Festify

1. Data Collection

We collect the following types of data when you use Festify:

• OAuth Tokens: When you authenticate with Spotify, we receive and temporarily store OAuth access tokens and refresh tokens in server-side sessions. These tokens allow us to create playlists in your Spotify account on your behalf.
• Session Data: We use server-side sessions to store your Spotify authentication tokens. Session data is stored temporarily and is cleared when you log out or when your session expires.
• API Usage Data: We may log API requests to external services (Spotify, Setlist.fm) for debugging and service improvement purposes. This includes request timestamps and response status codes, but does not include personal information.

We do not collect personal information such as your name, email address, or location unless you explicitly provide it to us.

2. Data Usage

We use the collected data for the following purposes:

• Playlist Creation: We use your Spotify OAuth tokens to create playlists in your Spotify account based on your selections.
• Setlist and Festival Data Display: We use Setlist.fm API data to display setlist information and festival lineups. This data is fetched on-demand and displayed to help you create playlists.
• Authentication: We use session data to maintain your authentication state with Spotify, allowing you to create playlists without re-authenticating for each action.
• Service Improvement: We may use aggregated, anonymized API usage data to improve our service performance and reliability.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

Festify integrates with the following third-party services:

• Spotify: We use Spotify's OAuth 2.0 authentication and Web API to authenticate users and create playlists. When you authenticate with Spotify, you grant us permission to create playlists in your account. Spotify's privacy policy applies to your use of their services: Spotify Privacy Policy
• Setlist.fm: We use the Setlist.fm API to fetch setlist and artist information. Setlist.fm's terms of use apply: Setlist.fm Terms of Service
• Skiddle: We may integrate with Skiddle API in the future to fetch event information. When integrated, Skiddle's terms of use will apply.

These third-party services have their own privacy policies and terms of service. We encourage you to review them to understand how they handle your data.

4. Data Retention

We retain your data only for as long as necessary to provide our services:

• Session Data: OAuth tokens and session data are stored only during your active session. When you log out or when your session expires (typically after a period of inactivity), all session data is automatically cleared.
• No Persistent Storage: We do not maintain a database or persistent storage of your personal information. All data is stored in temporary server-side sessions that are cleared when the session ends.
• API Logs: Any API usage logs are retained only for debugging purposes and are automatically purged after a short period.

You can clear your session data at any time by logging out of Spotify or closing your browser session.

5. Cookies

We use cookies and similar technologies for the following purposes:

• Session Cookies: We use server-side session cookies to maintain your authentication state with Spotify. These cookies are essential for the service to function and are automatically deleted when you close your browser or log out.
• No Tracking Cookies: We do not use tracking cookies, advertising cookies, or analytics cookies that track your behavior across websites.

You can control cookies through your browser settings. However, disabling session cookies may prevent the service from functioning properly.

6. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Email: sasson.mansoori@gmail.com

We will respond to your inquiry within a reasonable timeframe.

7. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.