Privacy policy

Last updated 2026-05-14

What we store

When you connect Spotify to Mixtify, we store the following in our Postgres database on Railway:

• Spotify display name and email — collected via the user-read-email OAuth scope to identify your account.
• Spotify user ID, your OAuth accessToken, and refreshToken — the refresh token is encrypted at rest with AES-256-GCM (with a keyVersion prefix byte for future key rotation). The accessToken, accessTokenExpiresAt, and granted scope are also stored.
• Mix recipes — each mix you generate is saved as a recipe row containing: mix ID, name, shuffle mode, source playlist IDs, destination Spotify playlist ID, track count, and timestamps (created/updated).
• Ad-credit ledger rows — a record of ad-credit grants and consumptions used to gate mix generation.

What we don't store

• Audio files — Mixtify never streams or downloads audio. We only read playlist metadata and write playlist items.
• Listening history — we do not record your listening history beyond what appears in your saved mix recipe rows.
• Cookies — Mixtify is bearer-token only — no cookies set on mixtify.app. Your session token is stored in memory and in localStorage; no Set-Cookie headers are sent.
• Third-party analytics — no PostHog, Google Analytics, or Mixpanel in v1. No tracking pixels or session recording.

Spotify access

Mixtify requests the following six OAuth scopes when you connect:

• user-read-email — reads your Spotify email and display name to identify your account.
• user-read-private — reads your Spotify subscription level (free/premium) so we can confirm your account can create playlists.
• playlist-read-private — lists your private playlists in the source-playlist picker.
• playlist-read-collaborative — includes collaborative playlists you have access to in the picker.
• playlist-modify-private — creates the generated mix as a private playlist in your Spotify library (default).
• playlist-modify-public — creates the mix as a public playlist if you opt in at generation time.

We do not request scopes for streaming, listening history, or any data beyond what is listed above.

Where data lives

• Postgres — hosted on Railway (EU region; confirmed at first production deploy in plan 12). All data is encrypted in transit via TLS.
• Refresh tokens — encrypted using AES-256-GCM envelope encryption before being stored. The encryption key (KEK) is held in the TOKEN_KEK_V1 environment variable, never written to disk or exposed in logs.
• Static assets — served from Cloudflare Pages (CDN edge), which holds no personal data.

Deleting your data

Visit /account and click Delete my Mixtify account and data. Confirming this action:

• Permanently deletes your user record, account, session, and verification rows.
• Deletes all mix recipes and ad-credit ledger rows associated with your account.
• Does not delete Spotify playlists that Mixtify already created — those remain in your Spotify library. Mixtify does not own them, and removing them from Spotify is outside our scope.

After deletion your account cannot be recovered.

Contact

Questions about this privacy policy? Email us at [email protected].