Privacy policy

Account data — email, username, a password hash (never the password itself), and your display name if you set one.

Listening history — when you connect Spotify or import from Last.fm, we store what you played and when (track, artist, album, timestamp). We read your listening history only: never your playlists, never anything that posts on your behalf.

What you create — ratings, reviews, lists, favorites, follows.

Technical basics — the IP address at signup (spam prevention) and session cookies that keep you signed in.

We do not sell your data. We do not share it with advertisers or data brokers. Riffiter's independence is a feature, not a slogan.

Spotify and Last.fm provide your listening data under their own terms after you explicitly connect them. Disconnecting is always available, and deleting your account removes the stored tokens.

You can access everything we hold about you — it's all visible in the product. You can correct it, export it on request, and delete it permanently: account deletion lives in Settings and removes everything — listening history, ratings, reviews, lists, follows — with no grace period and no soft delete.

Questions about your data: privacy@riffiter.com.