Legal

Privacy Policy

Last updated: April 2026

1. What we collect

When you sign up or join our waitlist, we collect your email address and, when you connect Spotify or Apple Music, your OAuth access tokens (stored encrypted), display name, and the playlist data you explicitly share with us. We do not store your Spotify password or full listening history — only the tracks you choose to add to a ThePlaylistDating playlist.

2. How we use your data

Your playlist data is used solely to compute Resonance Scores and surface matches. We do not sell your personal data to third parties. We do not use your data to train advertising models. Your email is used for product updates and, with your consent, marketing emails you can unsubscribe from at any time.

3. Data retention

You can delete your account at any time via Settings → Delete Account. This triggers a hard delete of all PII including your email, OAuth tokens, playlists, messages, and match history within 30 days, in compliance with GDPR and CCPA.

4. Third-party services

We use Spotify and Apple Music OAuth for authentication and playlist data. Firebase handles authentication tokens. AWS hosts our infrastructure. SendGrid delivers email. Each provider has their own privacy policy which governs their use of your data.

5. Security

OAuth tokens are encrypted at rest. All data is transmitted over HTTPS/TLS. We rate-limit all API endpoints and perform regular security audits. We will notify you within 72 hours of any data breach that affects your personal data.

6. Contact

Questions about this policy? Email us at privacy@theplaylistdating.com.