Privacy Policy

Last updated: May 6, 2025

1. Who We Are (Data Controller)

Dailyst! ("we", "us", or "our") operates the Dailyst! web application. We act as an independent data controller for Spotify Personal Data that we process through our service.

Contact information:

Email: [email protected]
Address: Calle Padilla 17, 28006 Madrid, Spain

2. Data We Collect

We collect and process the following information when you use our service:

  • Spotify Account Information: When you connect your Spotify account, we collect your Spotify user ID, display name, email address (if available), and country (for timezone purposes).
  • Spotify Authentication Tokens: We store OAuth access and refresh tokens to maintain your connection with Spotify. DB and connections are SSL encrypted.
  • Spotify Content Data: We access your saved tracks, top tracks, playlists, and listening history to provide personalized recommendations. We do not store any of this info, nor use it out of the app.
  • Usage Data: Information about how you interact with our service, including pages visited, features used, and time spent on the application.
  • Device Information: Browser type, IP address, device type, and operating system.

3. How & Why We Use Data

We use your personal data for the following purposes:

  • Providing the Service: To create and manage your account, connect with Spotify, and deliver the core functionality of our application.
  • Personalization: To create personalized music recommendations and playlists based on your preferences and listening history.
  • Service Improvement: To analyze usage patterns, troubleshoot technical issues, and enhance our features.
  • Communication: To respond to your inquiries, provide support, and send service-related notifications.
  • Security: To protect our service and users from fraud, abuse, and unauthorized access.

4. Cookies & Similar Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.

We use the following types of cookies:

  • Essential Cookies: Necessary for the functioning of our website and cannot be switched off.
  • Functional Cookies: Enable personalized features and remember your preferences.
  • Analytics Cookies: Help us understand how visitors interact with our website.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

5. Sharing With Third Parties

We may share your personal information with the following categories of third parties:

  • Service Providers: Companies that provide services on our behalf, such as hosting (Railway), authentication (Clerk), and analytics.
  • Spotify: We interact with Spotify's API to access and modify your Spotify data with your permission.
  • Analytics Partners: We use analytics services to help us understand how users engage with our service.
  • Legal Requirements: We may disclose your information if required by law or to protect our rights or the safety of others.

We do not sell your personal data to third parties.

6. International Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK International Data Transfer Agreement (IDTA).

7. Data Retention & Security

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

If you disconnect your Spotify account or delete your Dailyst! account, we will delete your Spotify tokens and personal data within 30 days.

We implement appropriate security measures to protect your personal data, including:

  • Encrypting Spotify tokens using AES-256 encryption
  • Using HTTPS/TLS for all data transmission
  • Implementing access controls and authentication mechanisms
  • Regular security assessments and updates
  • Periodic key rotation for sensitive data

8. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Access: The right to request copies of your personal data.
  • Rectification: The right to request that we correct inaccurate or incomplete information.
  • Erasure: The right to request that we delete your personal data.
  • Restriction: The right to request that we restrict the processing of your personal data.
  • Data Portability: The right to request that we transfer your data to another organization or directly to you.
  • Objection: The right to object to our processing of your personal data.
  • Do Not Sell/Share: For California residents, the right to opt out of the sale or sharing of your personal information.

To exercise any of these rights, please contact us using the contact information provided in this policy.

9. How to Disconnect Spotify / Delete Data

You can disconnect your Spotify account and delete your data at any time by:

  1. Logging into your Dailyst! account
  2. Navigating to your Profile page
  3. Clicking on the "Disconnect Spotify" button

Alternatively, you can request complete account deletion by emailing us at [email protected] with the subject line "Data Deletion Request".

10. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]
Address: Via Univérsitas 8 12D, Zaragoza, Spain, 50009

11. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this page.

We will also notify you through a prominent notice on our service before the change becomes effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes.