Privacy Policy

1. About Us

Unheard.FM is developed and operated by Woolly Bear Software LLC. We are committed to protecting your privacy and ensuring a secure user experience.

2. Information We Collect

When you use Unheard.FM, we may collect the following information:

  • Your Spotify profile information and email address (only if you log in via Spotify).
  • Listening preferences and settings you provide while using the app.
  • Usage metrics and error data, which are stored anonymously using internal user IDs.
  • Your IP address when you visit the website (used for basic request logging).

No personal data is collected unless you are logged in with Spotify.

Note: Some older internal logs created before August 2025 may still include Spotify user IDs. These logs were previously retained indefinitely, but we are currently migrating them to anonymized formats. Once migrated, all personally identifiable information will be removed.

3. Cookies and Tracking Technologies

We use a single HTTP-only session cookie if you log in with Spotify. This cookie contains:

  • Your user ID
  • Your session token

This cookie is used strictly for session management and is not accessible to JavaScript or third parties.

4. Data Processing and Storage

We are committed to a "local-first" data model to protect your privacy. This means:

  • Listening History: Your listening history and most of the data used for playlist generation are stored and processed locally within your browser. This data is not sent to or stored on our servers.
  • Backend Services: Our backend only facilitates your login, securely refreshes your Spotify access token, and manages your account settings. It does not access your Spotify listening history or your library.
  • Third-Party APIs: Our servers interact with the Spotify and Discogs APIs on a per-request basis to provide specific data (e.g., track information or album data) for your playlist generation. Your personal account information is not shared with these third-party services.

5. How We Use Your Information

We use your data to:

  • Generate personalized playlists based on your preferences.
  • Improve our service by analyzing aggregated and anonymous usage data.
  • Ensure the security and functionality of our platform (e.g., monitoring error logs).
  • Use your email address for account-related and service updates. You can opt out of these email communications at any time via the settings on your account page.

Any logging that includes your Spotify ID is retained for no more than 30 days and is used only for debugging or operational purposes.

6. Data Sharing and Storage

We do not sell or share your personal data with third parties. All data is securely stored and is used only to provide and improve your experience with Unheard.FM.

Usage metrics and error logs are anonymized using internal IDs and cannot be linked back to your Spotify account once your account is deleted.

7. Your Rights

If you are located in the European Union or European Economic Area, you have the right to:

  • Access the data we hold about you
  • Request correction or deletion of your data. You can delete your Unheard.FM account and all associated data at any time via the account management page.
  • Object to or restrict certain types of data processing
  • Request a copy of your data in portable form

You can exercise any of these rights by contacting us at contact@unheard.fm. We will respond within 30 days.

8. Changes to This Policy

This policy was last updated on September 11, 2025. We may update this policy from time to time. Any significant changes will be communicated via our website.

9. Contact Us

If you have any questions about this privacy policy, please contact us at contact@unheard.fm.

10. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Consent - when you log in with Spotify or provide settings.
  • Performance of a contract - to generate playlists and deliver the core service.
  • Legitimate interest - to improve our service and monitor platform health.

11. Data Transfers and Location

Our primary servers and databases are located in the United States (US-East AWS region). All personal data that we store is processed and retained within this region. The website itself, including static assets like images, CSS, and JavaScript, is distributed globally via a Content Delivery Network (CDN) to ensure fast load times for all users. This CDN does not store any of your personal data.

If you are located outside the U.S., your data may be transferred internationally to our servers. We take appropriate safeguards to protect your data, including relying on the EU-U.S. Data Privacy Framework and standard contractual clauses where applicable.

12. Data Retention

We retain personal data only as long as necessary to provide our services. Usage data that includes Spotify IDs is retained for no more than 30 days and is being actively migrated to anonymous storage. Anonymous usage metrics may be retained indefinitely for analysis.