DeepGrooves · Legal

Privacy Policy

Last Updated: June 16, 2026

Prickly Cactus Software / DeepGrooves ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use the DeepGrooves web application, desktop application, mobile application, and any associated websites or services (collectively, "the Service").

By using the Service, you agree to the collection and use of information as described in this Privacy Policy.

1. Introduction

This Privacy Policy applies to the DeepGrooves music collection management application, including:

  • The DeepGrooves desktop application (Windows)
  • The DeepGrooves mobile application (Android)
  • The DeepGrooves web application
  • Any associated websites and online services

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication and account recovery
  • Display name (optional) — used for personalization within the app

2.2 Collection Data

When you use the Service, you may provide:

  • Album titles, artist names, and related metadata
  • Track listings, genres, and release information
  • Personal ratings, notes, and custom categories
  • Wishlist items and folder organization
  • Artwork images uploaded by you
  • Play history, spin counts, and other listening activity you choose to record
  • Share link settings, including scope, title, expiration date, and generated share token

2.3 Share and Social Sharing Data

DeepGrooves includes optional sharing features. When you choose to use them, we may process:

  • Read-only share links that expose only the collection scope you select, such as a collection, genre, artist, folder, or recent plays
  • Generated share images made from album artwork and selected metadata
  • Now Spinning images and captions created when you record or share a spin
  • Social share captions and URLs copied to your clipboard, opened in your browser, or passed to your device's native share sheet at your request
  • Email recipient addresses only if you use an email-share feature to send a share link or image to someone else

DeepGrooves does not post to Facebook, Instagram, X, Bluesky, or any other social platform automatically. If you use a social share button, you are choosing to open that platform or your device's share interface. The final post, audience, destination, and uploaded media are controlled by you and the platform.

2.4 Data Imported from Third Parties

When you search for or import albums, we may retrieve and store:

  • Album metadata from Discogs (titles, artists, tracklists, artwork URLs, release details)
  • Album metadata from MusicBrainz (titles, artists, barcodes)
  • Audio preview URLs from Deezer (temporarily, for playback only — not stored permanently)

2.5 Technical Data

We may automatically collect:

  • Device type and operating system version
  • Application version number
  • Error logs and crash reports (anonymized)
  • General usage patterns (e.g., feature usage counts — no personal identifiers)

2.6 Information We Do NOT Collect

  • We do not collect your location data
  • We do not access your contacts, photos, or files (beyond what you explicitly provide)
  • We do not store credit card numbers or full payment credentials
  • We do not track your browsing activity outside the app
  • We do not collect data from your Spotify account (the app only opens external links)
  • We do not collect your social media account credentials

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service — store and sync your music collection across devices
  • Improve the Service — understand usage patterns to fix bugs and add features
  • Communicate with you — send account-related notifications (e.g., password reset)
  • Enable sharing — create read-only share pages, generated images, social captions, and requested email shares
  • Process subscriptions — manage DeepGrooves billing, founder pricing eligibility, and subscription status
  • Ensure security — detect and prevent unauthorized access or abuse

We do not use your data for:

  • Advertising or ad targeting
  • Selling or renting to third parties
  • Profiling or behavioral tracking
  • Automated decision-making that affects you
  • Posting to social platforms without your direct action

4. Data Storage and Security

4.1 Cloud Storage

Your collection data is stored on Supabase, a cloud database platform built on PostgreSQL. Supabase servers are hosted on secure infrastructure with encryption at rest and in transit.

4.2 Authentication

We use Supabase Auth for user authentication. Passwords are hashed and salted; we never store plaintext passwords.

4.3 Row-Level Security

Our database implements Row-Level Security (RLS) policies, ensuring that each user can only access their own data.

4.4 Data Transmission

All data transmitted between the app and our servers is encrypted using TLS (HTTPS). API calls to third-party services (Discogs, Deezer, MusicBrainz) also use encrypted connections.

4.5 Local Storage

The desktop and mobile applications may cache data locally for offline performance. This data remains on your device and is not shared with third parties.

5. Third-Party Services

The Service integrates with the following third-party services. Each has its own privacy policy:

Service Purpose Privacy Policy
Supabase Backend database & authentication supabase.com/privacy
Discogs Album metadata search & import discogs.com/privacy
Deezer 30-second audio previews deezer.com/legal/personal-datas
MusicBrainz Barcode lookups & metadata metabrainz.org/privacy
Square Subscription checkout & billing squareup.com/privacy
Resend Transactional email & requested share emails resend.com/legal/privacy-policy
Spotify External deep links only spotify.com/privacy
Social platforms Optional user-directed sharing Facebook, Instagram, X, Bluesky, and similar platforms apply their own policies when opened

5.1 What We Share with Third Parties

When you use search features, the following information may be sent to third-party APIs:

  • Search queries (artist names, album titles, barcodes) — sent to Discogs, MusicBrainz, and/or Deezer
  • Billing details needed to create or manage a subscription — sent to Square when you start checkout or manage billing
  • Email share details such as recipient address, share URL, and message content — sent to our email provider only when you request an email share
  • Share content such as captions, links, or generated images — passed to your clipboard, browser, device share sheet, or chosen social platform only when you take that action
  • No account credentials for metadata, preview, or social platforms are shared by DeepGrooves

5.2 Public Share Links and Generated Images

Share links are private-by-default but publicly accessible to anyone who has the unique URL while the link is active. A share link may reveal album artwork, titles, artists, release years, ratings, collection scope, and play history included in the share you selected. You can delete or expire share links from within DeepGrooves.

Generated images are designed for sharing outside DeepGrooves. Once you download, copy, email, or post an image, it may be saved, reshared, indexed, or retained by the platform or person you send it to. We cannot control copies made outside the Service.

5.3 Spotify

The Service creates links to Spotify's website or app. When you click a Spotify link, you leave the DeepGrooves Service and are subject to Spotify's privacy policy. We do not send any data to Spotify — the link is a standard URL opened in your browser or the Spotify app.

6. Data Retention

  • Active accounts: Your data is retained as long as your account is active.
  • Deleted accounts: If you request account deletion, we will delete your data within 30 days. Some anonymized, aggregated data may be retained for analytical purposes.
  • Share links: Share links and generated share metadata are retained until they expire, are deleted by you, or your account is deleted.
  • Email share logs: Transactional email records may be retained as needed for delivery, abuse prevention, and support.
  • Audio previews: Preview audio streams are not stored. They are fetched in real time from Deezer and discarded after playback.
  • Error logs: Anonymized error logs are retained for up to 90 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data ("right to be forgotten")
  • Export — Request a portable copy of your data in a standard format
  • Withdraw consent — Withdraw your consent to data processing at any time
  • Restriction — Request restriction of processing of your personal data
  • Objection — Object to processing of your personal data

To exercise any of these rights, contact us at support@pricklycactussoftware.com. We will respond within 30 days.

8. Children's Privacy

The Service is not directed at children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

9. Cookies and Tracking

9.1 Desktop and Mobile Applications

The desktop and mobile applications do not use cookies, web beacons, or similar tracking technologies.

9.2 Website

The DeepGrooves web application uses essential browser storage for authentication, preferences, and app functionality. We do not use advertising cookies or third-party tracking scripts. Any analytics, if enabled, will use privacy-respecting methods and may be disabled where the app provides a setting.

10. International Data Transfers

Your data may be stored and processed in countries other than your own. By using the Service, you consent to the transfer of your data to servers located outside your country of residence. We ensure that any such transfers comply with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:

Prickly Cactus Software / DeepGrooves
A sole proprietorship · United States

Summary

  • Your data: Synced securely via Supabase with encryption at rest and in transit
  • What we collect: Email address, display name, your collection data
  • Payment information: Card details are handled by payment providers; we do not store full card numbers
  • Third-party sharing: Search, billing, email, and social share data are shared only as needed for actions you initiate
  • Share links: Public to anyone with the unique URL while active; you control expiration and deletion
  • Data selling: We do not sell personal information
  • Your control: You may access, export, correct, or delete your data at any time

Questions? Contact support@pricklycactussoftware.com

Copyright © 2026 Prickly Cactus Software / DeepGrooves. All rights reserved.