Privacy Policy

Data Protection

Metadata Block

  • Effective Date: March 22, 2026
  • Last Updated: March 22, 2026
  • Governing Law Jurisdiction: Belgium
  • Key Legislation: General Data Protection Regulation (GDPR), ePrivacy Directive, EU Data Act

1. Data Controller

The operator of The Playlist, headquartered in Belgium, acts as the Data Controller responsible for processing your personal information. You may contact us regarding your privacy rights at: contact@the-playlist.app.

We are a Belgian entity responsible for deciding how your data is handled. Need help? Email us.

2. Information We Collect and Legal Bases (Art. 6 GDPR)

We collect only the information necessary to provide you with a global music discovery experience.

2.1. Account Information

  • Data Collected: Email address, username, Spotify link, profile picture.
  • Purpose: To create your account, manage authentication, and verify artist profiles.
  • Legal Basis: Performance of a Contract.

2.2. Platform Activity

  • Data Collected: Listening duration, individual interactions (votes, skips, blocks), comments, and outbound clicks.
  • Purpose: To operate our discovery algorithm, establish community rankings, and distribute virtual currency (Playpoints).
  • Legal Basis: Performance of a Contract.

2.3. Security and Technical Data

  • Data Collected: Obfuscated IP addresses, device identifiers, connection logs.
  • Purpose: To prevent automated fraud, enforce algorithmic integrity, and secure our infrastructure.
  • Legal Basis: Legitimate Interest.

3. Cookies and Tracking Technologies

We use cookies and local storage to keep you logged in and support essential platform features. Upon registration, by explicitly checking the consent box, you agree to the deployment of these technologies.

We limit external tracking strictly to the necessities of maintaining a functional and secure service.

We use cookies to make the app work and keep it secure. You accept this when you check the box at sign-up.

4. Data Storage and Third-Party Sharing

Your personal data is hosted entirely on secure servers physically located within the European Union (EU).

We do not sell your personal data to data brokers. We share data only with strictly vetted service providers necessary to operate the Platform, including:

  • Cloud Infrastructure Providers: For secure database management and user authentication.
  • Content Delivery Networks (CDNs): For the reliable hosting and high-speed distribution of audio files globally.
  • Email Service Providers: To deliver crucial notifications, such as inactivity alerts and account warnings.
Your data stays on European servers. We never sell it, and we only share it with the technical partners who keep the app running.

5. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you possess comprehensive rights regarding your data:

  • Right to Access and Portability: You may request a copy of the personal data we hold about you. Artists have the right to request a structured export of their generated statistics.
  • Right to Rectification: You can edit your profile information directly within the application.
  • Right to Erasure ("Right to be Forgotten"): You may request the permanent deletion of your account and associated personal data by contacting us.
  • Right to Object: You may object to the processing of your data based on legitimate interest, barring compelling security reasons.

6. Data Retention

Account data is retained as long as your account is active. To protect the integrity of the algorithm, historical listening data (the actions of voting or skipping) is anonymized and preserved indefinitely.

If an account remains completely inactive for more than 100 days, it will be subject to automated and permanent deletion. An email warning will be dispatched to the address on file prior to final deletion.

7. Security and Data Breaches

While we implement industry-standard encryption and security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee its absolute security. In the event of a significant data breach, we will notify affected users and the relevant supervisory authority in compliance with GDPR.

8. Third-Party Links

The Platform contains links to external websites (e.g., Spotify, Instagram profiles). We do not operate these external sites and have no control over their content or privacy policies. We strongly encourage you to review the Privacy Policy of every site you visit via an external link from our Platform.

9. Children's Privacy

The Platform is strictly intended for individuals who are at least 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personally identifiable information from children under 16. If we discover that a user under 16 has provided us with personal information, we will immediately delete the account and associated data from our servers.

You must be 16 or older to use the app. We do our best to protect your data, but no internet system is flawless. We aren't responsible for what happens if you click a link that takes you to another website.

10. International Data Transfers

While our primary databases are located within the European Union, some of our third-party infrastructure providers (e.g., CDNs, email distribution services) may process data outside the European Economic Area (EEA), including in the United States. In such cases, we ensure that these providers are legally bound by Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent adequate safeguards, to guarantee that your data remains fully protected under GDPR standards globally.