Your privacy is important to us at BeatSphere ("BeatSphere," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service"). Please read this policy carefully.
1. Information We Collect
We collect information about you in several ways when you use the Service:
A. Account Information
When you create an account by linking a music service, we collect:
- Username and profile picture (either uploaded or imported from a linked music service).
- Email address (if provided or obtained from a linked music service).
- Bio and other profile information you choose to provide.
B. Music Service Data
When you link a music service (Spotify, Apple Music, YouTube Music, SoundCloud, or Last.fm), we collect:
- Currently playing track: The song you are currently listening to, including artist, track name, album, and album artwork.
- Recently played tracks: Your recent listening history from the linked service.
- Profile information: Your display name, profile image, and user ID from the linked service.
- Authentication credentials: Secure tokens required to communicate with the music service on your behalf. These are stored securely and are never shared with other users or third parties.
C. Location Data
- Device location: With your permission, we collect your device's location to power location-based features such as discovering nearby listeners, territory claims, audio geo-drops, and AI-generated playlists and heatmaps.
- Location history: We store your location alongside your track history so that personalized features (like your area's heatmap and nearby playlists) reflect your actual listening pattern over time.
You can disable location services through your device settings, but this will limit your ability to use core features of the Service.
How we protect your location
Your exact GPS coordinates are never shown to other users. Before any location is displayed on the public map or shared with another user, our backend snaps it to a privacy grid and then picks a randomized point inside that cell. The size of that area is up to you: in the app's Location Privacy setting you can choose from roughly 1 km up to 10 km across (the default is about 5 km). Two consequences:
- The dot another user sees for you is not where you actually are. It is somewhere inside the same general neighborhood, by design.
- Repeated checks on the same person from the same area will land on the same randomized point — which means others cannot triangulate your true location by watching how the dot moves.
Our internal services that compute heatmaps, AI playlists, and similar aggregated features only ever see this same privacy-grid location — not your raw GPS.
D. Chat and Communication Data
- Chat messages: The content of messages you send through global chat and direct messages, including text and GIF selections.
- Message metadata: Timestamps, read receipts, and typing indicators.
E. Device and Usage Data
- Device information: Device model, operating system, screen dimensions, app version, and a unique device identifier.
- Push notification tokens: Device tokens used to deliver push notifications.
- Analytics data: We collect usage analytics including screen views, feature interactions, session duration, and platform information. Each analytics session records your device ID, platform, and general metadata.
- IP address: Collected automatically when you access the Service and may be used for approximate geographic location (country-level).
F. User-Generated Content
- Audio geo-drops: Audio clips you upload and drop at specific locations, including the audio file, metadata (duration, title), and the location where it was dropped.
- Profile pictures: Images you upload as your profile photo, stored securely in the cloud.
G. Invite Links and Clipboard (iOS)
If you join BeatSphere through a friend's invite link, we record the invite code you used, when you redeemed it, your IP address, and your device type. This connects your account to the friend who invited you and helps us prevent abuse of the invite system.
On iOS, installing from the App Store can drop the invite link you tapped. To recover it, the app checks your clipboard once, on first launch only, and looks for a BeatSphere invite link. iOS shows a system notice when this happens. The clipboard text itself is never stored and never leaves your device. If it contains something that looks like a BeatSphere invite code, only that code is checked against our servers; everything else on your clipboard is ignored and discarded immediately.
H. Cookies and Similar Technologies
On the website, we use cookies to maintain your authentication session. These include:
- Session cookies: HTTPOnly cookies storing your authentication session key (expires after 1 year).
- Preference cookies: Cookies storing your username and profile image URL for display purposes.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide the Service: Display your location and listening activity on the map, enable chat, process friend requests, and power all core features.
- AI-powered features: Generate location-based playlist recommendations and music activity heatmaps using aggregated listening data. Our AI service uses time-decay algorithms to weight recent activity higher and applies location obfuscation for privacy.
- Push notifications: Send you alerts about friend requests, new messages, nearby friends, and other activity based on your notification preferences.
- Analytics and improvement: Monitor usage patterns, diagnose technical issues, and improve the Service.
- Safety and moderation: Enforce our Terms of Service, filter prohibited content, and process user reports.
- Communication: Respond to your support requests and send you important service-related notices.
4. Data Storage and Security
We implement the following security measures to protect your data:
- Authentication session keys are stored in secure, HTTP-only cookies that are not accessible to client-side scripts.
- Sensitive credentials (such as authentication tokens) are stored securely on the server and on mobile devices using platform-native secure storage.
- API endpoints are protected with token-based authentication and rate limiting.
- Chat messages are filtered for prohibited content.
- All communication with the Service uses HTTPS encryption in transit.
While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your information.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:
- Account data: Retained until you delete your account.
- Chat messages: Retained until you delete your account or the messages are removed through moderation.
- Track history and location data: Retained to power features like AI playlists and heatmaps. Deleted when you delete your account.
- Analytics data: Retained for service improvement purposes and periodically purged.
When you delete your account, we perform a complete deletion of your data including your profile, chat messages, track history, location data, friend connections, territory claims, linked social accounts, registered devices, and reports.
6. Your Rights and Choices
- Account deletion: You can delete your account at any time through the app settings. This will permanently remove all your data from our systems.
- Location permissions: You can enable or disable location sharing through your device settings at any time.
- Notification preferences: You can customize which notifications you receive (friend nearby, new message, music updates, friend requests, activity updates) through the app settings.
- Music service connections: You can disconnect linked music services at any time through your account settings.
- Cookies: You can configure your browser to refuse cookies, though this may affect your ability to use the web version of the Service.
7. Children's Privacy
Our Service is not directed to individuals under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly. If you believe that we might have any information from or about a child under 13, please contact us. For more details, see our Child Safety Policy.
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country. By using the Service, you consent to the transfer of your information to these countries.
9. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically. Changes are effective when posted on this page.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at beatspherecommunity@gmail.com.