Privacy Policy

We collect the minimum information needed to run Playlist Panda, including:

• Account details like name, email, role, and encrypted password hash
• Profile details you provide, such as bios, genres, and playlist/artist links
• Submission and review data, including messages, feedback, and status history
• Support messages submitted through our contact form
• Billing metadata from Stripe (for example customer, subscription, and invoice IDs)
• Public Spotify metadata we fetch for verification and matching flows

We use the information we collect to:

• Create and manage your account, profile, and access permissions
• Run core platform flows between artists and curators
• Process subscription and credit purchases
• Send operational emails (for example review updates, billing updates, and support replies)
• Detect abuse, investigate fraud, and enforce platform safety rules
• Improve reliability and user experience through diagnostics and analytics

Payments are processed by Stripe. We do not store your full card number or CVC on our servers.

• Stripe handles card collection, processing, and payment method storage
• We store billing-related records such as subscription status, invoices, and transaction history
• Billing events can trigger account updates (for example credit allocation, refunds, or subscription status changes)

We use cookies and token-based sessions to keep the app secure and functional.

• Authentication uses secure, httpOnly session cookies
• A limited referral cookie may be stored for referral attribution (30-day expiry)
• Security settings (such as `sameSite` and `secure` in production) are used to reduce abuse risk

We record operational analytics to monitor health, debug issues, and improve reliability.

• Examples include event metadata like route paths, timestamps, environment hints, and user-agent strings
• Navigation telemetry may include technical debugging context when navigation issues occur
• We may use advertising/measurement pixels (including Meta Pixel) for conversion and campaign performance tracking
• We do not sell analytics data to third parties

We do not sell your personal information. We share data only when needed to operate the service:

• With curators when you submit to their playlists
• With service providers that support infrastructure, payments, and email delivery
• To comply with legal obligations
• To protect our rights and prevent fraud

We rely on vetted third-party providers to operate core platform functionality.

• Neon for managed Postgres database hosting
• Vercel for application hosting and deployment infrastructure
• Stripe for payment processing and subscription billing
• Resend for transactional email delivery
• Sentry for error monitoring and exception diagnostics
• Meta Pixel for campaign conversion measurement
• Google OAuth (optional) for account sign-in
• Spotify public endpoints and APIs for playlist/artist metadata retrieval

We use technical and operational safeguards to protect account data, including hashed passwords, authenticated access controls, and input validation/rate limiting on sensitive endpoints. No method of storage or transmission is 100% secure, but we continuously improve protections.

We keep personal data for as long as needed to provide the service, maintain required records, resolve disputes, and enforce agreements.

• Account and profile data are retained while your account remains active
• Support messages, billing records, and audit-relevant logs may be retained for operational and legal needs
• If you request account deletion, we remove or anonymize data where feasible, subject to legitimate retention obligations
• Our infrastructure providers may process and store data in multiple regions

Playlist Panda is intended for users who are at least 18 years old. We do not knowingly collect personal information from individuals under 18. If you believe someone under 18 has provided personal information, contact us and we will investigate and remove the data where appropriate.

You can:

• Update profile details from your account settings
• Request help or data updates by contacting support
• Delete your account from within the app (where available)
• Request account-related information by contacting support
• Ask questions about your data at any time

We may update this Privacy Policy as the product evolves. When we make material changes, we will update the effective date on this page.

If you have questions about this Privacy Policy, contact us at support@playlistpanda.com