Privacy Policy
Last updated: May 2026
Moodefy.io connects to your Spotify account to generate AI-powered music insights. We only access the data we need, we never sell it, and you can disconnect at any time.
1. Who we are
Moodefy.io ("we", "us", "our") is an independent web application that provides AI-powered music discovery and personalisation features. For questions about this policy, contact us at moodefy.io/contact.
2. Data we collect
- Spotify account data: Your display name, email address, profile picture, and account type (Premium / Free) — collected when you connect your Spotify account via OAuth.
- Spotify listening data: Your top tracks, recently played tracks, and listening history — used to power features like Roast, Listening Pulse, Compatibility, and Soul Scan. We never access your full library or playlists without your explicit action.
- Generated results: AI-generated outputs (playlists, roasts, compatibility scores, archetypes) are stored in our database linked to your Spotify user ID so you can share them via a link.
- Session data: An encrypted session cookie is stored in your browser to keep you logged in. It does not contain your Spotify password.
- Contact messages: If you contact us via the contact form, we store your name, email address, and message to respond to you.
3. How we use your data
- To authenticate you with Spotify and maintain your session
- To provide all app features (playlist generation, roasting, compatibility checks, soul scan)
- To generate shareable result links
- To respond to support requests submitted via the contact form
- To improve the service and fix bugs
We do not sell your data, share it with advertisers, or use it for any purpose beyond operating this service.
4. Third-party services
- Spotify — authentication and music data. Governed by Spotify's Privacy Policy. We request only the scopes we need:
user-read-email, user-read-private, user-top-read, user-read-recently-played.
- Anthropic (Claude AI) — your track names and artists are sent to Anthropic's API to generate AI responses. We do not intentionally send personally identifiable information such as your name or email address to Anthropic. Governed by Anthropic's Privacy Policy.
- Supabase — cloud database used to store generated results and sessions. Data is hosted in the EU. Governed by Supabase's Privacy Policy.
- Vercel — hosting provider. Application logs may be retained for debugging. Governed by Vercel's Privacy Policy.
5. Cookies
We use the following cookies:
- moodify.sid — session identifier, expires after 7 days
- mg_tok — encrypted Spotify authentication token, expires after 7 days
- mg_gate — beta access cookie, expires after 7 days
We do not use any advertising, tracking, or analytics cookies.
6. Data retention
- Session data: deleted after 7 days of inactivity
- Shared results (playlists, roasts, etc.): retained for 90 days, then automatically deleted
- Contact form messages: retained until resolved, then deleted
You can disconnect your Spotify account at any time using the "Disconnect" button in the app, which immediately clears your session and tokens.
7. Your rights (GDPR)
If you are in the European Economic Area (EEA) or UK, you have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Object to or restrict processing of your data
- Data portability
To exercise any of these rights, contact us via the contact form.
8. Children's privacy
Moodefy.io is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. Spotify also requires users to meet their minimum age requirements.
9. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect any changes. Continued use of the service after changes constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions or requests, please use our contact form.