Privacy Policy

Last updated: 1 April 2026

This Privacy Policy explains how PlaySafe Music ("we", "us", "our") collects, uses, and protects your personal data when you use our website and service at playsafemusic.com.

1. Data we collect

When you create an account via Google or Facebook OAuth we receive:

• Your email address
• Your display name
• Your profile picture URL

During your use of the Service we also collect:

• Subscription and billing status (managed via Stripe — we never store full card details)
• Music playback events (which tracks you play, timestamps) to improve our recommendations
• Vote interactions (thumbs up / thumbs down per track)
• Session and security data (IP address hash, session tokens)

2. How we use your data

• Account management: to identify you, maintain your subscription, and send billing-related emails
• Service improvement: anonymised playback data helps us understand which tracks are popular
• Legal compliance: invoice records are retained for 5 years as required by accounting law
• Security: IP data is used in hashed form for rate limiting only and is not stored long-term

We do not sell your data to third parties. We do not use your data for advertising.

3. Data storage and security

Your data is stored on servers in the EU. We use industry-standard encryption (HTTPS/TLS) for all data in transit. Passwords are not stored — authentication is handled via OAuth (Google / Facebook).

4. Third-party services

• Stripe: processes payments. Their privacy policy applies to data shared with them for billing.
• Google / Facebook: OAuth login. Their privacy policies apply to the login process.
• Cloudflare: used for audio delivery and DDoS protection. Traffic passes through their network.
• Google Analytics: used only after you give consent via our cookie banner.

5. Cookies

We use a session cookie required for the service to function (login state). We only set analytics cookies after you explicitly accept them via our cookie consent banner. You can withdraw consent at any time by clearing your cookies or using our consent page.

6. Your rights

You have the right to:

• Access the personal data we hold about you
• Export your data (available from your account settings)
• Delete your account and all associated data (available from your account settings)
• Object to or restrict processing of your data

To exercise any right not available directly in your account settings, contact us at our contact page.

7. Data retention

Active account data is retained while your account exists. If you delete your account, your personal data is removed within 30 days except for anonymised usage statistics and invoice records which are retained as required by law.

8. Changes to this policy

We may update this policy from time to time. We will notify you by email before material changes take effect.

9. Contact

For privacy-related questions, contact us via our contact page.