Privacy Policy

Last updated: Loading...

Bounced is owned and operated by Dezolent, LLC, a Florida-registered limited liability company ("we," "our," or "us"). This Privacy Policy explains how we collect, use, and share your information when you sign in with Spotify or Google on https://app.bounced.studio (the "Site").

Bounced ("we," "our," or "us") operates https://app.bounced.studio (the "Site"), a music analytics dashboard that allows artists to sign in via Spotify or Google so they can view aggregated streaming metrics, estimated royalties, and related insights. We are committed to protecting your privacy and handling your personal data in a transparent and secure manner. This Privacy Policy explains:

  1. What information we collect
  2. How we use that information
  3. With whom we share it
  4. How long we keep it
  5. Your choices and rights regarding your data
  6. How we protect your information
  7. Children's privacy
  8. Updates to the policy
  9. How to contact us

1. Information We Collect

1.1 Information You Provide Via Spotify or Google OAuth

When you click "Sign in with Spotify" or "Sign in with Google," we rely on OAuth protocols to authenticate you. As part of that process, Spotify and Google each share certain information with us, including:

  • Basic Profile Information
    • User ID (a unique identifier assigned by Spotify or Google)
    • Display name (e.g. "John Doe")
    • Email address
    • Profile picture URL (if available)
  • OAuth Access Token (and Refresh Token)
    • We receive a short‐lived access token (and refresh token) that allows us to call the Spotify or Google API on your behalf to fetch additional data.
    • We never store your raw Google or Spotify password.

Why we collect this: We need your Spotify or Google user ID and access token to securely fetch your streaming metrics (play counts, monthly listeners, playlist features, etc.) from Spotify's Web API and any other Google‐integrated services. We also store your email address to identify you uniquely in our system and to correspond with you (e.g., passwordless login tokens, notifications, etc.).

1.2 Information Pulled from Spotify or Google APIs

With your explicit consent, we periodically retrieve the following data from Spotify (and, where applicable, from other streaming APIs you authorize) using your OAuth access token:

  • Streaming Metrics
    • Track‐level play counts over time
    • Monthly listener counts, follower counts, playlist placements, etc.
    • Estimated royalty earnings (calculated based on public royalty rates and your play counts)
  • Playlist & Feature Data
    • Which official editorial or user‐curated playlists include your tracks
    • The number of followers or subscribers on those playlists
  • Basic Account Info (if permitted)
    • Public track titles, album names, release dates
    • Artist biography, if you add it via Spotify for Artists

Why we collect this: To populate your dashboard with up‐to‐date streaming statistics, trend charts, and royalty estimates.

1.3 Information We Collect Directly on the Site

  • Account Information
    • Your Supabase user ID (automatically generated when you first sign in)
    • Your email (from Spotify or Google)
  • Usage Data & Analytics
    • Pages you visit, sections of the dashboard you view, and basic interaction data (e.g., button clicks, time spent on a chart).
    • IP address (used to derive your country/region for analytics and security).
    • Browser and device type (to help us optimize the Site for different screen sizes and performance).
  • Cookies & Tracking Technologies
    • We use cookies to keep you logged in (session cookies set by Supabase) and to remember your preferences (e.g., dark mode).
    • We may use third‐party analytics (e.g., Google Analytics) in aggregate/anonymous form to improve the Site's design and performance.

2. How We Use Your Information

We use the information above for the following purposes:

  1. Authentication & Account Management
    • To sign you in via Spotify or Google OAuth, create your Supabase user record, and maintain your session (so you do not have to log in on every page load).
  2. Dashboard Functionality
    • To call Spotify's Web API and any other authorized APIs on your behalf, fetch your streaming metrics and playlist data, and display them in an easy‐to‐read dashboard.
    • To calculate and display estimated royalty earnings based on your play counts and publicly available rate information.
  3. Personalization & Preference Storage
    • To save your dashboard settings (e.g., date range filters, chart preferences).
    • To remember whether you prefer a light or dark theme.
  4. Communications & Notifications
    • To send you administrative emails (e.g., confirmation of sign‐up, passwordless login links if we implement email login, and notifications about major updates or outages).
    • To send you non‐transactional emails only if you opt in (e.g., a monthly summary of your streaming overview or a newsletter). We will always give you a way to unsubscribe.
  5. Improvement & Analytics
    • To track aggregate usage (for example, how many artists log in per day, which dashboard features are most popular) so we can continuously improve performance and usability.
    • To monitor for abuse, spike in traffic (possible DDoS), or suspicious login attempts (account security).
  6. Legal & Security
    • To detect, prevent, or investigate fraud, claims, or other illegal activity.
    • To comply with any applicable law, regulation, legal process, or enforceable governmental request.

3. With Whom We Share Your Information

We do not sell, rent, or trade your personal information. We only share data in the following limited circumstances:

3.1 Third‐Party Service Providers

  • Spotify & Google
    • We send them your OAuth credentials (indirectly, via the OAuth handshake) so we can retrieve your streaming data.
    • We do not share additional personal data with them beyond what is required for OAuth and API access.
  • Supabase (our backend & database host)
    • Supabase stores your email, user ID, and session cookies securely.
    • Supabase also stores any additional data we collect (e.g., cached metric snapshots, preferences, hashed tokens) in PostgreSQL.
  • Email/Notification Providers (e.g., SendGrid, Mailgun)
    • We may use a transactional email service to send confirmation emails and important site notices. We only share the minimum necessary (your email address and the template of the email we send).
  • Analytics & Monitoring Tools (e.g., Google Analytics, Sentry)
    • We may send aggregate or anonymized usage data (e.g., page view counts, error logs) to help us understand how the Site is used and quickly identify bugs.
    • We do not share any personally identifiable information (PII) in our analytics dashboards.

3.2 Legal Obligations

We may disclose your information if required by law (e.g., in response to a valid subpoena or other legal process), or if we believe disclosure is reasonably necessary to protect the rights, property, or safety of Bounced, our users, or the public.

3.3 Business Transfers

In the event that Bounced is acquired by or merged with another company, we may share your information with the acquirer. You will be notified via email or a prominent notice on our Site prior to any transfer, and the acquirer will be required to honor this Privacy Policy.

4. Data Retention

  • Account & Profile Data
    • We retain your email, user ID, and profile picture URL for as long as your account remains active.
    • If you never sign in or you delete your account, we erase your profile data within 30 days of your last login or account‐deletion request.
  • Streaming Metrics & Analytics
    • We cache metric snapshots (play counts, listener counts) for reporting and trend analysis. These records are retained for at least one year (so you can view historical trends).
    • If you delete your account, we remove all metric data linked to your user ID within 30 days.
  • Cookies & Session Data
    • Supabase session cookies are valid for 30 days. If you do not sign in again for 30 days, you will have to re‐authenticate.
    • We do not persist refresh tokens beyond what Supabase stores. When you sign out, your session tokens are invalidated immediately.

5. Your Choices & Rights

5.1 Access, Correction, or Deletion

You have the right to:

  • Access the personal data we hold about you.
  • Correct any inaccurate or incomplete information.
  • Delete your account and associated data (including your streaming metric history and dashboard preferences).

To exercise these rights, email us at contact@dezolent.com or use the "Delete Account" feature in your user settings.

5.2 Opting Out of Non‐Essential Communications

We will only send you marketing or non‐transactional emails if you explicitly opt in. Each marketing email we send includes an "Unsubscribe" link. You can also reply to any email with "UNSUBSCRIBE" in the subject line.

5.3 Cookie & Tracking Opt‐Out

You can disable cookies or block third-party tracking via your browser settings. Please note that if you block Supabase's cookies, you will be logged out and cannot remain authenticated.

5.4 Revoking OAuth Permissions

You can revoke Bounced's access to your Spotify or Google account at any time by managing your connected apps:

  • Spotify: Go to Spotify Account → Apps → find "Bounced" → click Remove Access.
  • Google: Go to Google Account → Security → Third‐party apps with account access → find "Bounced" → click Remove Access.

Once revoked, Bounced will no longer be able to pull new data from your Spotify or Google account. You will need to re-authenticate if you want to restore that connection.

6. How We Protect Your Information

  • Encryption in Transit & At‐Rest
    • We use HTTPS (TLS 1.2 or higher) for all data transmissions between your browser and our servers.
    • Supabase automatically encrypts your database at rest.
  • Secure OAuth Flows
    • We never see or store your Spotify or Google password. All authentication occurs through their OAuth endpoints.
  • Access Controls & Least Privilege
    • Only authorized personnel at Bounced can access our Supabase dashboard or logs.
    • We use Role-Based Security (RLS) in Supabase so that each user can only see their own metric records.
  • Regular Audits & Updates
    • We perform periodic security reviews of our codebase and dependencies.
    • We keep third-party libraries (e.g., Supabase client libraries, Next.js, Tailwind) up to date to avoid known vulnerabilities.

7. Children's Privacy

Bounced is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected data on a minor, please contact us at contact@dezolent.com, and we will promptly delete any such information.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time—especially if we add new features, switch third-party providers, or have to comply with changes in privacy laws. When we do, we will:

  1. Post the new Privacy Policy on this page and update the "Last updated" date at the top.
  2. Send a notice to the email address associated with your account 14 days before the changes take effect (if the changes are material).

We encourage you to review this Privacy Policy periodically.

9. How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:

Bounced Privacy Team
Email: contact@dezolent.com
Address: 18412 Homestead Avenue, Apt. 132, Miami, FL 33157

By using https://app.bounced.studio, you acknowledge that you have read and understood this Privacy Policy and agree to our collection and use of your information as described above.

Shopping Cart