Privacy Policy for buytracks.app
Last Updated: 2025-03-21
At a Glance
This policy explains how we collect, use, and protect your data when you use buytracks.app. Your collection and use of data is subject to this privacy policy. By using buytracks.app, you agree to the practices described here.
Key Points:
- We use your Spotify and Beatport data to provide our core functionalities, such as finding online purchase availability for songs in your playlists.
- We use Spotify OAuth via our cloud based storage provider for account creation and authentication.
- We use browser caching (IndexedDB) to improve performance.
- We do not sell your data or use it for marketing without your consent.
- You can delete your account and cached data at any time.
- Spotify is a third-party beneficiary of this Privacy Policy and is entitled to directly enforce it.
For detailed information, please read the sections below.
Detailed Privacy Policy
1. What information do we collect and why?
2. How do we use your information?
- We use the collected data to provide the app's core features, analyze usage patterns for service improvement, and enhance user experience based on survey feedback.
3. Do you track my IP address or location?
- No. We use privacy-focused analytics that do not track IP addresses or locations.
4. Do you log error reports and debugging information?
- We currently do not collect error reports or debugging information. If we implement error reporting in the future, it will be on an opt-in basis.
5. Will I receive emails or other communications from you?
- We will only email you with your consent, for transactional purposes, or when legally obligated to do so.
6. How can I unsubscribe from marketing communications?
- We do not use your private information for marketing purposes. We do not currently have any email based marketing communications. Any in-app messages will be non-targeted marketing that does not make use of any your private data.
7. Do you collect data about my interactions with your emails?
8. Where is my data stored?
- Your data is stored with our cloud database provider, Supabase.
9. Is my data encrypted?
- Yes, Supabase encrypts all data at rest and in transit. This is not under our direct control, you can read more about Supabase's security measures here.
10. How do you protect my data from unauthorized access or breaches?
- Supabase uses industry-standard security measures to protect data.
11. What happens in the event of a data breach?
- We will take prompt action to assess and mitigate any harm. If legally required, we will notify you with relevant information.
12. Do you collect and store information about my hardware and software?
- We collect basic, fully anonymized browser and operating system data.
13. Do you collect and store my music library information?
- Currently, we only store cached data locally. In the future, we may store some data for additional features, with updated privacy policy disclosures.
14. How do you handle data related to public profiles?
- We do not have public profiles. Any public profiles on Spotify and Beatport are controlled by their respective privacy policies.
15. Do you use any third-party payment processors?
16. Data Sharing and Disclosure
- We do not sell or share your personal information with third parties, except when legally required.
- When you use Spotify services or content through buytracks.app, your use is also subject to Spotify’s privacy policy. We do not make any warranties or representations on behalf of Spotify.
17. Data Retention and Deletion
- You can delete your account and Spotify OAuth data via the "delete account" link. Deletion from Supabase is immediate.
- Browser cached data can be deleted by clearing your browser history or clearing website data from your browser settings.
- Survey data can be deleted by contacting us at privacy@buytracks.app. Survey data is stored for 12 months.
- Data on the server is retained for 2 years after account deletion, for security and audit purposes. Data stored locally in the user's browser is stored until the user deletes it themselves.
18. Security
- We store your Spotify OAuth data securely with Supabase.
- We use industry-standard security measures.
19. Cookies and Tracking
- We do not use cookies, except for basic user authentication and identification purposes.
- There are no third-party cookies placed by us. We do not allow third parties to place cookies on your browser to collect information about your browsing activities, except as required for core functionality (e.g., Spotify authentication or with your explicit consent for error tracking).
- We track usage on our site for analytics, functional, performance, security, and product improvement purposes, using anonymized data.
- With your optional consent, we additionally track error logs and session replay information for fixing bugs and product improvement purposes. This leaves some first party cookies for the purpose of user identification. These cookies are not used for any other purposes.
- You can manage cookies and website data through your browser settings at any time.
20. Account and Profile Information
- Account creation is only via Spotify OAuth.
- You cannot use the app without an account.
- You can modify your profile via Spotify account settings.
- We only connect to Spotify and Beatport.
21. Links to Third-Party Websites and Services
- Our app may provide links to third-party websites or services that we do not own or operate.
- We are not responsible for the privacy practices of any linked websites or services, including the information or content they contain.
- Your interaction with any third-party website or service is subject to their own rules and policies, not ours.
- If you use a third-party website or service, you do so at your own risk.
- We encourage you to review the privacy policies of any third-party site or service before providing any personal information.
22. Children's Privacy
- Our services are not intended for children under the age of 13.
- We do not knowingly collect personal information from children under the age of 13.
- If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.
- If you believe we have collected information from a child under 13, please contact us at privacy@buytracks.app.
23. Jurisdictional Data Handling
- We do not differentiate data handling based on user jurisdiction.
- International Data Transfers:
- We utilize Supabase as our cloud data storage provider. In relation to international transfers of personal data, Supabase has entered into a Data Processing Addendum (DPA) that includes the following provisions:
- Where the GDPR or Swiss Data Protection Laws apply, Supabase relies on Standard Contractual Clauses (SCCs) for the transfer of Covered Data.
- For transfers subject to UK Data Protection Laws, Supabase has agreed to the Approved Addendum issued by the UK Information Commissioner.
- Supabase has also included a Swiss Addendum to address the requirements of Swiss Data Protection Laws.
 
- These mechanisms are intended to provide appropriate safeguards for personal data transferred outside of the relevant jurisdictions. For further information, the details of these arrangements are contained in the Supabase Data Processing Addendum, which is incorporated into our agreement with Supabase.
 
24. Changes to This Privacy Policy
- We may update this policy periodically.
- The latest version will be available here.
- It is your responsibility to check for updates.
25. Contact Us & Data Controller Information
- For privacy inquiries, contact us at: privacy@buytracks.app.
- The data controller is the operator of buytracks.app and can be contacted at: privacy@buytracks.app.
- Spotify is a third-party beneficiary of this Privacy Policy and is entitled to directly enforce it.
26. Your Rights
- Under the GDPR, you have the following rights:
- Right to Access: You have the right to request access to the personal data we hold about you.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
- Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data under certain circumstances.