Skip to content
Feed
Daily Drop
Sign In

Privacy Policy

Last updated: February 14, 2026

What We Collect

We collect the minimum data needed to run Daily Drop:

  • Account info: email address, username, display name, and bio.
  • Authentication: passkey credentials (public keys only — we never store passwords).
  • Apple Music data: your playlist ID and, if you authorize it, a MusicKit user token to sync your library playlist. This token is encrypted at rest.
  • Usage data: reactions to songs, preview play counts, playlist add counts, badge progress, and taste match data.
  • Session data: IP address and user agent for active sessions.

How We Use Your Data

  • To create and display your daily music drops.
  • To sync songs from your Apple Music playlist into your curation pool.
  • To show reactions, play counts, and taste matches across the community.
  • To generate badges based on your listening and curation activity.
  • To send transactional emails (account-related only, never marketing).

Third-Party Services

We integrate with the following services:

  • Apple Music (MusicKit): used to look up song metadata, play previews, and create playlists in your library. Subject toApple's Privacy Policy.
  • Solid Queue / Solid Cache / Solid Cable: background jobs, caching, and WebSockets — all database-backed and self-hosted. No third-party data sharing.

Data Storage and Security

  • All data is stored in a PostgreSQL database hosted on our infrastructure.
  • Apple Music user tokens are encrypted at rest using Active Record Encryption.
  • Authentication uses passkeys (WebAuthn) — no passwords are ever stored or transmitted.
  • All connections use HTTPS. A Content Security Policy is enforced to protect against cross-site scripting.

Cookies

We use a session cookie to keep you signed in. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is needed because we only use strictly necessary cookies.

Your Rights

You can:

  • View your data: your profile, settings, and activity are visible in the app.
  • Update your data: edit your profile, display name, bio, and playlist ID in Settings.
  • Disconnect Apple Music: remove your playlist ID and user token in Settings.
  • Request deletion: contact us to delete your account and all associated data.

If you are in the EU (GDPR) or California (CCPA), you have additional rights including data portability and the right to object to processing. Contact us to exercise these rights.

Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is removed. Aggregated, non-identifying data (e.g., total play counts) may be retained.

Children

Daily Drop is not intended for children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of Daily Drop after changes constitutes acceptance.

Contact

Questions about this policy? Reach out atprivacy@dailydrop.fm.

0:00