SongWatch

1. Information We Collect

1.1 Information from Spotify

When you sign in using Spotify OAuth, Spotify may provide us with information based on the permissions you approve. This may include:

• Your Spotify user ID
• Your Spotify display name
• Your Spotify email address
• Your list of followed artists
• Spotify access tokens and refresh tokens
• Token expiration information

We use Spotify tokens to connect your Spotify account to the Service and to retrieve information needed to provide SongWatch. We store Spotify access and refresh tokens in encrypted form.

1.2 Account and Service Information We Store

We may store information associated with your account, including:

• Spotify ID
• Display name
• Email address
• Encrypted Spotify access and refresh tokens
• Spotify token expiration time
• Trial end date
• Push notification status
• Sync timestamps
• Account creation and update timestamps

1.3 Followed Artist Information

SongWatch collects and stores information about the Spotify artists you follow. We use this information only to provide the Service, including sending push notifications about newly released Spotify songs and albums by artists you follow.

We do not use your followed-artist data for advertising, cross-context behavioral advertising, sale of data, or unrelated profiling.

1.4 Push Notification Information

If you opt in to browser push notifications, we collect and store information needed to send those notifications, including:

• Your Spotify ID
• Your email address
• Your display name
• Your browser push subscription endpoint/address
• Related push subscription metadata
• Push-enabled status
• Notification event history

Push notifications may include links to newly released Spotify songs and albums.

You can disable push notifications through your browser, device, or operating system settings. Depending on your browser and device, you may also be able to unsubscribe through settings in the Service.

1.5 Subscription and Billing Information

We use PayPal Subscriptions to process payments. PayPal handles the payment side of the Service. PayPal processes payment details under its own privacy policy and terms.

We do not intentionally store your card number, CVV, bank account details, PayPal payer name, or PayPal email address in our local subscriptions table.

We may store local subscription and access information, including:

• User ID
• Subscription status
• Billing interval
• Current billing period start and end dates
• Cancellation flags and timestamps
• PayPal subscription ID
• Complimentary account status, if applicable
• Subscription creation and update timestamps

We receive updates from PayPal through webhooks. These webhook events may include subscription event IDs, event types, event timestamps, and information necessary to update your subscription status in our systems.

Through PayPal itself, we may have access to payment-related details available to merchants through the PayPal dashboard or PayPal APIs, even if those details are not stored in our own application database.

1.6 Customer Support Communications

If you contact us by email, we collect and use the information you provide in order to respond to your request, provide customer support, troubleshoot issues, and maintain records of the communication.

We may respond to you by email. We may also send legal, security, privacy, subscription, or service-related notices to the email address associated with your Spotify account.

1.7 Logs, Error Monitoring, and Technical Information

We use third-party logging and error-monitoring tools to monitor reliability, diagnose problems, and improve the Service.

Logs are retained for 30 days, and error records are retained for 90 days.

Logs and error records may include technical information such as:

• IP address
• Browser type
• Device type
• Operating system
• Pages or features accessed
• Error details
• Security and authentication events
• Timestamps
• Other diagnostic information needed to operate, debug, secure, and improve the Service

We do not use analytics, advertising cookies, tracking pixels, or third-party scripts for advertising or analytics purposes.

1.8 Service Providers and Infrastructure

SongWatch uses third-party service providers to help operate the Service, including providers for hosting, database infrastructure, logging and error monitoring, payments, and Spotify account connection.

These providers may process information as needed to provide their services to us and to support the operation, security, reliability, and functionality of SongWatch.

2. How We Use Information

We use information to:

• Create and manage your SongWatch account
• Authenticate you through Spotify
• Retrieve and sync your followed artists from Spotify
• Identify newly released Spotify songs and albums from artists you follow
• Send browser push notifications if you opt in
• Manage trials and paid subscriptions
• Process subscription status updates from PayPal
• Provide customer support by email
• Send legal, security, privacy, subscription, and service-related notices
• Debug errors and monitor Service reliability
• Detect, prevent, and investigate fraud, abuse, security incidents, and technical issues
• Maintain logs and records necessary to operate the Service
• Comply with legal obligations
• Enforce our terms and policies

3. Legal Bases for Processing

For users in jurisdictions where a legal basis is required, such as the European Economic Area, United Kingdom, or similar regions, we process personal information under one or more of the following legal bases:

• Performance of a contract: to provide SongWatch and manage your account and subscription.
• Consent: for optional features such as browser push notifications, where applicable.
• Legitimate interests: to secure, maintain, debug, improve, and administer the Service.
• Legal obligations: to comply with applicable laws, payment, tax, accounting, fraud-prevention, security, and disclosure obligations.

You may withdraw consent where processing is based on consent, but this will not affect processing that occurred before withdrawal.

4. How We Share Information

We do not sell, rent, or disclose personal information for advertising purposes. We do not share personal information for cross-context behavioral advertising.

We may share information with the following categories of recipients:

4.1 Service Providers

We share information with vendors and service providers that help us operate the Service, including providers for hosting, database infrastructure, logging and error monitoring, payments, Spotify account connection, customer support, security, and related operational services.

These providers process information as needed to provide services to us and support SongWatch.

4.2 Spotify

You connect your Spotify account through Spotify OAuth. We access Spotify information only as permitted by the authorization you grant and Spotify's applicable terms and developer policies.

4.3 PayPal

PayPal processes payments and manages subscription payment details. We receive subscription-related updates from PayPal so that we can activate, suspend, renew, cancel, or otherwise manage Service access.

PayPal's handling of your payment information is governed by PayPal's own privacy policy and terms.

4.4 Legal, Safety, and Compliance

We may disclose information if we believe it is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request
• Protect the rights, property, or safety of users, Slipway Labs, LLC, or others
• Detect, investigate, or prevent fraud, abuse, or security incidents
• Enforce our terms, policies, or agreements

4.5 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, your information may be transferred as part of that transaction.

5. Browser Push Notifications

Push notifications are optional. If you opt in, your browser or device will create a push subscription that allows us to send notifications to that browser or device.

SongWatch push notifications may include links to newly released Spotify songs and albums by artists you follow.

You can opt out of push notifications by changing your browser, device, or operating system notification settings. You may need to disable notifications separately on each browser or device where you enabled them.

If you opt out, we may retain historical notification logs and account records for security, operational, legal, or dispute-resolution purposes unless you request deletion and we are able to delete them under applicable law.

6. Payments and Subscriptions

Payments are processed by PayPal. We do not intentionally store your full payment card number, CVV, bank account details, or other sensitive payment credentials in our application database.

We store PayPal subscription IDs and local subscription status information so that we can manage your access to SongWatch. We may receive PayPal webhook events that tell us when a subscription is created, updated, cancelled, suspended, renewed, or otherwise changed.

For payment-related questions, refunds, chargebacks, or PayPal account issues, you may also need to contact PayPal directly.

Note: SongWatch should have separate Terms of Service, cancellation policy, and refund policy. This Privacy Policy explains data practices; it does not define subscription, refund, cancellation, or service-availability terms.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, and maintain security.

You may delete your account using the in-app account deletion feature. When you delete your account, we delete information associated with your account immediately from our application systems, including your account information, Spotify tokens, followed artist information, push subscription information, and related SongWatch account records.

Some information may remain outside our application systems for a limited time where deletion is controlled by third-party service providers, backup systems, payment processors, logs, legal obligations, security requirements, fraud prevention, accounting, tax, dispute resolution, or similar legitimate business or legal needs.

In general:

• Logs are retained for 30 days.
• Error records are retained for 90 days.
• Customer support emails may be retained as needed to respond to requests, maintain business records, resolve disputes, and comply with legal obligations.
• PayPal and other payment-related records may be retained by PayPal and may also need to be retained as necessary for billing, tax, accounting, legal compliance, fraud prevention, and dispute resolution.

When information is no longer needed, we will delete, de-identify, or otherwise handle it in accordance with applicable law and our operational needs.

8. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. These include encryption of Spotify access and refresh tokens and restricting administrative access to approved administrator accounts.

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

If we become aware of a security incident involving personal information, we will take steps to investigate and respond, including providing notices where required by applicable law.

9. Your Choices and Rights

You may delete your account using the in-app account deletion feature. Deleting your account deletes information associated with your account from our application systems immediately, subject to the limitations described in the “Data Retention” section above.

Depending on where you live, you may also have rights regarding your personal information, such as the right to:

• Access the personal information we have about you
• Correct inaccurate information
• Delete your information
• Object to or restrict certain processing
• Request a copy of your information in a portable format
• Withdraw consent where processing is based on consent
• Opt out of certain uses of personal information, where applicable
• Appeal a privacy rights decision, where required by law

To make a request, contact us at patrick@songwatch.io.

We may need to verify your identity before fulfilling a request. Some information may be exempt from deletion or access requests where we need to retain it for legal, security, fraud-prevention, accounting, tax, subscription, dispute-resolution, or operational reasons.

10. International Users

SongWatch is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, or processed in the United States or other countries where we or our service providers operate.

Those countries may have data protection laws that differ from the laws in your country. Where required, we will use appropriate safeguards for international data transfers.

11. Children's Privacy

SongWatch is not intended for children under 16 years old.

We do not knowingly collect personal information from children under 16. If you are under 16, do not use SongWatch or provide personal information to us.

If we learn that we have collected personal information from a child under 16, we will take appropriate steps to delete that information unless we are legally permitted or required to retain it.

If you believe a child under 16 has provided us with personal information, contact us at patrick@songwatch.io.

12. Cookies and Similar Technologies

SongWatch may use cookies, local storage, or similar technologies that are necessary to keep you signed in, maintain sessions, remember preferences, secure the Service, and operate core features.

We do not use analytics cookies, advertising cookies, tracking pixels, or third-party advertising scripts.

The Service integrates with Spotify for sign-in and account data access, and with PayPal for subscription payments. Those third-party services may use cookies or similar technologies under their own privacy policies and terms when you interact with them.

13. Third-Party Links and Services

The Service may link to or integrate with third-party services, including Spotify and PayPal. We are not responsible for the privacy practices of third parties. Your use of those services is governed by their own privacy policies and terms.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date and may provide additional notice, such as through the Service or by email.

We may send privacy, legal, security, subscription, or service-related notices to the email address associated with your Spotify account.

Your continued use of the Service after an updated Privacy Policy becomes effective means you accept the updated policy, where permitted by law.

15. Contact Us

For questions or requests about this Privacy Policy or your personal information, contact us at: