Privacy Policy for buytracks.app

Last Updated: 2025-03-21

At a Glance

This policy explains how we collect, use, and protect your data when you use buytracks.app.

Key Points:

• We use your Spotify and Beatport data to provide our core functionalities, such as finding online purchase availability for songs in your playlists.
• We use Spotify OAuth via our cloud based storage provider for account creation and authentication.
• We use browser caching (IndexedDB) to improve performance.
• We do not sell your data or use it for marketing without your consent.
• You can delete your account and cached data at any time.

For detailed information, please read the sections below.

Detailed Privacy Policy

1. What information do we collect and why?

• Spotify Profile Data:

  • We collect basic information from the Spotify OAuth API (username, display name, email, profile picture, authorization tokens) for user authentication and identification.
  • This data is securely stored with our cloud database provider (Supabase) to provide the core functionality of the app.
  • We do not use this data for any purpose other than identification/authorization.
  • We will not use your email for marketing without your explicit consent.
  • Legal Basis: Performance of a contract (providing the service requested by the user).

• Spotify Playlists and Song Data:

  • We access your Spotify playlists and song data to cross-reference them with Beatport and Bandcamp catalogs for purchase availability.
  • This data is cached in your browser's IndexedDB for faster page loading.
  • Caching this data is necessary to provide a fast and efficient experience, and therefore does not require your consent.
  • This data is not uploaded to our cloud database or shared with any third parties. You can clear this cached data at any time by clearing your browser history or clearing website data from your browser settings.
  • Legal Basis: Performance of a contract (providing the service requested by the user).

• Beatport OAuth Data:

  • We collect authorization tokens from the Beatport OAuth API for user authentication.
  • These tokens are stored in your browser's local storage and our cloud database to streamline the login process.
  • Legal Basis: Performance of a contract (providing the service requested by the user).

• Usage Data:

  Umami

  • We use Umami, a privacy-focused analytics tool, to collect fully anonymized usage data for analyzing website traffic / feature usage metrics.
  • Data is completely anonymized (IP anonymization, no user identifiers). We also collect basic, fully anonymized browser and operating system data.
  • This process does not leave any cookies or tracking technology on your computer.
  • Your consent is not required due to the anonymization process which strips all private data.
  • Legal Basis: Legitimate interest (improving our service).

  Logrocket

  • Optionally, we also use Logrocket to collect error logs and detailed session information
  • This data helps us fix bugs and understand user interactions to optimize the user experience.
  • This process leaves some cookies for the sole purpose of user identification (read more).
  • Legal Basis: Consent (voluntary participation).

• In-App Surveys:

  • We may conduct surveys for user satisfaction, engagement, and feature requests.
  • Participation is voluntary.
  • Data is used to improve our services based on user feedback.
  • To withdraw your consent and have your survey data deleted, contact us at privacy@buytracks.app.
  • Legal Basis: Consent (voluntary participation).

2. How do we use your information?

• We use the collected data to provide the app's core features, analyze usage patterns for service improvement, and enhance user experience based on survey feedback.

3. Do you track my IP address or location?

• No. We use privacy-focused analytics that do not track IP addresses or locations.

4. Do you log error reports and debugging information?

• We currently do not collect error reports or debugging information. If we implement error reporting in the future, it will be on an opt-in basis.

5. Will I receive emails or other communications from you?

• We will only email you with your consent, for transactional purposes, or when legally obligated to do so.

6. How can I unsubscribe from marketing communications?

• We do not use your private information for marketing purposes. We do not currently have any email based marketing communications. Any in-app messages will be non-targeted marketing that does not make use of any your private data.

7. Do you collect data about my interactions with your emails?

• No.

8. Where is my data stored?

• Your data is stored with our cloud database provider, Supabase.

9. Is my data encrypted?

• Yes, Supabase encrypts all data at rest and in transit. This is not under our direct control, you can read more about Supabase's security measures here.

10. How do you protect my data from unauthorized access or breaches?

• Supabase uses industry-standard security measures to protect data.

11. What happens in the event of a data breach?

• We will take prompt action to assess and mitigate any harm. If legally required, we will notify you with relevant information.

12. Do you collect and store information about my hardware and software?

• We collect basic, fully anonymized browser and operating system data.

13. Do you collect and store my music library information?

• Currently, we only store cached data locally. In the future, we may store some data for additional features, with updated privacy policy disclosures.

14. How do you handle data related to public profiles?

• We do not have public profiles. Any public profiles on Spotify and Beatport are controlled by their respective privacy policies.

15. Do you use any third-party payment processors?

• No.

16. Data Sharing and Disclosure

• We do not sell or share your personal information with third parties, except when legally required.

17. Data Retention and Deletion

• You can delete your account and Spotify OAuth data via the "delete account" link. Deletion from Supabase is immediate.
• Browser cached data can be deleted by clearing your browser history or clearing website data from your browser settings.
• Survey data can be deleted by contacting us at privacy@buytracks.app. Survey data is stored for 12 months.
• Data on the server is retained for 2 years after account deletion, for security and audit purposes. Data stored locally in the user's browser is stored until the user deletes it themselves.

18. Security

• We store your Spotify OAuth data securely with Supabase.
• We use industry-standard security measures.

19. Cookies and Tracking

• We do not use cookies, except for basic user authentication and identification purposes.
• There are no third-party cookies.
• We track usage on our site for analytics, functional, performance, security, and product improvement purposes, using anonymized data.
• With your optional consent, we additionally track error logs and session replay information for fixing bugs and product improvement purposes. This leaves some first party cookies for the purpose of user identification. These cookies are not used for any other purposes.

20. Account and Profile Information

• Account creation is only via Spotify OAuth.
• You cannot use the app without an account.
• You can modify your profile via Spotify account settings.
• We only connect to Spotify and Beatport.

21. Links to Third-Party Websites and Services

• Our app may provide links to third-party websites or services that we do not own or operate.
• We are not responsible for the privacy practices of any linked websites or services, including the information or content they contain.
• Your interaction with any third-party website or service is subject to their own rules and policies, not ours.
• If you use a third-party website or service, you do so at your own risk.
• We encourage you to review the privacy policies of any third-party site or service before providing any personal information.

22. Children's Privacy

• Our services are not intended for children under the age of 13.
• We do not knowingly collect personal information from children under the age of 13.
• If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.
• If you believe we have collected information from a child under 13, please contact us at privacy@buytracks.app.

23. Jurisdictional Data Handling

• We do not differentiate data handling based on user jurisdiction.
• International Data Transfers:
  • We utilize Supabase as our cloud data storage provider. In relation to international transfers of personal data, Supabase has entered into a Data Processing Addendum (DPA) that includes the following provisions:
    • Where the GDPR or Swiss Data Protection Laws apply, Supabase relies on Standard Contractual Clauses (SCCs) for the transfer of Covered Data.
    • For transfers subject to UK Data Protection Laws, Supabase has agreed to the Approved Addendum issued by the UK Information Commissioner.
    • Supabase has also included a Swiss Addendum to address the requirements of Swiss Data Protection Laws.
  • These mechanisms are intended to provide appropriate safeguards for personal data transferred outside of the relevant jurisdictions. For further information, the details of these arrangements are contained in the Supabase Data Processing Addendum, which is incorporated into our agreement with Supabase.

24. Changes to This Privacy Policy

• We may update this policy periodically.
• The latest version will be available here.
• It is your responsibility to check for updates.

25. Contact Us & Data Controller Information

• For privacy inquiries, contact us at: privacy@buytracks.app.
• The data controller is the operator of buytracks.app and can be contacted at: privacy@buytracks.app.

26. Your Rights

• Under the GDPR, you have the following rights:
  • Right to Access: You have the right to request access to the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data under certain circumstances.