Privacy Policy

Last updated: March 4, 2026

Spotidal ("we", "us", "our") operates the spotidal.com website and service. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored securely using bcrypt hashing).

Connected Service Data

When you connect your Spotify and Tidal accounts, we store:

• OAuth access tokens and refresh tokens (encrypted at rest using AES-256-CBC)
• Your Spotify and Tidal user IDs
• Playlist metadata (names, track counts, cover images)
• Track information (titles, artists, ISRCs) for the purpose of matching and syncing

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card details. Stripe may collect information as described in their Privacy Policy.

2. How We Use Your Information

We use your information solely to:

• Provide the playlist syncing service between Spotify and Tidal
• Authenticate your connected accounts
• Process payments and manage subscriptions
• Communicate service-related updates

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

Spotidal integrates with the following third-party services:

• Spotify — to read your playlist and track data (Privacy Policy)
• Tidal — to search for tracks and create/update playlists (Privacy Policy)
• Stripe — to process payments (Privacy Policy)

4. Cookies

We use only essential cookies required for the service to function:

• Session cookie — keeps you logged in during your browsing session
• CSRF token — protects against cross-site request forgery
• Cookie consent — remembers your cookie consent preference (stored in localStorage)

We do not use analytics, advertising, or tracking cookies.

5. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data by deleting your account
• Portability — request your data in a machine-readable format
• Revoke consent — disconnect your Spotify or Tidal accounts at any time

To exercise any of these rights, you can manage your account in the Profile settings or contact us directly.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently removed, including:

• Your account information
• Connected account tokens
• Playlist data and sync history
• Track match records

7. Data Security

We take reasonable measures to protect your data, including:

• Encryption of OAuth tokens at rest (AES-256-CBC)
• HTTPS-only connections
• Secure password hashing (bcrypt)

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated date.

9. Contact

If you have questions about this Privacy Policy, contact us at privacy@spotidal.com.