Privacy Policy
The short version: MusicPool is an anonymous-by-default music chat app. We only collect what we need to match you with someone and keep your account safe. We don't sell your data. Ever.
1Data we collect
You give us some data directly. The app generates more in the background while you use it. Here's the full list.
Account data
- Email and password — required to sign in. Password is hashed; we never see your raw password.
- Username — chosen during onboarding.
- Profile fields you add — display name, avatar, music preferences, age (for safety filtering), bio. All optional except where the app says otherwise.
Activity data
- Pools you join, matches, chat messages, music shares and likes, profile reveal requests, reviews you submit after a chat.
- Reports and blocks you create.
- XP, levels, badges, streaks — derived from your activity.
Device and technical data
- App version, OS, device model — for crash reporting and compatibility.
- Push token (APNs on iOS, FCM on Android) — only if you allow notifications.
- IP address — used for fraud prevention and rate-limiting, not stored long-term.
2How we use it
- Match you with another listener in a Vibe Pool.
- Deliver messages, song shares, and likes between you and your match.
- Run the gamification system (XP, levels, daily tasks, badges).
- Send transactional emails — signup confirmation, password reset, email change.
- Send push notifications for new matches and messages, if you've opted in.
- Keep MusicPool safe — investigate reports, enforce blocks, prevent abuse and spam.
- Improve the product — aggregated, non-identifying usage signals only.
We do not sell your data, share it with advertisers, or use it to train AI models outside the MusicPool service.
3Who we share data with
MusicPool relies on a small set of trusted vendors to run the service. We share the minimum data they need to do their job.
- Supabase (database, authentication, realtime, storage) — hosts your account and chat data.
- Resend (email delivery) — sends transactional emails from
no-reply@musicpool.app. - Apple Push Notification service & Google Firebase Cloud Messaging — deliver push notifications.
- Apple App Store & Google Play — distribute the app and handle in-app purchases (if applicable).
- Spotify and Deezer public APIs — fetch track metadata you choose to share in chat. We do not link your MusicPool account to your Spotify / Deezer account.
We may also disclose data when required by law (subpoena, court order, lawful government request) or to protect the rights, property, or safety of MusicPool, our users, or others.
4Anonymous chat & reveal
Every chat starts anonymous. You get a random alias per chat. Your username, real name, and profile photo are hidden from the other person.
The reveal mechanic is strictly opt-in on both sides. We don't auto-reveal anything. You can decline a reveal request at any time, and either of you can end the chat at any time.
Behind the scenes, the system knows which two accounts are matched (it has to — that's how chat works). But the other user can't see your identity unless both of you tap to reveal.
5Music data (Spotify / Deezer)
When you share a track, we fetch its public metadata (title, artist, cover art, preview URL) from the relevant streaming service's public API. We do not require you to connect your Spotify or Deezer account. We don't see your listening history. We don't see what's in your library. We only know the songs you choose to share inside MusicPool.
6Push notifications
If you allow notifications, we send pushes for: new matches, new messages, chat-ending warnings, daily-task reminders, and the occasional product announcement. You can turn them off in your device's system settings or inside the app at any time.
7Data retention
- Active accounts: we keep your data as long as your account exists.
- Ended chats: messages and shared songs from chats that ended are retained for moderation and dispute resolution, then periodically purged.
- Account deletion: when you request deletion from inside the app, the request is queued and your account + personally identifiable data are removed within 30 days, except where we're legally required to retain something (e.g., abuse investigation, financial records).
- Push tokens: removed when you sign out, uninstall, or revoke notification permission.
- Logs: server logs are kept for up to 30 days for diagnostics, then rotated.
8Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and personal data.
- Export your data in a portable format.
- Restrict or object to certain processing.
- Withdraw consent at any time.
You can exercise most of these from inside the app (Profile → Account). For anything you can't do in-app, email support@musicpool.app and we'll handle it within 30 days.
9Security
All traffic to musicpool.app and the MusicPool API is encrypted in transit (TLS). Passwords are hashed with bcrypt. Database access is restricted to the application server, with row-level security policies that prevent users from reading each other's private data. We follow industry-standard practices, but no system is 100% secure — if you suspect a security issue, please email us immediately.
10Children
MusicPool is not directed at children under 13 (or under 16 in the EU/UK, where local law applies). If you become aware that a child under the applicable age has signed up, contact us and we will delete the account.
11Changes to this policy
If we make material changes, we'll notify you in-app or by email before the changes take effect. The "Effective" date at the top will always reflect the current version.
12Contact
Privacy questions, data requests, or anything else: support@musicpool.app.
Heads up: this policy is a working draft pending final review by legal counsel. The substance reflects how the product actually works, but the exact phrasing may change before it becomes the binding version. If you spot something off, tell us at support@musicpool.app.