Concert / Recommender
/

Legal

Privacy

This page explains what data Concert / Recommender processes when you paste a public playlist or sign in with Spotify, and how to get it deleted.

What we store

Account
When you sign in with Spotify, we store your Spotify user ID, display name, and email address as provided by Spotify.
Spotify access
We request the playlist-read-private scope only, and store the resulting OAuth tokens to fetch your playlists. We cannot post anything or change your account.
Runs
Each search stores the playlist IDs used, the date range, and the result, so you can return to a ranking.
Feedback
If you thumbs up/down a recommendation, we store that rating together with the concert URL to improve future rankings.
Analytics
We use self-hosted, cookie-free analytics: a random session ID kept in your browser's local storage, and the page paths you visit. No ad or third-party trackers.
Cookies
Two signed, first-party session cookies (cr_session, cr_anon) keep you signed in and link anonymous runs to your browser. No marketing or tracking cookies, so no consent banner is needed.

Third-party services

To rank concerts, we match artist names from your playlists against MusicBrainz and pull genre tags from Last.fm — both receive only artist names, nothing about you. Sign-in runs through Spotify.

Hosting

The app runs on Google Cloud Run in europe-west1 (Belgium, EU) behind Cloudflare for TLS termination and DDoS protection.

Your rights

Under GDPR you have the right to access, rectification, erasure, restriction of processing, data portability, and objection. Contact us to have your account and all associated data deleted.

Contact

For privacy questions or deletion requests, reach out to: [email protected]