Privacy Policy

1. Introduction

Welcome to Audiolog ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Audiolog (the "App"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you voluntarily provide when using our App, including:

• Account Information: Email address, username, and profile information when you create an account using Google Sign-In or Apple Sign-In
• Music Listening Data: Information about the songs you log, including song titles, artists, albums, genres, decades, listening duration, location tags you input, mood tags you input, time of day logged and any custom notes you add to the songs. Please do not provide any personal information within the app that may reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs.
• Third-Party Music Service Data: When you connect your Last.fm account, we access your currently playing songs and listening history as authorized by you

2.2 Automatically Collected Information

When you use our App, we automatically collect certain information, including:

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: App features used, pages viewed, time spent in the App, and other usage statistics
• Analytics and Crash Data: We use Firebase Analytics and Firebase Crashlytics to collect aggregated usage statistics, device identifiers, IP address information, crash traces, and diagnostic data to improve our App

Where supported by your device or platform, you can limit analytics and diagnostic sharing through your device privacy settings or by contacting us if you want us to disable non-essential analytics features where feasible.

2.3 Information from Third-Party Services

We integrate with the following third-party services:

• Google Sign-In: Authentication and basic profile information (name, email)
• Apple Sign-In: Authentication and basic profile information
• Last.fm: Scrobbling data and listening history (with your authorization)
• Spotify: Song data

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: To create and manage your account, log your music listening habits, and display your listening statistics and log history
• Sync Music Data: To connect with Last.fm to track your currently listening when the app is in use.
• Personalization: To provide personalized statistics, charts, and insights about your music listening habits
• Notifications: To send you push notifications about your listening streaks and reminders (if you enable this feature)
• Analytics and Improvement: To understand how users interact with our App and improve functionality
• Security: To protect against unauthorized access and ensure the security of your account
• Legal Compliance: To comply with applicable laws and regulations

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

• Service Providers: We share information with third-party service providers who perform services on our behalf:
  • Firebase / Google Cloud - Cloud hosting, authentication, database, analytics, crash reporting, and secure server-side processing
  • Last.fm - Scrobbling integration (only data you explicitly authorize)
  • RevenueCat - In-app purchase management
• Legal Requirements: We may disclose information if required by law or to respond to legal processes
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition
• With Your Consent: We may share information with third parties when you give us explicit consent to do so

5. Data Storage and Security

Your information is stored securely using Firebase Cloud Firestore, which is hosted on Google Cloud Platform infrastructure. Firebase / Google Cloud acts as our data processor and sub-processor for authentication, Firestore, analytics, crash reporting, hosting, and related cloud services. Our Firestore database is hosted in Google Cloud's North America multi-region (nam5).

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit using HTTPS/TLS
• Encryption of data at rest on Firebase servers
• Secure authentication through Firebase Authentication
• Regular security updates and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

In the event of a security breach that compromises your personal information, we will notify you and the relevant regulatory authorities within the timeframes required by applicable law.

Certain actions, such as communicating with the Spotify or Last.fm APIs, are processed securely server-side through Cloud Functions so that API keys and user tokens are not exposed in the App.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account information is retained until you delete your account, after which active Firestore data is deleted immediately
• Music listening logs are retained until you delete them or delete your account
• Analytics data is retained in aggregated form in accordance with Firebase Analytics retention policies (typically 14 months)

Deleted account data may remain in encrypted Firebase / Google Cloud server backups for up to 30 days before those backup copies age out.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information (you can delete your account within the App's settings)
• Data Portability: Request a copy of your data in a machine-readable format
• Opt-Out: Opt out of push notifications through your device settings
• Withdraw Consent: Disconnect third-party services (Last.fm) at any time through the App settings

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

For data access or portability requests, email support@audiolog.net with the email address and username used to sign up, plus your user ID (available on the Profile page under User ID). We will confirm your identity and provide your data within 30 days of a verified request.

8. Children's Privacy

Our App is not intended for children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our App, you consent to the transfer of your information to our servers and those of our service providers.

We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, including Standard Contractual Clauses where required.

10. Third-Party Links and Services

Our App may contain links to third-party websites or services (such as Last.fm). We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access through our App:

• Last.fm Privacy Policy
• Google Privacy Policy
• Apple Privacy Policy

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, disclose, and sell
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, please contact us at the email provided below.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing your personal information includes: consent, contract performance, and legitimate interests.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the App and updating the "Last Updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.

14. Contact Us