Privacy Policy

Introduction

This privacy policy explains how Genre Cloud collects, uses, and protects your information when you use our service.

Information We Collect

Spotify Account Information

When you log in with Spotify, we receive limited access to your Spotify account through OAuth authentication. We only access the information necessary to provide our service such as your top artists and listening history for functionality.

IP Addresses

We temporarily collect your IP address for rate limiting purposes to ensure fair usage and protect our service from abuse. IP addresses are stored in server memory for a maximum of 24 hours and are then automatically deleted.

Cookies and Session Data

• Authentication Cookies: We use cookies to maintain your login session via Spotify's PKCE authentication flow. These cookies are stored on your device.
• Session Storage (Server-side): Your music genre data is temporarily cached on our server for up to 30 minutes during your active session to improve performance and reduce API calls. This cache is automatically refreshed every 30 minutes and is permanently deleted when your session ends (after 1 hour of inactivity) or when you log out.
• Session Storage (Browser): Music data retrieved during your session is also temporarily stored in your browser's session storage and is automatically deleted when you close your browser.

Error Logs

We collect sanitized error logs to maintain and improve our service. These logs do not contain personal information or detailed stack traces.

How We Use Your Information

We use the collected information solely to:

• Authenticate you with Spotify and maintain your login session
• Provide you with the music-related features of our service
• Cache your music data temporarily (up to 30 minutes) to improve app performance
• Prevent abuse through rate limiting
• Monitor and fix technical issues

Data Storage and Security

• Server-side: Session data including cached music genre information (maximum 1 hour or until logout), IP addresses (temporarily, max 24 hours), sanitized error logs
• Client-side: Authentication cookies, session storage (deleted when browser closes)
• We do not store your Spotify credentials or long-term user data on our servers
• All session data is automatically deleted after 1 hour of inactivity or when you log out

Data Retention

Your data is retained only for the duration necessary to provide our service:

• Music genre data: Cached for up to 30 minutes during your session, then refreshed. Permanently deleted when your session expires (1 hour) or when you log out.
• Session authentication: Expires after 1 hour of inactivity
• IP addresses: Stored in memory for rate limiting, automatically deleted after 24 hours

Data Sharing

We do not sell, trade, or share your personal information with third parties. Your data is only shared with Spotify as necessary for authentication and to retrieve your music data through their official API.

Your Rights

Depending on your location, you may have rights including:

• Access to your personal data
• Correction of inaccurate data
• Deletion of your data
• Objection to data processing

To exercise these rights or for questions about your data, contact us at genrecloud@gmail.com.

Logging Out

When you log out, your session data is immediately cleared from our server, including any cached music information. To completely remove all data:

• Log out of the application (this deletes all server-side session data)
• Close your browser to clear client-side session storage
• Clear your browser cookies if desired

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date.

Contact Us

If you have questions about this privacy policy, please contact us at:

• Email: genrecloud@gmail.com