Privacy Policy

Last updated: March 2026

What Data We Collect

When you create an account, we store your name, email address, and a hashed version of your password. We never store your password in plain text.

Spotify Data

If you connect your Spotify account, we access the following scopes: your email, profile information, playback control, and streaming. We store your Spotify access and refresh tokens to enable playback and search. Your Spotify app credentials (Client ID and Client Secret) are encrypted at rest using AES-256-GCM.

We only request and process data necessary to operate WalkOnJams. We do not use your Spotify data for advertising, profiling, or AI/ML training.

Data Sharing

We do not sell, transfer, or share your personal data with third parties, ad networks, data brokers, or monetization tools.

Disconnecting Spotify

You can disconnect your Spotify account at any time via Settings. When you disconnect, we immediately delete your Spotify tokens and app credentials. No Spotify personal data is retained after disconnection.

Data Retention

Your account data is retained as long as your account exists. Walk-ons you create and votes you cast are associated with your account. You can request account deletion by contacting us.

Security

We use industry-standard security measures to protect your data, including encrypted credentials, HTTPS-only communication, and hashed passwords.

Cookies

We use session cookies for authentication. We do not use third-party tracking cookies.

Contact

For questions about this privacy policy or to request data deletion, contact us via the project repository.