Overview

Songstamp ("the App") is developed and operated by Kerem Uslular ("we," "us," "our"). This policy explains what data we collect, why, how it is stored, and your rights regarding that data. We are committed to transparency and minimal data collection.

1. Data Stored Locally on Your Device

The following data is stored exclusively on your device and is never transmitted to our servers:

• Personal notes attached to journal entries
• App preferences and settings (notification preferences, music source, theme)
• Onboarding and subscription state

Your notes are never uploaded to any server, shared with other users, or included in social features. They remain exclusively on your device.

2. Data Stored on Our Servers

When you sign in with Apple and use social features, the following data is stored on our servers (Google Cloud / Firebase, eur3 region):

• Profile information: Display name, unique handle, account creation date, privacy setting (public/private)
• Daily song picks: Song title, artist name, album name, album artwork URL, mood emoji, pick date, and links to Apple Music and Spotify
• Social connections: Who you follow, who follows you, and pending follow requests
• Device token: Firebase Cloud Messaging (FCM) token for delivering push notifications
• User reports: If you report another user, the report reason and both user IDs

The following is never stored on our servers:

• Your personal notes on entries
• Your email address
• Your Apple ID credentials or password
• Payment or billing information
• Precise location data
• Contacts, photos, or any other device data

3. Data Visible to Other Users

Depending on your privacy settings, the following may be visible to other Songstamp users:

• Public accounts: Display name, handle, daily song picks (title, artist, mood, date), follower/following counts
• Private accounts: Only your display name and handle are visible. Song picks and follower lists are visible only to approved followers

Your personal notes, email address, and Apple ID are never visible to other users under any circumstances.

4. Authentication

Songstamp uses Sign in with Apple via Firebase Authentication. We receive only a unique, anonymous user identifier and, optionally, a name you choose to share. We do not have access to your Apple ID password, email (Apple's relay hides it), or payment information. Sign-in is optional — all journal features work without an account.

5. Privacy Controls

You have full control over your social presence:

• Private Account: Require approval before anyone can see your picks or follow you
• Block Users: Blocked users cannot view your profile, see your picks, or interact with you
• Report Users: Report inappropriate usernames or behavior. Reports are reviewed manually
• Optional Sign-In: Use the full journal, calendar, stats, and playlist features without ever creating an account

6. Music Services

Songstamp integrates with Apple Music (via MusicKit) for song search and playlist creation. When you create a playlist, songs are added directly to your Apple Music library using Apple's API — we act only as an intermediary and do not store your Apple Music credentials or listening history.

Song metadata (title, artist, album art URL) from search results is used solely to display information within the app. We store only references to songs you explicitly pick.

Spotify integration for search is available. Full Spotify playlist creation is planned for a future update.

7. Push Notifications

If you grant notification permission, we store a device token (FCM token) to deliver push notifications for social events (new followers, accepted follow requests). This token is:

• Stored only while you are signed in
• Removed from our servers when you sign out or delete your account
• Not used for marketing, advertising, or any purpose other than delivering the notifications you expect

8. Analytics & Crash Reporting

We use Firebase Analytics and Firebase Crashlytics (provided by Google) to understand aggregate usage patterns and diagnose crashes. This data is:

• Anonymized and aggregated — not linked to your identity
• Used solely to improve app quality and stability
• Subject to Google's Privacy Policy

We also use Firebase Remote Config to manage feature flags (e.g., enabling or disabling music providers). No personal data is transmitted for this purpose.

9. Subscriptions & Payments

Songstamp Pro subscriptions are managed through Apple's App Store and RevenueCat. We do not collect, process, or store any payment information. All billing is handled by Apple. RevenueCat receives an anonymous app user ID to manage entitlements — subject to RevenueCat's Privacy Policy.

10. Data Retention & Deletion

You have full control over your data:

• Delete individual entries from Journal or Calendar at any time
• Export all data as JSON, CSV, or PDF before deletion
• Delete your account from Profile → Account → Delete Account. This permanently removes your profile, all published picks, social connections, and FCM token from our servers
• Uninstall the app to remove all local data from your device

When you delete your account, all server-side data is permanently and irreversibly removed. Local journal entries (including notes) remain on your device until you delete them or uninstall the app.

User reports may be retained for up to 90 days after account deletion for safety purposes.

11. Third-Party Services

Songstamp uses the following third-party services, each governed by their own privacy policies:

• Firebase (Google) — Authentication, Firestore database, Analytics, Crashlytics, Remote Config, Cloud Messaging, Cloud Functions — Privacy Policy
• RevenueCat — Subscription management — Privacy Policy
• Apple — Sign in with Apple, MusicKit, App Store payments — Privacy Policy

12. Children's Privacy

Songstamp is not directed at children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will promptly delete it.

13. International Data Transfers

Our servers are located in the EU (eur3) region via Google Cloud / Firebase. If you access Songstamp from outside the EU, your data may be transferred to and processed in the EU. By using the App, you consent to this transfer.

14. Changes to This Policy

We may update this policy to reflect new features or legal requirements. Material changes will be communicated through the App. The "Effective" date at the top indicates the latest revision. Continued use of Songstamp after changes constitutes acceptance of the updated policy.