Privacy Policy

What data we collect

• Google account info: Your name, email address, and profile picture when you sign in with Google.
• YouTube Music data: Your liked songs from YouTube Music, used to generate collaborative playlists.
• Apple Music data: Your Apple Music library data (recently played and heavy rotation songs), used to generate collaborative playlists. This data is accessed via Apple's MusicKit JS in your browser.
• Payment info: Payments are processed through PayPal. We receive your PayPal email and transaction ID. We never see or store your credit card numbers.

How we use your data

• Generate collaborative playlists based on the musical tastes of everyone in your trip group.
• Create playlists on YouTube Music or Apple Music on your behalf when you choose to export.
• Authenticate your identity and manage your account.

We do not sell your data. We do not use your data for advertising.

Who we share your data with

We do not sell, rent, or trade your personal data. We share your data only with the third-party service providers listed below, strictly for the purposes of operating RoadTrip. We do not transfer or disclose your data to any other parties.

• Google (YouTube Data API v3) — we send your OAuth tokens to Google to read your liked songs and create playlists on your behalf. Governed by Google's Privacy Policy.
• Apple (MusicKit JS) — your Apple Music token is used client-side in your browser to read your library and create playlists. No Apple Music data is sent to our servers.
• Vercel — hosts the application. Processes your requests (IP address, browser info) as part of serving the app.
• Neon — hosts our PostgreSQL database. Stores your account info, trip data, and playlist data.
• PayPal — processes payments. Receives your PayPal email and transaction details when you make a purchase.
• Sentry — receives error reports (stack traces, browser info) with an anonymized user ID. No emails or personal data are sent. Data is stored in the EU.
• PostHog — receives anonymized usage analytics (page views, feature usage) with an anonymized user ID. No emails or personal data are sent. Data is stored in the EU.

No other third parties receive your data. We do not share your data with advertisers, data brokers, or any organizations not listed above.

Third-party services

We use the following third-party services to operate RoadTrip:

• Google OAuth — for sign-in and authentication.
• YouTube Data API v3 — to read your liked songs and create playlists on your YouTube Music account.
• Apple MusicKit JS — to read your Apple Music library and create playlists on your Apple Music account (browser-based).
• PayPal — for payment processing.
• Vercel — for hosting the application.
• Neon — for database hosting (PostgreSQL).
• Sentry — for error monitoring. Collects error reports (stack traces, browser info) with an anonymized user ID. No emails or personal data are sent. Data is stored in the EU.
• PostHog — for product analytics. Collects anonymized usage data (page views, feature usage) with an anonymized user ID. No emails or personal data are sent. Data is stored in the EU.

YouTube API Services

RoadTrip uses YouTube API Services. By using our app, you are also agreeing to be bound by the YouTube Terms of Service.

Please refer to Google's Privacy Policy for information on how Google handles your data.

You can revoke RoadTrip's access to your Google account at any time by visiting your Google Security Settings.

Apple Music

RoadTrip uses Apple's MusicKit JS to access your Apple Music library data directly in your browser. Your Apple Music token is handled client-side and is not stored on our servers.

You can disconnect your Apple Music account at any time from your trip settings.

Data retention

• Your music library data (YouTube Music liked songs, Apple Music library) is refreshed each time a playlist is generated. We do not permanently store your full listening history.
• Your account information (name, email, profile picture) is stored as long as your account exists.
• Trip and playlist data is retained as long as the trip exists.

Data protection

We take the following measures to protect your data, including any data received from Google and Apple APIs:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.2+).
• Encryption at rest: Our database (hosted on Neon) encrypts all stored data at rest using AES-256 encryption.
• Access controls: Access to production systems and databases is restricted to authorized personnel only, using secure credentials and role-based access controls.
• Token security: OAuth tokens used to access your Google account are stored securely in our database and are never exposed to other users or third parties beyond what is needed to operate the service. Apple Music tokens are handled entirely client-side and are not stored on our servers.
• Minimal data collection: We only request the minimum permissions (OAuth scopes) needed to provide our service and do not collect more data than necessary.

Data deletion

You can delete your account and all associated data from your account settings page. Deletion is immediate and irreversible.

Cookies

We use first-party cookies for authentication sessions and anonymous usage analytics. Our analytics cookies are served through our own domain and do not track you across other websites. We do not use third-party cookies or advertising cookies.

Contact us

If you have questions about this privacy policy or how we handle your data, email us at legal@roadtripmusic.app.

Changes to this policy

We may update this privacy policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.