🎵 VibeLink Privacy Policy

Last updated: January 15, 2026

VibeLink ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

📱 Information We Collect

Information You Provide

• Music Links: URLs you paste for conversion (processed temporarily, not stored permanently)
• Optional Account Information: Email address if you choose to create an account for backup and sync
• Payment Information: Processed securely by Apple App Store or Google Play Store (we don't store payment details)

Information Automatically Collected

• Device Identifier: Anonymous ID to track premium status and daily usage limits
• User Identifier: Anonymous UUID for account persistence across devices
• Conversion History: Links you've converted (stored locally on device and optionally synced to cloud for backup)
• Streak Data: Your daily conversion streak and milestone achievements
• App Usage: Which features you use to improve our service
• Technical Data: Device type, OS version, app version for troubleshooting
• Push Notification Tokens: To send you optional notifications about streak reminders

🔐 How We Use Your Information

• Convert music links between platforms using official APIs
• Manage premium subscriptions and daily credit limits
• Track conversion streaks and reward milestones
• Sync your conversion history across devices (if logged in)
• Send optional push notifications about streak reminders
• Provide customer support when you contact us
• Improve app performance and fix bugs
• Prevent fraud and ensure security

🍪 Cookies and Device Data

When you use VibeLink's integration with YouTube and other music services, we may store, access, and collect information on your device, including:

• Authentication Tokens: OAuth tokens for Spotify and YouTube, and Music-User-Token for Apple Music are stored securely in our database to enable playlist creation features
• Local Storage: Conversion history, preferences, and app settings are cached locally on your device
• Device Information: We collect device type, operating system version, and app version for troubleshooting and compatibility purposes
• Session Data: Temporary session information to maintain your app state and preferences during use

You can control token storage by disconnecting services in the app settings or deleting your account entirely.

🤝 Third-Party Services

VibeLink uses YouTube API Services to provide YouTube music link conversion features.

VibeLink integrates with these services to function:

• Spotify Web API: To search and identify music tracks
• YouTube Data API: To find corresponding YouTube videos
• Apple Music API: To search Apple Music catalog
• Apple App Store / Google Play Store: For secure in-app purchase processing
• Firebase Cloud Messaging: For optional push notifications
• Google Sign-In (Optional): For account creation and authentication

Important: We only access public music metadata (song titles, artists, albums). We do not access your personal playlists, listening history, or private data from these services unless you explicitly grant permission for playlist creation features.

When you use these third-party services through VibeLink, their respective privacy policies also apply:

• Google Privacy Policy: http://www.google.com/policies/privacy
• Spotify Privacy Policy: https://www.spotify.com/legal/privacy-policy/
• Apple Privacy Policy: https://www.apple.com/legal/privacy/

🔑 Token Storage & Authentication Management

For premium users who opt-in to personal playlist creation features, we store authentication tokens to maintain your connection with music services:

• What Tokens We Store:
  • Spotify: OAuth access token + refresh token
  • YouTube: OAuth access token + refresh token
  • Apple Music: Music-User-Token (provided by Apple's MusicKit)
• Where Tokens Are Stored: Securely stored in our encrypted PostgreSQL database on Railway.app servers
• Why We Store Them: To create playlists on your behalf when you convert music links, without requiring you to re-authenticate each time
• Token Security: Tokens are encrypted at rest and transmitted over HTTPS only. Access is restricted to authorized app functions
• Token Expiration & Refresh:
  • Spotify: Access tokens expire after 1 hour and are automatically refreshed using stored refresh tokens
  • YouTube: Access tokens expire after 1 hour and are automatically refreshed using stored refresh tokens
  • Apple Music: Music-User-Tokens are generated client-side by Apple's MusicKit SDK, then securely stored on our servers and reused for playlist creation until you disconnect or re-authorize Apple Music
• How to Revoke Access:
  • Spotify: Visit spotify.com/account/apps and remove "VibeLink"
  • YouTube/Google: You can revoke VibeLink's access to your Google account data via the Google security settings page or at myaccount.google.com/permissions
  • Apple Music: Revocation is managed through your device's MusicKit permissions
• Account Deletion: All stored tokens (Spotify OAuth, YouTube OAuth, and Apple Music-User-Token) are permanently deleted when you delete your account in Settings → Danger Zone. For complete revocation, also remove VibeLink from your Spotify, Google/YouTube, and Apple Music account settings using the links above.

Note: Playlist creation is an optional premium feature. Basic music link conversion works without any OAuth authentication or stored tokens.

📊 Data Storage and Security

• Music Links: Processed in real-time and optionally stored in your conversion history
• Conversion History: Stored locally on your device and optionally synced to our secure servers
• User Preferences: Stored locally on your device
• Premium Status: Stored securely on our servers and verified with App Store/Play Store receipts
• Streak Data: Stored locally and synced to our servers to prevent loss
• Payment Data: Handled exclusively by Apple/Google, never stored by us
• Account Data: Stored securely with industry-standard encryption

🚫 What We Don't Do

• ❌ We don't sell or rent your personal information
• ❌ We don't access your music libraries or playlists without explicit permission
• ❌ We don't store or download copyrighted music content
• ❌ We don't track your listening habits
• ❌ We don't share your data with advertisers or third-party marketers
• ❌ Account creation is optional - you can use the app anonymously

👶 Children's Privacy

VibeLink is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it immediately.

🌍 Your Rights

• Access: Request information about data we have about you
• Deletion: Request deletion of your account and all associated data
• Portability: Export your conversion history and account data
• Opt-out: Disable push notifications and cloud sync at any time
• Privacy: Contact us with privacy concerns
• Complete Removal: Opt out of all data collection by deleting the app

🔄 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

📧 Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@getvibelink.com
• Instagram: @getvibelink
• App: Use the "Contact Support" feature in VibeLink