StreamToShelf

Privacy & Cookie Policy

What We Collect

When you use our “Leaving Spotify?” feature, we temporarily access your Spotify listening history to display your all-time top tracks. We request the user-top-read scope from Spotify.

This allows us to show you:

  • Your most-listened tracks (all-time)
  • Albums associated with those tracks
  • A calculation of how your subscription compares to buying those albums

How We Store Data

We do NOT store your Spotify data in any database. Your authentication session is stored in an encrypted cookie in your browser for 1 hour. When you log out or the session expires, all data is deleted.

Technical details:

  • Session cookies are encrypted using industry-standard encryption
  • Cookies are httpOnly (JavaScript cannot access them)
  • Cookies are set to secure mode in production (HTTPS only)
  • Session lifetime: 1 hour maximum

Cookies We Use

Cookie NamePurposeDuration
spotify_sessionStrictly necessary authentication cookie (httpOnly, encrypted). Used to maintain your login session.1 hour

We only use cookies essential for authentication. No tracking or analytics cookies are used on the Leaving Spotify? feature.

Third-Party Services

We use the Spotify Web API to fetch your top tracks. Your data is processed in accordance with Spotify's Privacy Policy.

We do not share your data with any other third parties.

Your Rights

You have the following rights regarding your data:

  • Revoke Access: You can log out at any time, which deletes your session cookie immediately.
  • Manage Spotify Permissions: Visit your Spotify app permissions to revoke StreamToShelf's access to your account.
  • Data Deletion: Since we don't store your data, there's nothing to delete. Logging out or closing your browser clears everything.

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR):

  • Lawful basis: Your explicit consent when you click “Login with Spotify”
  • Data minimization: We only request the minimum scope needed (user-top-read)
  • Storage limitation: Data is deleted after 1 hour or when you log out
  • Right to erasure: Automatically fulfilled when you log out

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page. We encourage you to review this policy periodically.

Contact

If you have questions about this privacy policy or how we handle your data, please visit our homepage.

Back to Leaving Spotify?