Legal
Privacy
This page explains what data Concert / Recommender processes when you paste a public playlist or sign in with Spotify, and how to get it deleted.
What we store
- Account
- When you sign in with Spotify, we store your Spotify user ID, display name, and email address as provided by Spotify.
- Spotify access
- We request the playlist-read-private scope only, and store the resulting OAuth tokens to fetch your playlists. We cannot post anything or change your account.
- Runs
- Each search stores the playlist IDs used, the date range, and the result, so you can return to a ranking.
- Feedback
- If you thumbs up/down a recommendation, we store that rating together with the concert URL to improve future rankings.
- Analytics
- We use self-hosted, cookie-free analytics: a random session ID kept in your browser's local storage, and the page paths you visit. No ad or third-party trackers.
- Cookies
- Two signed, first-party session cookies (cr_session, cr_anon) keep you signed in and link anonymous runs to your browser. No marketing or tracking cookies, so no consent banner is needed.
Third-party services
To rank concerts, we match artist names from your playlists against MusicBrainz and pull genre tags from Last.fm — both receive only artist names, nothing about you. Sign-in runs through Spotify.
Hosting
The app runs on Google Cloud Run in europe-west1 (Belgium, EU) behind Cloudflare for TLS termination and DDoS protection.
Your rights
Under GDPR you have the right to access, rectification, erasure, restriction of processing, data portability, and objection. Contact us to have your account and all associated data deleted.
Contact
For privacy questions or deletion requests, reach out to: [email protected]