Bound (“we”, “us”) is a music-rating and social app. This policy explains what data we collect, why, and the choices you have. By using Bound you agree to this policy.
What we collect
- Spotify account info. When you sign in with Spotify we receive your Spotify ID, display name, email address, and profile image.
- Spotify listening data. With your permission we access your recently played tracks, top tracks, and playlists to power recommendations and imports. We do not receive your real-time playback or full listening history.
- Content you create. Ratings, reviews, comments, lists, the songs you send to others, and your profile name and bio.
- Social activity. Who you follow, who you block, likes, and notifications.
- Technical data. Authentication tokens (stored so you stay signed in) and your IP address, which is used transiently to rate-limit abuse. We do not build advertising profiles.
How we use it
We use your data solely to operate Bound: to authenticate you, display and rank content, generate recommendations, deliver notifications, enforce blocks, and prevent abuse. We do not sell your data, and we do not use it to train machine-learning models.
Who we share it with
We share data only with the service providers that run Bound:
- Spotify — for sign-in and music data. Your use of Spotify content is also governed by Spotify’s Privacy Policy.
- Vercel — hosting and content delivery.
- Neon — the database that stores your account and content.
- Upstash — transient storage used for rate-limiting.
We may also disclose data if required by law. We do not otherwise share your personal data with third parties.
Your choices and rights
- Delete your account. You can permanently delete your account and all associated content at any time from Settings. Deletion is immediate and irreversible.
- Access and correction. You can view and edit your profile and content in the app, or contact us for a copy of your data.
- Revoke Spotify access. You can disconnect Bound from your Spotify account at any time in your Spotify account settings.
Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA, including the right to object to or restrict processing. Contact us to exercise these rights.
Data retention
We keep your data for as long as your account is active. When you delete your account, your personal data and content are removed from our database. Backups are purged on a rolling basis.
Children
Bound is not directed at children under 13, and we do not knowingly collect their data.
Changes
We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.