Privacy Policy

Last updated: February 10, 2026

At The Song App, we take your privacy seriously. This policy explains how we collect, use, store, and protect your data when you use our service.

1. Information We Collect

When you use The Song App, we collect the following types of information:

1.1 Account Information

• Email address and profile information provided by Spotify, Apple Music, or Google (YouTube) through OAuth 2.0 authentication.
• We only collect information necessary to authenticate your account and provide our service.

1.2 YouTube Data

When you connect your YouTube account, we access and use the following information:

• YouTube account information: To create playlists and add videos on your behalf.
• Search capabilities: We search for music videos using the YouTube Data API based on your song selections.
• Playlist management: We create playlists and add videos to them only when you explicitly request these actions.

Important: We do NOT access your YouTube viewing history, subscriptions, liked videos, or any other YouTube data beyond what's necessary for playlist creation.

1.3 Musical Preferences

• Information about your musical preferences based on the prompts you provide to our AI.
• Song and artist names you select for playlist creation.

1.4 Cookies and Similar Technologies

We use cookies and similar tracking technologies to maintain your session and provide our service:

• Essential Session Cookies: Required for authentication and maintaining your login state. These cookies are necessary for the service to function and cannot be disabled.
• Session Storage: We store your OAuth access tokens in encrypted server-side sessions (not in browser cookies).
• No Advertising or Tracking Cookies: We do not use third-party advertising cookies or tracking technologies.

1.5 Device and Browser Information

We automatically collect the following information from your device and browser:

• Browser type and version: To ensure compatibility and optimize performance.
• Operating system: For troubleshooting and analytics.
• IP address: For security purposes and to prevent abuse.
• Screen resolution: To optimize the user interface for your device.
• Referrer URL: To understand how you found our service.

This information is collected automatically when you access our service through standard web server logs and is used solely for improving user experience, security, and troubleshooting.

1.6 Usage Data

• Information about how you interact with our service (e.g., features used, playlists created).
• Error logs and diagnostic information to help us improve application performance.

2. How We Use Your Information

We use the collected data for the following purposes:

• Authentication: To authenticate your account with music platforms using OAuth 2.0.
• AI Recommendations: To generate personalized song recommendations using AI based on your prompts.
• Playlist Management: To create and manage playlists on your behalf at your explicit request.
• YouTube Integration: To search for music videos, create playlists, and add videos to playlists on your YouTube account only when you explicitly request these actions.
• Session Management: To maintain your login session and remember your preferences during your visit.
• Service Improvement: To improve our service, troubleshoot technical issues, and analyze usage patterns.
• Security: To protect against unauthorized access, fraud, and abuse.

3. YouTube Data API - Specific Disclosures

Important Notice: The Song App's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 What YouTube Data We Access

• We only access your YouTube account information necessary to create playlists and add videos.
• We do NOT access your viewing history, watch later list, subscriptions, liked videos, comments, or any other YouTube data beyond playlist creation.

3.2 How We Store YouTube Data

• No Permanent Storage: We do NOT store YouTube data in any persistent database.
• Temporary Session Storage: YouTube access tokens are stored temporarily in encrypted server-side sessions only.
• Search Results: YouTube search results (video IDs, titles, thumbnails) are used only during your active session and are never saved to disk.
• Immediate Deletion: All YouTube data is deleted when your session ends or expires.

3.3 How Often We Refresh/Update YouTube Data

• No Data Refresh: We do not refresh, update, or cache YouTube data.
• Real-Time Searches: Each search is performed in real-time using the YouTube Data API.
• No Background Updates: We do not perform any background updates or syncing of YouTube data.

3.4 When We Delete YouTube Data

YouTube data is automatically deleted in the following scenarios:

• Session End: When you log out or close your browser.
• Session Expiration: After 24 hours of inactivity.
• Playlist Creation Complete: Immediately after a playlist is successfully created.
• Error or Cancellation: If playlist creation fails or is cancelled.

3.5 YouTube Data Sharing

• No Third-Party Sharing: We NEVER share your YouTube data with any third parties.
• No Advertising Use: We do not use YouTube data for advertising purposes.
• Limited to Service Provision: YouTube data is used exclusively to provide the playlist creation service you requested.

3.6 Revoking YouTube Access

You can revoke our app's access to your YouTube account at any time:

• Visit Google Account Permissions
• Find "The Song App" in the list of connected apps
• Click "Remove Access"

Revoking access will immediately prevent our app from accessing your YouTube account. Any session data will be deleted automatically.

4. Cookies and Tracking Technologies - Detailed Disclosure

We use the following types of cookies and similar technologies:

4.1 Essential Cookies (Required)

• Session Cookie: Stores your session ID to maintain your login state.
• CSRF Token: Protects against cross-site request forgery attacks.
• OAuth State: Validates OAuth authentication flows.

These cookies are essential for the service to function. Disabling them will prevent you from using our service.

4.2 How to Control Cookies

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data

Note: Blocking essential cookies will prevent you from logging in and using our service.

5. Device Information Collection - Detailed Disclosure

We collect the following device and browser information automatically:

5.1 Information Collected

• User Agent String: Contains browser type, version, and operating system.
• IP Address: Your device's internet protocol address.
• Screen Resolution: Width and height of your screen.
• Viewport Size: Size of your browser window.
• Language Preference: Your browser's language setting.
• Time Zone: Your device's time zone setting.

5.2 How We Use Device Information

• Responsive Design: To optimize the user interface for your screen size.
• Compatibility: To ensure the service works correctly on your browser.
• Security: To detect and prevent fraudulent activity and abuse.
• Analytics: To understand which devices and browsers our users prefer.
• Troubleshooting: To diagnose technical issues specific to certain devices or browsers.

5.3 Device Information Retention

• Device information is stored in server logs for up to 30 days for security and troubleshooting purposes.
• After 30 days, logs are automatically deleted.

6. Data Sharing and Disclosure

We do not share, sell, rent, or disclose your personal data (including Google user data and data from other music platforms) to third parties, except in the following limited circumstances:

6.1 Service Provision

• We transmit your data to the respective Music Platform APIs (Spotify, Apple Music, or YouTube via Google APIs) solely to perform the actions you explicitly request, such as creating a playlist or adding tracks.
• This data transmission is encrypted and occurs only when you initiate an action.

6.2 Legal Requirements

• If required by law, court order, or government regulation, we may disclose information to comply with legal processes.
• We will notify you of such requests unless prohibited by law.

6.3 What We Do NOT Do

• No Selling: We do not sell your personal data to anyone.
• No Advertising Networks: We do not provide your data to advertising networks or data brokers.
• No Analytics Services: We do not use third-party analytics services that track you across websites.
• No Social Media Sharing: We do not share your data with social media platforms.

7. Data Protection and Security

We implement industry-standard security measures to protect your data:

7.1 Encryption

• HTTPS/TLS: All communication between your browser and our servers is encrypted using SSL/TLS (HTTPS).
• API Communication: All communication with third-party APIs (Google, Spotify, Apple) is encrypted.
• Session Encryption: Session data is encrypted at rest on our servers.

7.2 Access Control

• Limited Permissions: Our application only requests the minimum necessary OAuth scopes required to function.
• No Password Storage: We never see or store your music platform passwords.
• Token Security: Access tokens are stored in encrypted server-side sessions, never in client-side storage.

7.3 Security Best Practices

• CSRF Protection: We use state parameters and CSRF tokens to prevent cross-site request forgery attacks.
• XSS Protection: We sanitize all user inputs to prevent cross-site scripting attacks.
• Regular Updates: We keep our dependencies and security patches up to date.

8. Third-Party Services

Our app integrates with the following third-party services:

8.1 YouTube Data API

By using our app's YouTube integration, you are also bound by:

• YouTube Terms of Service
• Google Privacy Policy

8.2 Spotify API

When using Spotify integration, you are subject to:

• Spotify Terms of Service
• Spotify Privacy Policy

8.3 Apple Music API

When using Apple Music integration, you are subject to:

• Apple Media Services Terms and Conditions
• Apple Privacy Policy

9. Data Retention and Deletion

9.1 How Long We Keep Your Data

• Session Data: Deleted when your session ends or after 24 hours of inactivity, whichever comes first.
• Access Tokens: Deleted immediately when your session ends. We do not store refresh tokens.
• YouTube Data: Search results and video information are NEVER stored permanently. They are used only during your active session and discarded immediately after playlist creation or session end.
• User Profile: Email address and basic profile information are stored only for the duration of your session and deleted when you log out or your session expires.
• Server Logs: Device and browser information in server logs is retained for 30 days for security purposes, then automatically deleted.

9.2 No Persistent User Database

Important: We do not maintain a persistent user database. All user data is session-based and temporary. When you log out or your session expires, all your data is permanently deleted from our servers.

9.3 How to Delete Your Data

You can delete your data at any time:

• Immediate Deletion: Simply log out or close your browser. Your session data will be automatically deleted.
• Revoke App Access:
  • YouTube: Google Account Permissions
  • Spotify: Spotify Connected Apps
  • Apple Music: Your Apple ID account settings

10. Your Rights and Choices

10.1 Access

• You can view what data we're using during your active session by inspecting your browser's developer tools.
• Contact us at support@thesongapp.app to request information about your data.

10.2 Deletion

• Log out to delete all session data immediately.
• Revoke app access from your music platform accounts.

10.3 Portability

• Since we don't store your data permanently, there is no data to export.
• Your playlists are created directly on your music platform accounts and are accessible there.

10.4 Opt-Out

• You can opt out of our service at any time by simply not using it.
• Revoke app access to prevent any future data access.

11. Children's Privacy

Our service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@thesongapp.app and we will delete such information immediately.

12. International Data Transfers

Our service is hosted on servers that may be located in different countries. By using our service, you consent to the transfer of your data to these locations. We ensure that all data transfers comply with applicable data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last updated" date at the top of this policy.
• Notify you of significant changes through our service or via email (if we have your email address).
• Continue to protect your data in accordance with this policy until you accept the new policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

• Email: support@thesongapp.app
• Company: Dexspace Ltd

We will respond to your inquiry within 30 days.

15. Compliance

This Privacy Policy complies with:

• Google API Services User Data Policy
• YouTube Terms of Service
• General Data Protection Regulation (GDPR) principles
• California Consumer Privacy Act (CCPA) requirements