← Home

Privacy Policy

Last updated: June 7, 2026

What we collect

We only store the minimum needed to power your personal timeline:

  • Account: email address and (if you sign in with Google) display name and avatar URL.
  • Google Photos: only the photos you explicitly select inside Google's Picker — including ID, capture timestamp, dimensions, and a cached thumbnail. We never read your full library.
  • Spotify: tracks you've played (track name, artist, album, played-at timestamp, milliseconds played). Sourced from the Spotify "Recently Played" endpoint and any account-data export you upload yourself.
  • OAuth tokens: stored encrypted at rest so we can refresh data on your behalf.

What we do with it

Your data is used solely to render your own timeline, recap, and memories views. We do not sell your data, share it with advertisers, or use it to train AI models.

Google API Services User Data — limited use disclosure

musicxphotos's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer, share, or use Google user data for serving ads, and we do not allow humans to read it except with your explicit consent or as required by law.

Storage and security

Data is stored in our managed Postgres database with row-level security so each user can only read their own rows. Photo thumbnails live in a private storage bucket served via short-lived signed URLs. All traffic is encrypted in transit with TLS.

Your controls

  • Disconnect Spotify or revoke Google Photos access at any time from your Account page.
  • Delete all of your listening, photo, and connection data on request via the Account page. Deletion is immediate and irreversible.
  • You can revoke our access directly with Google or Spotify in their respective account settings.

Third-party processors

We rely on the following sub-processors: Lovable Cloud (database, auth, storage), Google (Photos Picker API + OAuth), and Spotify (OAuth + Web API). No other parties receive your personal data.

Cookies

We use only essential cookies/localStorage entries needed to keep you signed in. No tracking pixels, no third-party advertising cookies.

Contact

Questions or data-removal requests: reach us through the Account page or by opening an issue on the project repository.

musicxphotos

Your photos and your listening, woven into a single scroll. Built with respect for your data — we only ever see what you explicitly pick or upload.

© 2026 musicxphotos. All rights reserved.

Prints fulfilled by Prodigi. Photos via Google Photos. Listening data via Spotify. Not affiliated with either company.