# Earshot Privacy Policy
**Last Updated:** November 2025
**Effective Date:** November 2025
## 1. Introduction
Earshot ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our App.
## 2. Information We Collect
### 2.1 Information You Provide
**Account Information**
- Display name
- Phone number (optional)
- Device identifier (automatically assigned)
**Music Service Connections**
- Spotify: We receive your Spotify account information and recently played track history
- Apple Music: We receive your Apple Music library and recently played track history
**Location Data**
- Your device's precise GPS location (latitude and longitude)
- Only collected when you grant location permission and the app is active
### 2.2 Information Collected Automatically
**Music Listening Data**
- Songs you play on Spotify or Apple Music
- Playback timestamps
- Artist and album information
- Canonical song IDs for cross-platform matching
**Device Information**
- Unique device identifier
- Device model and operating system version
- App version and crash logs
## 3. How We Use Your Information
### 3.1 Primary Uses
- **Music Discovery**: Display nearby music activity and enable social music features
- **Service Operation**: Create and maintain your account, sync music across devices
- **Deduplication**: Prevent duplicate entries and ensure accurate listening history
- **Analytics**: Understand how users interact with the app to improve features
### 3.2 Monetization
- **Advertising**: Serve personalized ads based on your consent and engagement
- **Revenue**: Generate revenue through ad impressions and user interactions
### 3.3 Compliance
- **Legal Obligations**: Comply with laws, regulations, and legal requests
- **Platform Requirements**: Meet Spotify, Apple Music, and App Store requirements
## 4. Information Sharing & Disclosure
### 4.1 We Do NOT Share With Third Parties
- Your personal listening history is never sold or shared with marketers
- Your exact location is never shared with other users
- Your Spotify or Apple Music credentials are never shared
### 4.2 Information We Share
**With Music Services**
- Your authorization grants Earshot access to your Spotify and Apple Music accounts
- We use their APIs to retrieve your music data (they maintain separate privacy policies)
**With Google AdMob**
- Ad impressions and interactions
- Your IDFA (if you authorize tracking)
- Your approximate location (for geo-targeted ads)
- Age, gender, and interests (if provided)
**With Our Backend (Supabase)**
- Listening events (song name, artist, timestamp, location)
- User profile data (display name, device ID)
- Posts and friend connections
- All data encrypted in transit and stored securely
**Legal Requirements**
- Law enforcement requests (with legal process when possible)
- Court orders and subpoenas
- Safety emergencies
### 4.3 Data Retention
| Data Type | Retention Period |
|-----------|------------------|
| Listening Events | Indefinite (until user deletion request) |
| User Profile | Indefinite (until account deletion) |
| Ad Analytics | 90 days |
| App Crash Logs | 30 days |
| Device Location | Real-time only (not stored) |
## 5. Your Privacy Rights
### 5.1 Access & Portability
You have the right to request a copy of the personal data we hold about you.
### 5.2 Correction
You can update your display name and profile information at any time in Settings.
### 5.3 Deletion
You have the right to request deletion of your account and all associated data.
**To request deletion**: Email support with your device ID or phone number.
### 5.4 Opt-Out
**Location Tracking**
- Go to Settings → Location → Earshot → "While Using"
- Or disable location in iOS Settings
**Ad Tracking (ATT)**
- iOS: Settings → Privacy → Tracking
- You can revoke ATT consent at any time
**Push Notifications**
- Go to Settings → Notifications → Earshot → Off
## 6. Compliance
### 6.1 GDPR (European Users)
If you are located in the EU, you have additional rights under GDPR:
- Right to access, rectification, erasure, and portability
- Right to object to processing
- Right to restrict processing
- Right to file a complaint with your local data protection authority
**Our Legal Basis**: Legitimate interest in providing music discovery services
### 6.2 CCPA (California Users)
If you are a California resident, you have rights under CCPA:
- Right to know what personal information is collected
- Right to know whether your information is sold or disclosed
- Right to delete information
- Right to opt-out of the sale or sharing of information
**We do NOT sell your personal information.**
### 6.3 App Tracking Transparency (ATT)
- We request your permission before tracking across other apps and websites
- You can change your preference in iOS Settings → Privacy → Tracking
- Ads may be less personalized if you do not authorize tracking
## 7. Data Security
### 7.1 Security Measures
- All data transmitted to our servers is encrypted (TLS/SSL)
- Passwords and sensitive tokens are hashed and salted
- Database encryption at rest
- Regular security audits and updates
### 7.2 What We Can't Guarantee
- No method of internet transmission or storage is 100% secure
- Compromised devices can expose locally stored data
- We cannot guarantee protection against sophisticated cyber attacks
## 8. Third-Party Services
### 8.1 Spotify
- Privacy Policy: https://www.spotify.com/us/legal/privacy-policy/
- We access your Spotify account with OAuth 2.0 (no password stored)
### 8.2 Apple Music & MusicKit
- Privacy Policy: https://www.apple.com/privacy/
- We use MusicKit for authorized access to your library
### 8.3 Google AdMob
- Privacy Policy: https://policies.google.com/privacy
- Analytics: https://policies.google.com/analytics
- They may collect data across multiple apps
### 8.4 Supabase
- Privacy Policy: https://supabase.com/privacy
- We use Supabase as our database backend
## 9. Children's Privacy
Earshot is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.
**EU Users**: If you are under 16, you need parental consent to use this app.
## 10. Data Retention & Deletion
### 10.1 Automatic Deletion
- Device location data is not permanently stored
- Crash logs are deleted after 30 days
- Ad analytics are deleted after 90 days
### 10.2 Manual Deletion
You can delete your account and all associated data by:
1. Opening the app
2. Going to Settings → Account → Delete Account
3. Confirming the deletion request
**Note**: Once deleted, we cannot recover your data.
## 11. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
**Email**: room20.contact@gmail.com
## 12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy in the app or sending you an email.
**Your continued use of the app after changes constitutes your acceptance of the updated Privacy Policy.**
## 13. Additional Information
### 13.1 Advertising
- We use Google AdMob to serve ads
- Ads may be personalized based on your interests and location
- You can opt-out of personalized ads in your Google settings
- You can request a refund if ads are inappropriate
### 13.2 Analytics
We use anonymous analytics to understand user behavior:
- Session duration
- Feature usage
- Crash reports
- App performance metrics
**No personally identifiable information is included in analytics.**
### 13.3 California Consumer Privacy Act (CCPA) Notice
**Data We Collect:**
- Personal identifiers (name, phone, device ID)
- Audio, electronic, or similar information (music listening data)
- Geolocation data
- Internet activity (app usage, ad interactions)
- Inferences drawn (music preferences, listening patterns)
**Your Rights:**
- Right to know: Request what data we collect
- Right to delete: Request deletion of your data
- Right to opt-out: Opt-out of data "sales" or "sharing"
- Right to non-discrimination: No price difference for exercising rights
**To exercise rights**: Email room20@gmail.com with your request