Privacy Policy

Last updated: April 2026

What this app does

wrap_spotify (hosted at music.flexwarp.com) is a personal music dashboard that connects to your Spotify account to display your listening history, playlists, and playback controls. Access is limited to authorized users.

Data we collect

• Spotify profile: your display name, email, and Spotify user ID (used to identify your account).
• Listening history: recently played tracks are polled every 15 minutes via the Spotify API and stored locally to compute play counts and listening statistics.
• Liked songs & followed artists: cached locally from Spotify to speed up page loads.
• OAuth tokens: your Spotify refresh token is encrypted (AES-256-GCM) and stored in a Postgres database on our server. It is never exposed in logs, client code, or transmitted to third parties.

How data is stored

All data is stored on a DigitalOcean server (Ubuntu 24.04) with encrypted-at-rest storage. The database (PostgreSQL) runs inside a Docker container and is only accessible from localhost. No data is shared with third parties, analytics services, or advertising networks.

Third-party services

• Spotify Web API: used to fetch your listening data, control playback, and manage playlists. Subject to Spotify's Privacy Policy.
• Cloudflare: DNS and TLS termination. Subject to Cloudflare's Privacy Policy.

Your rights

You can revoke access at any time from your Spotify account settings. This will invalidate the stored refresh token and prevent further data collection. You can also request deletion of all stored data by contacting the site owner.

Contact

This is a personal project by Eishem Naik. For questions about data handling, contact via flexwarp.com.