Privacy Policy

Information we collect

• Account information such as email address, username, display name, profile photo, bio, authentication identifiers, and account settings.
• Music activity such as listens, ratings, reviews, likes, comments, lists, want-to-listen entries, follows, profile stats, and privacy choices for diary entries.
• Import data from connected services, including Last.fm usernames and recent tracks, Spotify account identifiers, OAuth tokens, recently played tracks, and uploaded Spotify listening history exports.
• Technical data such as IP address, device and browser information, log data, cookies, local storage, performance events, and security events.
• Support and contact data such as messages, partnership requests, blogger applications, legal requests, and moderation reports.

How we use information

• Provide and personalize the ListenDex service, including profiles, music pages, reviews, lists, notifications, search, imports, and social feeds.
• Maintain authentication, security, abuse prevention, moderation, debugging, analytics, and service reliability.
• Cache music metadata and artwork so ListenDex can load quickly and avoid unnecessary calls to Spotify, Last.fm, MusicBrainz, and Cover Art Archive.
• Communicate about account issues, support, legal requests, creator programs, policy changes, and product updates.
• Operate monetization through ListenDex Plus and Studio subscriptions, contextual or personalized advertising choices, paid-user ad suppression, possible affiliate programs, and aggregate business metrics.

Service providers and third parties

ListenDex uses third-party services to operate the app. Their processing is governed by their own agreements and policies.

• Clerk provides authentication, account management, sessions, and related security features.
• Neon stores ListenDex application data in Postgres, including account-linked music diary and social data.
• Vercel hosts and serves the web application, logs, serverless functions, and related infrastructure.
• Spotify provides music metadata, artwork, and import/connect features where users authorize access.
• Last.fm provides music metadata and scrobble import features where users provide a Last.fm username.
• MusicBrainz and Cover Art Archive may provide open music metadata and artwork fallbacks.
• Google AdSense or another ad partner may serve ads to free users after ads are enabled.
• Stripe processes paid subscriptions and subscription management for web purchases.

Cookies, ads, and analytics

• ListenDex and its providers may use cookies, local storage, IP addresses, web beacons, or similar identifiers for login, security, preferences, analytics, and advertising.
• If Google-served ads are enabled, third-party vendors including Google may use cookies, web beacons, IP addresses, device information, and similar identifiers to serve ads, measure ad performance, limit repeat ads, detect fraud, and enforce ad policies.
• Unknown ad preferences default to non-personalized ads. Free users can choose Personalized ads or Non-personalized ads from the consent banner or privacy settings.
• Personalized ads are opt-in. Non-personalized ads may still use limited cookies or identifiers for delivery, reporting, fraud prevention, and frequency controls.
• Paid Plus and Studio users should not load ListenDex ad scripts or ListenDex ad slots while their paid entitlement is active.
• Users can manage Google ad personalization through Google Ads Settings and may also use applicable industry opt-out tools such as YourAdChoices or the Network Advertising Initiative opt-out page where available.
• For visitors in the EEA, UK, and Switzerland, ListenDex will use Google's certified CMP or Privacy & messaging flow before personalized Google ads are served there.
• ListenDex will add applicable US state privacy and opt-out handling before using ad targeting or data practices that require those controls.

Revenue, creator credit, and affiliate programs

• ListenDex gets paid through subscriptions, ads, and possible affiliate programs.
• Users do not receive payment, ad revenue share, subscription revenue share, royalties, or other compensation unless a separate written affiliate or creator program agreement says so.
• Creator credit or Byline credit is attribution only. It is not compensation, sponsorship, endorsement, promoted placement, or a claim that the credited user is paid by ListenDex.

Public content and privacy controls

• Public profiles, public reviews, public lists, ratings, likes, follows, and comments may be visible to other users and search engines.
• Private diary entries are intended to be hidden from public views, but users should not place sensitive personal data in reviews, comments, bios, or lists.
• Users can set new diary entries to private by default in privacy settings and can update individual entries where controls are available.

Data deletion and account requests

• Users can request account deletion, export help, correction, or privacy support at privacy@listendex.app.
• ListenDex will delete or de-identify account-linked application data where required, subject to lawful retention, security, fraud-prevention, accounting, and dispute obligations.
• Disconnecting Spotify or Last.fm stops future imports but may not automatically remove music activity that was already imported or logged.

Children and sensitive data

• ListenDex is not intended for children under 13 or for users below the minimum age required by local law.
• ListenDex does not ask users to provide sensitive personal data in reviews, lists, bios, comments, or support requests.

Changes

ListenDex may update this policy as the product, providers, monetization, and legal requirements change.