Legal · PrivacyUpdated May 10, 2026

Privacy policy.

What we collect

When you sign in with Google, we receive your email address, your display name, and the avatar URL on your Google profile. We use this to identify your account and show your avatar in the app. We do not receive your password — Google handles that.

We don't collect your IP address beyond standard request logs kept by our hosting provider (Vercel) and storage provider (Cloudflare R2) for operational purposes (rate limiting, abuse prevention, debugging). Those logs are governed by Vercel's and Cloudflare's own privacy policies.

When you keep or downvote a track, we store that choice in your browser's local storage. It never leaves your device.

What we don't collect

We do not run analytics that track you across sites. We do not sell or share your data with advertisers. We do not have advertisers. We do not run third-party scripts that fingerprint your device.

Where your data lives

Account info (email, name, avatar URL) is held in a JWT session cookie issued by NextAuth at sign-in. The cookie is HttpOnly and lives in your browser; we do not currently store account records in a server database.

Audio + cover art is stored in our Cloudflare R2 bucket. Streaming requests are authenticated and may be rate-limited.

Listening history, kept tracks, downvoteslive in your browser's local storage. They do not sync across devices yet.

Third parties we rely on

  • Google — OAuth sign-in.
  • Vercel — web hosting + edge network.
  • Cloudflare R2 — audio + cover art storage.

Each has its own privacy policy. Disabling sign-in / not visiting the site is the way to opt out of all of them.

Your rights

Sign out and your session is destroyed. Clear your browser's local storage and your kept tracks + listening preferences are erased. To remove the OAuth grant entirely (so we can no longer re-issue a session for you), revoke pindufai at myaccount.google.com/permissions.

Residents of the EU/UK (GDPR) and California (CCPA) have additional rights to access, correct, delete, and port your data. Email privacy@pindufai.com and we'll handle it.

Children

The service is not directed at children under 13 and we do not knowingly collect data from children. If you believe we have, email us and we'll delete it.

Changes to this policy

If we change this policy in a way that affects your rights, we'll update the “updated” date at the top and post a notice on the home page for at least 14 days.

Contact

Questions, takedowns, or just general policy curiosity: privacy@pindufai.com.

END.