist lets you opt in and get a trial when a slot opens.

When you tap Continue with Spotify on the waitlist page, Spotify asks for your consent and redirects back to us with an authorisation code. We exchange that code briefly to read your Spotify profile, then discard the token — we don't keep long-lived Spotify access from the waitlist flow.

What we keep in our waitlist table:

Every email we send includes a one-click unsubscribe link. Clicking it flips your status to unsubscribed; you'll never hear from us again unless you rejoin the waitlist.

Information we collect

When you sign in to the mobile app with Spotify, we receive and store:

• Your Spotify email address, display name, and profile photo
• Your Spotify account type (Free or Premium)
• Short-lived OAuth access and refresh tokens so we can play music on your behalf

When you use the app, we store:

• Channel messages you send
• Songs you add to channels and ratings you give
• Your channel memberships and roles (admin / moderator / contributor / member)
• Anonymous crash reports and error logs (see "Third-party services" below)

How we use your information

Solely to operate the product:

• Authenticate you and keep your session alive across app restarts
• Play music in channels via the Spotify Web Playback SDK
• Display your profile to other members of channels you join
• Deliver notifications about channel activity
• Send transactional emails (waitlist confirmation, trial activation, trial expiration)
• Detect abuse (rate-limited signup via hashed IPs)

We do not use your data for advertising, profiling, or targeted marketing.

Third-party services

MusicChat integrates with:

• Spotify — authentication and music playback. Spotify's own privacy policy applies to data Spotify collects: spotify.com/legal/privacy-policy
• Supabase — database, real-time messaging, and authentication infrastructure. Data is stored in the Seoul (ap-northeast-2) region.
• Resend — transactional email delivery for waitlist emails. Only recipient email, subject, and email body are shared.
• Sentry — anonymised error and crash reports from the mobile app. Personal identifiers are not attached.

Data sharing

We do not sell, trade, or share your personal information with third parties for marketing purposes. The only sharing that happens is:

• Chat messages and profile info you post are visible to other members of channels you've joined.
• Aggregated, anonymised stats (total users, weekly signups) may appear on musicchat.io — never individual data.

Data retention and deletion

Your data is retained while your account is active. To delete your account and all associated data — profile, messages, playlists, waitlist entry — contact us at hello@musicchat.io. We respond within 7 days.

Waitlist signups can be removed instantly via the unsubscribe link in any of our emails.

Security

We use industry-standard HTTPS/TLS for all data transmission. Spotify OAuth tokens are stored encrypted and never exposed to other users or on the client side. Database access is gated by row-level security policies enforced in Postgres.

No system is perfect — if you find a vulnerability, please email hello@musicchat.io and we'll fix it promptly.

Children's privacy

MusicChat is not intended for children under 13. We do not knowingly collect information from children. If we learn that a child has provided us personal data, we delete it.

Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email. The "Last updated" date at the top always reflects the most recent revision.

Contact

Questions, concerns, or data-deletion requests: