Privacy Policy

Last updated: June 19, 2026

1. Information We Collect

We collect the following information when you use Random Playlist:

• Email address and name (for your account)
• OAuth tokens from connected streaming platforms (to access your playlists)
• Platform account metadata, such as platform user ID, display name, profile image, and email when provided by the platform
• Session data including device identifier, IP address, and last active timestamp
• Playlist transfer usage counters used to enforce Free, Basic, Pro and Admin limits
• Payment information processed through Stripe (we do not store card numbers)

2. How We Use Your Data

• To authenticate you and provide the playlist reordering, creation and transfer service
• To identify and switch between multiple connected accounts from the same platform
• To prevent the same streaming account from being linked to multiple Random Playlist users
• To enforce the single-device session limit per account
• To enforce playlist transfer limits by plan: Free 1 total, Basic 5 weekly, Pro/Admin unlimited
• To process subscription payments
• To communicate important service updates

3. Data Storage

Your data is stored on Supabase (PostgreSQL) with row-level security enabled. OAuth tokens are encrypted at rest. We do not store your streaming platform passwords — only the OAuth access/refresh tokens provided by each platform.

4. Platform Account Metadata

When you connect a streaming platform account, Random Playlist may store metadata returned by that platform, such as your platform user ID, display name, profile image, email address when provided, and authorization tokens. This information is used to identify connected accounts, prevent the same streaming account from being linked to multiple Random Playlist users, and allow account switching inside your dashboard.

Random Playlist does not sell your streaming platform data.

5. Third-Party Services

Random Playlist uses the following third-party services:

• Supabase — Database and authentication
• Stripe — Payment processing
• Vercel — Hosting and deployment
• Spotify — Music platform API for playlist management
• Apple Music (MusicKit) — Music platform API for playlist management
• Tidal — Music platform API for playlist management
• YouTube API Services — Used to access and reorder your YouTube and YouTube Music playlists. Random Playlist's use of YouTube API Services is subject to the YouTube Terms of Service and YouTube API Services Terms of Service.

By using Random Playlist, you also agree to be bound by the Google Privacy Policy.

6. YouTube API Services — Specific Disclosures

When you connect your YouTube or YouTube Music account, Random Playlist accesses the following data through YouTube API Services:

• Your YouTube playlists (names, track lists, video metadata)
• Your YouTube channel information (to identify playlist ownership)

We use this data solely to display your playlists, allow you to reorder them, transfer playlists when YouTube is selected as a destination, and save the new order or created playlist back to YouTube. We do not download, store, or redistribute any YouTube audio or video content.

Data retention: YouTube OAuth tokens and associated data are stored only while your YouTube account is connected. When you disconnect YouTube from Random Playlist, all tokens and YouTube-related data are permanently deleted from our servers within 30 days. Inactive accounts (no login for 30+ days) will have their YouTube tokens automatically purged.

Revoking access: You can revoke Random Playlist's access to your YouTube data at any time by:

• Clicking "Disconnect" on YouTube in the Random Playlist dashboard
• Visiting your Google Security Settings and removing Random Playlist from the list of connected apps

7. Data Sharing

We do not sell, trade, or share your personal data with third parties except as necessary to provide the service (e.g., Stripe for payments, streaming platform APIs for playlist access).

8. Your Rights

You have the right to:

• Access your personal data
• Delete your account and all associated data
• Revoke access to any connected streaming platform at any time
• Request deletion of all your data (completed within 30 days)
• Export your data

9. Data Deletion

When you disconnect a streaming platform or delete your account:

• All OAuth tokens for that platform account are immediately deleted from our database
• All cached playlist data is removed
• Transfer usage records may be retained as account billing/usage records unless the full account is deleted
• Full account deletion removes all personal data within 30 days
• Inactive accounts (no activity for 30+ days) have their platform tokens automatically purged
• Disconnecting one platform account does not delete your playlists or music from the external streaming platform

10. Session Tracking

We track active sessions to enforce the device limit policy. Session records include a device identifier (stored locally in your browser), your IP address, and last activity timestamp. Inactive sessions are automatically deleted after 30 minutes.

11. Cookies

We use essential cookies for authentication (Supabase auth session). We do not use analytics or advertising cookies.

12. Contact

For privacy-related requests, contact us at privacy@randomplaylist.com.