Privacy Policy

Effective date: Oct 20, 2018

Privacy Policy

Introduction

Welcome to MyStats, a tool that provides insights into your Spotify listening habits. This Privacy Policy explains how we collect, use, and protect your information when you use our service. We are committed to ensuring the privacy and security of your data.

By using MyStats, you agree to the collection and use of information in accordance with this policy. We only collect information that is necessary to provide our service and will never use your data for purposes beyond what is described here.

Information We Collect

When you use MyStats, we collect the following information:

  • Spotify Account Information: We access your Spotify username, email address, Spotify ID, and profile image through the Spotify API.
  • Spotify Content Data: With your permission, we collect data about your playlists, top artists, top tracks, and liked songs.
  • Listening History: Optionally, you may choose to upload your exported Spotify listening history for additional analysis.
  • Technical Information: We collect your IP address for the purpose of implementing rate limits and ensuring service stability.
  • Authentication Data: We temporarily store Spotify access tokens to retrieve your Spotify data.

How We Use Your Information

We use your information for the following purposes:

  • To provide you with insights and statistics about your Spotify listening habits
  • To authenticate your identity through Spotify
  • To display your profile information within the application
  • To generate personalized music analysis and recommendations
  • To implement rate limiting to maintain service stability
  • To save your preferences (such as sidebar state)

Cookies and Tracking Technologies

MyStats uses cookies for the following limited purposes:

  • To maintain your authenticated session
  • To store your user preferences and application settings
  • To remember your sidebar state and other UI preferences

We do not use cookies for advertising or tracking your behavior across other websites.

Data Sharing and Third Parties

We do not share your personal information or Spotify data with any third parties. Your data is only used within the MyStats application to provide you with the service.

Data Security

We implement industry-standard security measures to protect your personal information:

  • Access Token Encryption: We fully encrypt all Spotify access tokens using the AES-256-ESM encryption algorithm. This encrypted data is stored securely on our servers and is only accessible by the application itself and the system administrator (via secure environment variables).

  • Secure Storage: All user data is stored in secure databases with appropriate access controls.

  • Limited Data Access: We restrict internal access to your personal information to only those who require it to provide you with our service.

While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Any transmission of personal information is at your own risk.

Data Retention

Account Data

We retain basic account data (email, slug, name, username, profile image) until you delete your account.

Music Listening Data

Your Spotify music data (top albums, artists, tracks, genres, recently played) is cached with set expiration times, with a maximum cache period of 24 hours. This ensures you receive updated information without excessive API calls to Spotify.

Extended Listening History

When you upload your extended Spotify listening history, we process it to generate statistics but do not store the raw history data after processing. The uploaded history files are completely deleted from our servers once processing is complete.

Account Deletion

When you delete your account:

  • All your personal information is immediately wiped from our servers
  • Any cached data associated with your account is also deleted
  • If you had uploaded extended listening history, any processed data from this is also removed
  • Your Spotify access tokens are permanently deleted

Once deleted, we do not retain any of your information or create backups of it.

Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • The right to access the personal information we hold about you
  • The right to request correction of inaccurate information
  • The right to request deletion of your information
  • The right to object to or restrict processing of your information
  • The right to data portability

If you are located in the European Union, you have these rights under the General Data Protection Regulation (GDPR). If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA).

Children's Privacy

MyStats does not knowingly collect information from children under the age of 13. As our service integrates with Spotify, which requires users to be at least 13 years of age, we expect all users to meet this minimum age requirement.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

International Data Transfers

If you are located outside of the country where our servers are located, please be aware that your information may be transferred to, stored, and processed in a country different from where you reside. By using MyStats, you consent to the transfer of information to countries that may have different data protection rules than your country.

If you are in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific information concerned and the context in which we collect it. We generally only collect personal information where:

  • We need it to provide you with the MyStats service
  • You have given us consent to do so
  • The processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights

California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what data we collect about you, request deletion of your data, and opt-out of the sale of your data. We do not sell personal information to third parties.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us by:

  • Opening an issue on our GitHub repository
  • Including "Privacy Policy" in the title of your issue

Thank you for using MyStats!