Privacy Policy

Last Updated: 2026-02-23

1. Introduction

This Privacy Policy explains how BookTuning ("we," "our," or "us") collects, uses, and shares information when you use our book-to-playlist matching service. We're committed to transparency and minimizing data collection while providing a high-quality service that connects your reading experience with personalized music.

2. Information We Collect

We collect the following types of information:

2.1 Account Information

  • Email address - Used for account creation, login, and important service communications
  • Username - Your unique identifier on the platform
  • Password - Securely hashed using bcrypt (we never store plaintext passwords)
  • Display name - Optional public name shown on your profile
  • Avatar URL - Optional profile picture
  • Bio - Optional profile description

2.2 Playlist and Usage Data

  • Book search queries and preferences
  • Generated playlists (book title, author, cover, tracks)
  • Playlist configuration settings (mood, genre, era, etc.)
  • Spotify playlist URLs and IDs
  • Playlist visibility settings (public/private)
  • Play counts and engagement metrics

2.3 Automatically Collected Information

  • Login timestamps and authentication tokens (JWT)
  • Account creation and last update timestamps
  • IP addresses (for security and fraud prevention)

2.4 Information Stored Locally

  • Authentication tokens (stored in your browser's local storage)
  • User preferences and session data

3. How We Use Your Information

We use your information for the following purposes:

  • Account Management - To create, maintain, and secure your user account
  • Authentication - To verify your identity and provide secure access to your account
  • Service Delivery - To provide our book-to-playlist matching service
  • Playlist Generation - To create and save personalized playlists based on your book selections
  • Content Sharing - To enable you to share playlists publicly or keep them private
  • AI Features - To generate descriptions explaining why the music fits with your book
  • Communication - To send important account-related notifications (password resets, security alerts)
  • Personalization - To remember your preferences and improve your experience

4. Spotify Integration

We use a dedicated BookTun.ing Spotify service account to:

  • Create playlists based on your book selections
  • Add tracks to these playlists
  • Share these playlists with you via direct links

You do not need to connect your own Spotify account to use our service. All playlists are created and managed through our service account for your convenience.

5. Data Sharing and Disclosure

We share your information in the following limited circumstances:

  • With OpenAI, to generate playlist descriptions (we do not share personally identifiable information)
  • When required by law or to protect our rights

We do not sell your personal information to third parties.

6. Data Storage and Security

We take data security seriously and implement industry-standard security measures:

  • Password Security - All passwords are hashed using bcrypt with a cost factor of 10 before storage
  • Database Security - Your data is stored in a secure PostgreSQL database with encrypted connections (SSL/TLS)
  • Authentication - We use JWT (JSON Web Tokens) with secure signing for session management
  • Data Encryption - All data transmission uses HTTPS encryption
  • Access Controls - Database access is restricted and monitored

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your password.

7. Your Rights and Choices

Depending on your location, you may have rights regarding your personal information, including:

  • Access - View and download your account data and playlists
  • Correction - Update your profile information through your account settings
  • Deletion - Request account deletion (we will soft-delete your account and anonymize your data)
  • Portability - Export your playlist data
  • Restriction - Limit how we process your data
  • Objection - Object to certain types of processing

You can exercise many of these rights directly through your account settings. For other requests, please contact us at [email protected].

Account Deletion: When you delete your account, we soft-delete it by marking it as inactive. Your public playlists may remain visible but will be anonymized. You can request complete data deletion by contacting us.

8. Analytics

We use Cloudflare Web Analytics to collect anonymous usage statistics that help us improve our service. Cloudflare Web Analytics:

  • Does not use cookies or store personal data
  • Does not track users across different websites
  • Collects anonymous metrics such as page views, referrers, and browser information
  • Complies with privacy regulations like GDPR and CCPA

For more information about Cloudflare's privacy practices, you can visit their Privacy Policy.

9. Data Retention

We retain your data for the following periods:

  • Account Data - Retained while your account is active and for 90 days after soft-deletion
  • Playlists - Retained while your account is active; public playlists may be anonymized after account deletion
  • Authentication Tokens - JWT tokens expire after 7 days by default
  • Logs and Analytics - Retained for up to 90 days for security and service improvement

10. Local Storage and Session Data

We use browser local storage to store your authentication token and preferences. You can clear this data at any time through your browser settings, though this will log you out of your account.

11. Children's Privacy

Our service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].