Splaylist is a browser-based tool that turns Spotify playlists into Google Sheets and lets music professionals share reviewer-ready Session Views with ratings and comments. This Privacy Policy explains what data the application accesses, how it is processed, how it is protected, and what your rights are.

Google scopes used by Splaylist are governed by Google's own privacy practices — see the Google Privacy Policy. Splaylist's own use of the YouTube Data API v3 is described in §13 below.

1. Information we access

Splaylist accesses the following data sources at your explicit request:

• Spotify (login optional): When you sign in with Spotify we read your basic profile (display name, email associated with your Spotify account, country) and any playlists / albums you choose to load. Public Spotify URLs are fetched server-side via the Client Credentials Flow and do not require a Spotify login — only private playlists need OAuth.
• Google (login optional): Used to create the spreadsheets we export on your behalf (scope in §2). We use your Google display name, email address, and profile picture only to create and display your Splaylist account, manage your plan, and show account UI. We do not use this information for advertising, and we do not access other Google services unless you explicitly authorize a feature such as Google Sheets export.
• Session View content you create: When you build a Session View, we store the title, optional description, track ordering, owner notes, and the IDs of the source album/playlist on our servers (SQLite, hosted on Fly.io, Tokyo region).
• Reviewer activity: When a reviewer opens a Session View and chooses a display name, we generate a random reviewer token (UUID) in their browser's localStorage. Any ratings (1–5 ★) or comments they post are stored together with that token, the display name shown at the time of posting, and the timestamp. We do not require reviewers to sign in.

2. Google scopes — what each one is used for

3. Data retention

• Authentication tokens (Spotify / Google): live only in your active session cookie and are cleared when you sign out or your session expires (default: 14 days).
• Created Google Sheets: remain in your Google account — we do not keep a copy.
• Playlist / album metadata: cached on our servers for up to 30 days to avoid re-querying Spotify on every page view. No personal data is stored alongside it.
• Session Views: Free plan — kept for 30 days from last activity, then auto-deleted. Pro plan — kept indefinitely while your Pro subscription is active. "Last activity" includes new ratings, comments, owner edits, or exports. You may request deletion earlier by contacting info.splaylist@gmail.com.
• Ratings / comments / owner notes: tied to the Session View. Deleted together with the Session View when it expires or is removed.
• Reviewer tokens: the UUID itself lives in your own browser localStorage. Our server keeps the token alongside ratings/comments only to enable edit/delete by the original poster.
• Deletion on request: email info.splaylist@gmail.com — we respond within 7 business days.
• Sheet visibility: The Google Sheet we create for you is private — only you (the owner) can see it. To share it with collaborators, use the Share button inside Google Sheets. Splaylist does not change sharing settings on the spreadsheets it creates.

4. Limited Use of Google user data

5. Data protection mechanisms

Although Splaylist is designed to not retain user data on our infrastructure, we still apply the following protections to the data while it is in transit and to the short-lived authentication tokens we hold during your session:

• Transport encryption. All traffic between your browser, Splaylist (https://splaylist.app), and the Spotify / Google APIs is transmitted over TLS 1.2 or higher (HTTPS only). HTTP is automatically redirected to HTTPS at the edge.
• Session cookie hardening. The single session cookie we issue (spsess) is set with HttpOnly (not readable by JavaScript), Secure (sent over HTTPS only), and SameSite=Lax (mitigating cross-site request forgery). It is signed with a server-side secret to prevent tampering.
• OAuth tokens — short-lived and never persisted. Access and refresh tokens issued by Spotify and Google are kept only inside the signed session cookie that lives in your browser. They are never written to a database, log file, or any other server-side persistent store. When your session expires (default 14 days) or you log out, the tokens are gone.
• No persistent user database. We do not maintain accounts, user records, playlist archives, or analytics datasets that could become a breach surface. The absence of long-term storage is a deliberate security control.
• Least privilege scopes. We request the minimum Google scope required for the feature: spreadsheets (to create and update the spreadsheet for your playlist). We do not request Google Drive file permissions, Gmail, contacts, calendar, or any other Google data.
• Authenticated, user-initiated access only. Every Google or Spotify API call is performed in response to your own action, using your own OAuth token. Splaylist has no service-account credentials that could read user data without an explicit user-issued token.
• Hosting. The application is hosted on Fly.io, with traffic terminated at their TLS edge. Operating system and dependency security patches are applied through routine container redeploys.

Operational logs — what we record (and what we don't)

For debugging, abuse prevention, and rate limiting, we keep server-side operational logs for up to 30 days. We log only what is necessary to keep the service healthy:

• HTTP method and request path (e.g., GET /, POST /contact)
• Response status code and response time
• Hashed IP address (SHA-256, truncated to 16 hex characters; we never store the raw IP)
• Country code derived from the request (e.g., JP, US)
• Browser/OS family from the User-Agent string (no fingerprinting)
• Operational metadata such as the Spotify playlist ID being loaded, track count, and human-readable playlist label (curated playlists like "Billboard Hot 100"; if you load a private playlist, its title may temporarily appear in our logs as well, used only for debugging within the 30-day window)

We do not log:

• OAuth access tokens or refresh tokens
• Your email address or Spotify / Google account username
• The contents of your Google Sheet (URL or cell data)
• Track titles, artist names, or any track-level audio metadata
• The contents of any contact-form messages you send (those are relayed to email and not retained on our server)

Logs are not shared with third-party analytics or advertising providers, and they are deleted automatically after 30 days. If you would like the logs related to your activity removed earlier, contact us (Section 13).

Aggregated product metrics

To understand how the product is used and where users encounter friction, we maintain anonymous, aggregated counters of certain events. These counters never include personal identifiers. The events we count are:

• Page views by route (e.g., landing page, privacy, terms, contact)
• Sign-in starts and completions for Spotify and Google
• Sheet creations (with track count and elapsed seconds, no playlist or track contents)
• Contact-form submissions, by topic category
• API errors (Spotify or Google), by error class
• Aggregate distributions: country code (from request headers), referrer domain, browser family

These counters are aggregated, contain no personal identifiers, and are used solely to improve the product. They are not exported to third-party analytics or advertising providers.

6. Sharing with third parties

We do not share, sell, or transfer any personal data to third parties. The only network calls the app makes are directly between your browser/our backend and the official APIs of Spotify and Google.

7. How to revoke access

• Spotify: https://www.spotify.com/account/apps/ → REMOVE ACCESS for "Splaylist".
• Google: https://myaccount.google.com/permissions → Splaylist → Remove Access.
• You can also clear your Splaylist session at any time via the Logout link in the app, or by clearing your browser cookies for this site.

8. Your rights

Because we do not maintain a database of users or their playlist data, most "data subject" requests resolve themselves the moment you revoke access (Section 7). For completeness, you have the following rights regarding any data we may temporarily process:

• Right of access. You can ask what data is currently held in your active session by emailing the address in Section 13. Practically, this is the OAuth tokens in your own session cookie and nothing else.
• Right of erasure. Revoking access via Section 7 immediately invalidates the tokens we hold; clearing your browser cookies removes the session cookie entirely. For deletion of Session View data (titles, ratings, comments, owner notes) stored on our servers, email info.splaylist@gmail.com — we typically respond within 7 business days.
• Right of rectification. Splaylist does not edit user-profile data on your behalf; profile data lives in Spotify and Google, where you can correct it directly.
• Right to object / withdraw consent. You can withdraw consent at any time by revoking access (Section 7); no further processing will occur.
• Right to lodge a complaint. If you are in the EEA / UK, you may contact your national Data Protection Authority. If you are in California, you may exercise your CCPA rights by contacting us at the address in Section 13.

9. Security incident response

If we become aware of a security incident that affects user data accessed through Splaylist, we will:

• Investigate the incident and take immediate steps to contain it (including, if necessary, invalidating sessions and rotating server-side secrets).
• Notify affected users and applicable authorities without undue delay where required by law (typically within 72 hours where GDPR applies).
• Publish a summary of the incident and remediation steps on this page.

Because Splaylist does not store user data on its servers, the practical exposure surface is limited to active session tokens at the moment of the incident.

10. Cookies and browser storage

Splaylist uses a single session cookie (spsess) to keep you signed in during your visit. It is HttpOnly, Secure, and SameSite=Lax. We do not use third-party tracking cookies, analytics, or advertising pixels.

For reviewers (i.e. visitors leaving ratings/comments on a Session View without signing in), Splaylist stores three small values in your browser's localStorage:

• splaylist_reviewer_token — a random UUID used to identify your posts so only you can edit or delete them.
• splaylist_reviewer_name — the display name you entered, shown next to your ratings/comments.
• splaylist_recent_v1 — a list of the last 10 pages you opened on this site, used to populate the "Recent" cards on the home page. Never sent to our server.

These values stay on your device until you clear them. Clearing browser site data removes them entirely.

11. Children

Splaylist is not directed at children under 13 and we do not knowingly collect data from children.

12. Changes to this policy

If we materially change how this app handles data, we will update this page and the "Last updated" date above. Substantive changes to data protection practices or scope use will be highlighted at the top of the document.

13. YouTube API Services

Splaylist uses the YouTube Data API v3 to help you find the YouTube video that corresponds to each Spotify track in your playlist or album view. Use of YouTube API Services through Splaylist is subject to the YouTube Terms of Service, and the YouTube data we handle is governed by the Google Privacy Policy.

13.1 What we retrieve

When you open a Splaylist view page, Splaylist sends each track's title and artist name to the YouTube Data API to find a matching public video. The API returns a video identifier, which Splaylist resolves into a watch URL for display on the view page.

13.2 What we access from your YouTube account

Nothing. Splaylist does not access your YouTube account, watch history, subscriptions, or any personal YouTube data. We do not request OAuth authorization from you for YouTube. Splaylist uses its own server-side API key to query the public YouTube search index only.

13.3 How we store and use this data

Splaylist caches each resolved YouTube video identifier for a maximum of 30 days, in accordance with the YouTube API Services Terms of Service Section III.E.4. After 30 days, the cache entry is automatically deleted, and the next time someone opens that view page Splaylist runs a fresh lookup.

Direct YouTube watch URLs are displayed only on Splaylist view pages — they are not written into Google Sheets or CSV exports. Sheet and CSV exports use a YouTube search URL instead, so that no Authorized YouTube Data is stored outside Splaylist's 30-day cache.

13.4 How to remove cached data

Splaylist's YouTube cache is keyed by Spotify track ID, not by your identity, and is shared across all viewers of a given track. You can request deletion of cached entries associated with playlists you exported by contacting info.splaylist@gmail.com.

You can manage your Google account permissions at myaccount.google.com/permissions.

14. Spotify API usage

Splaylist uses the Spotify Web API in two distinct modes:

• Client Credentials Flow (default). Public Spotify URLs — public playlists, public albums, and individual public tracks — are fetched server-side using an app-only token issued to Splaylist. No Spotify login is required from you to view, share, or build Session Views from public links. No Spotify user account information is provided to Splaylist in this mode.
• Authorization Code Flow (opt-in). If you choose "Sign in with Spotify" to load a private playlist or your personal library, Splaylist exchanges Spotify's authorization code for OAuth tokens stored only in your session cookie (see §3 and §5). We read only what is needed to display the playlist; we do not modify your Spotify library or playback.

You can disconnect Splaylist's Spotify access at any time via spotify.com/account/apps.

15. Reviewer identity is not the same as your Google / Spotify account

When you leave a rating or comment on a Session View, you are acting as a reviewer, identified only by a random token stored in your browser. Reviewer identity is intentionally separate from your sign-in identity:

• Reviewers do not need to sign in with Spotify or Google.
• Splaylist does not link the reviewer token to your Google or Spotify account, even if you happen to be signed in at the time.
• Changing your reviewer display name later does not rename your past comments (we store a snapshot of the name shown at posting time).
• If the Session View owner deletes a comment, only that comment row is removed; your other comments and your reviewer token are untouched.

16. Google Sheets export

When you click "Save to Google Sheet" or export a Session View, Splaylist creates a new Sheet in your Google account using the spreadsheets scope. The Sheet contains the track list and (for Session Views) the ratings and comments collected so far.

• The Sheet is owned by you, not by Splaylist. We cannot read or modify it after creation, unless you re-export with the same logged-in account.
• The Sheet is created private by default. Splaylist does not change sharing settings automatically. To share the Sheet, use the Share button inside Google Sheets.
• "Made with Splaylist" credit can be omitted via the export options (see Terms §5 for IP).

Sharing notice. If the exported Sheet includes reviewer names, ratings, or comments, sharing the Sheet publicly may also make that reviewer information available to anyone with the link. Please review the Sheet before sharing it publicly.

17. Changes to this policy

Material updates to this Privacy Policy are reflected in the "Last updated" date at the top. Significant changes (e.g., new data categories collected, new third parties involved) will be flagged in a banner on the home page for at least 14 days before they take effect.

Date	Change
2026-05-23	Removed drive.file scope; spreadsheets only; Sheet is now private by default (manual share via Google Sheets).
2026-05-21	Added Session View / reviewer / Sheet export sections; clarified Spotify Client Credentials vs OAuth modes; documented localStorage values.
2026-05-19	YouTube Data API §13 detailed (V.2 wording).

18. Contact

Questions, deletion requests, or privacy concerns: info.splaylist@gmail.com. You can also use the contact form at splaylist.app/contact.

If you submit the contact form, the form data (name, email, topic, message) is transmitted via TLS to our Gmail inbox at info.splaylist@gmail.com and is not retained on the splaylist.app server beyond the moment of relay. We use the email address only to reply to your inquiry.