**Last updated:** April 27, 2026
DJ.ME ("we", "our", "the App") is a collaborative music-listening application that lets you create private rooms where guests can request and listen to music together. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.
By installing or using DJ.ME you agree to this Policy. If you don't agree, please don't use the App.
1. Who we are
DJ.ME is operated by an independent developer (the "Operator"). For privacy questions or data-deletion requests, contact:
**Email:** [appstorecontact007@gmail.com]
2. What information we collect
DJ.ME is designed to collect as little personal information as possible. Specifically:
Information we collect automatically
| Data | Purpose | Where it's stored |
|---|---|---|
| **Device identifier** (Android Settings.Secure.ANDROID_ID, or a random UUID on devices that don't expose one) | To track your subscription and free-trial entitlement on this specific device | Our backend database |
| **Subscription metadata** (active plan, expiration date, an opaque hash of your Google Play purchase token) | To grant access to paid features and verify with Google Play | Our backend database |
| **Daily request count** (only when you're a free guest in a host's room) | To enforce the free-tier limit of 1 song-request per day | Our backend database |
| **Crash reports and error stacktraces** *(only when crash reporting is enabled — see Section 4)* | Diagnose bugs and improve stability | Sentry |
### Information you provide voluntarily
| Data | Purpose | Where it's stored |
|---|---|---|
| **DJ name / nickname** | Display you in the room to other participants | Our backend database (per-room only) |
| **Room code** you create or join | Routing your messages to the right room | Our backend database |
| **Song requests** (YouTube video IDs you queue) | Building the room's playback queue | Our backend database (per-room only) |
| **Banned-keywords list, room settings** *(hosts only)* | Configuring your room | Our backend database |
Information stored ONLY on your device
The following data is stored locally and **never sent to our servers**:
- **YouTube account cookies** if you sign in to YouTube within the App (BYOP "Bring Your Own Premium" feature). These remain in the device's secure cookie store and are used only by the embedded video player to authenticate to youtube.com.
- **YouTube Premium status** (a single flag: yes / no / unknown), determined by a one-shot probe of your YouTube account on this device.
- **Tokens** for re-joining rooms you've created (host_token / guest_token) — stored in Android Keystore / iOS Keychain.
### Information we do NOT collect
DJ.ME does not collect or process:
- Real names, email addresses, phone numbers, or postal addresses
- Photos, contacts, microphone, or camera data
- Precise or approximate location
- Calendar, SMS, or call history
- Device-level browsing history
- Files outside the App's own sandbox
---
## 3. Children
DJ.ME is **not directed at children under 13**. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, please contact us at the email above and we will delete it promptly.
For users between 13 and 17, parental consent is recommended where local law requires it. The App contains user-generated content (song-request titles entered by hosts and guests) that may not always be age-appropriate; hosts are responsible for moderating their own rooms.
---
## 4. Optional data collection (off by default)
### Crash reporting (Sentry)
If we have enabled crash reporting in this build, the App may send anonymous error stacktraces and a non-personal `release` tag (the App version) to **Sentry** when an error or crash occurs. Sentry receives **no IP address, no headers, and no cookies**. Sentry only sees the error itself and the code path that caused it.
You can verify whether crash reporting is active in this build by checking the Settings screen's "About" section.
### YouTube usage
The embedded video player loads videos from YouTube's mobile site (`m.youtube.com`). When this happens, **YouTube's own privacy policy applies** to the connection between your device and YouTube. We do not control or have access to that data. If you sign in to your YouTube account in DJ.ME (BYOP), YouTube treats it as a normal YouTube login.
YouTube's Privacy Policy: [https://policies.google.com/privacy](https://policies.google.com/privacy)
---
## 5. Who we share data with
We share data only with the third-party services strictly necessary to operate the App:
| Service | What's shared | Why |
|---|---|---|
| **Google Play Billing** | Your purchase request, plan ID, purchase token | Process subscription payments |
| **Google Cloud Run** (our hosting provider) | All of the data described in Section 2 | Run the backend |
| **Google Cloud / MongoDB Atlas** (our database) | All of the data described in Section 2 | Store the backend's data |
| **Sentry** (when active) | Anonymous crash stacktraces only | Error diagnosis |
| **YouTube** | YouTube video requests | Music playback |
We **do not sell** your data, share it with advertisers, or use it for advertising profiling.
---
## 6. Data retention
| Data | Retention period |
|---|---|
| Active room data (queue, settings, participants) | Until the host closes the room, or the room is automatically swept after 1-24 hours of inactivity (configurable by host) |
| Subscription / entitlement records (device_id + plan + expiry) | Indefinitely while the subscription is active or in the 30-day post-trial lockout window. Deleted on user request. |
| Crash reports (Sentry) | 30 days (Sentry's default retention for free tier) |
To request deletion of any data we hold about your device, see Section 8.
---
7. Security
- Data is transmitted between your device and our backend over **TLS** (HTTPS).
- Subscription purchase tokens are **hashed (SHA-256, truncated)** before being stored — we never persist the raw token.
- Backend secrets (Google Play API service-account key) are stored in **Google Cloud Secret Manager** with strict IAM access controls.
- We rotate sensitive credentials at minimum every 90 days.
No security system is perfect. If you discover a vulnerability, please responsibly disclose it to the contact email above.
---
## 8. Your rights
Depending on your jurisdiction, you may have one or more of the following rights:
- **Right to access**: Request a copy of the data we hold about your device.
- **Right to deletion**: Request deletion of all data tied to your `device_id`. This will end any active subscription on this device (you'll need to also cancel the subscription separately in Google Play to stop renewal).
- **Right to opt out** of optional data collection (crash reports — toggle in Settings if available).
- **Right to data portability**: Receive your data in a machine-readable format.
To exercise any of these rights, email the contact above with your device's `device_id`. You can find your `device_id` in the App's Settings → "About" section. We will respond within 30 days.
---
## 9. Changes to this policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the current version. Material changes will be announced in the App or by an update prompt on next launch. Continued use of the App after the effective date constitutes acceptance.
---
## 10. Contact
For any privacy-related question, complaint, or request:
**Email:** [appstorecontact007@gmail.com]
Thank you for using DJ.ME