Privacy Policy

1. Introduction

This Privacy Policy explains how Shuffify collects, uses, and protects your information when you use our service. We are committed to protecting your privacy and being transparent about our data practices.

2. Data We Collect

We collect the following types of data through Spotify's Web API:

  • Profile Information: Your Spotify user ID, display name, and profile image URL
  • Playlist Data: Your playlists, including names and track listings
  • Track Information: Song titles, artists, albums, and track URIs
  • Authentication Tokens: OAuth access and refresh tokens for API access

We do not collect your email address, country, or Spotify subscription status.

3. How We Use Your Data

We use your data exclusively for the following purposes:

  • To authenticate you with Spotify
  • To display your playlists in the application
  • To perform shuffle operations on your playlists
  • To provide undo functionality for playlist changes
  • To improve the user experience and service functionality

4. Data Storage and Security

Session-Based Storage: Authentication tokens and temporary state are stored in your server-side session (backed by Redis) and are automatically cleared when you log out or your session expires.

Persistent Storage: We store the following data in a PostgreSQL database to provide core functionality:

  • Account data: Your Spotify user ID, display name, and profile image URL
  • Preferences: Your chosen settings such as default shuffle algorithm and theme
  • Playlist snapshots: Point-in-time copies of your playlist track orderings, used for backup and restoration
  • Scheduled jobs: Configuration for automated shuffle and raid operations you create
  • Activity log: A record of actions you take within the app (shuffles, raids, snapshot restores)

What we do NOT store: We do not store your Spotify password, full track audio, or any payment information. Your OAuth refresh token is encrypted at rest using Fernet symmetric encryption.

Data Retention: Your data is retained as long as your account is active. You can request deletion of your data at any time by contacting us.

Security Measures: We use industry-standard security practices including encrypted token storage, HTTPS transport, and server-side session management.

5. Third-Party Services

Spotify: We integrate with Spotify's Web API to access your playlist data. Spotify's own privacy policy applies to data collected by their service.

No Data Sharing: We do not sell, rent, or share your personal data with third parties for marketing or commercial purposes.

6. Your Rights

You have the following rights regarding your data:

  • Access: You can view what data we have access to through your Spotify account
  • Deletion: You can revoke our access to your Spotify data at any time
  • Control: You can control what data Spotify shares with us through your Spotify settings
  • Inquiries: You can contact us with questions about your data

7. Cookies and Tracking

We use session cookies to maintain your login state and provide essential functionality. These cookies are temporary and are automatically cleared when you log out.

8. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by posting the new policy on this page.

10. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us at: [email protected]

Last updated: March 1, 2026

← Back to Shuffify