Privacy Policy

SpinMixPro ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have under the Swiss Federal Act on Data Protection (nDSG) and the EU General Data Protection Regulation (GDPR).

By using SpinMixPro, you agree to the practices described in this policy. If you do not agree, please do not use our service.

Account Data

• Email address (required for account creation)
• Password (stored as a cryptographic hash — never in plain text)
• Account creation date and last login timestamp

Usage & Playlist Data

• Blueprints and block configurations you create
• Generated and accepted playlists
• Music preferences (genres, favourite artists, excluded artists)
• Playlist generation counts (for tier enforcement)

Billing Data

• Subscription plan and status (processed and stored by Stripe — we do not store credit card numbers)
• Stripe Customer ID linked to your account

Technical Data

• Session tokens (for keeping you logged in)
• Server-side logs (errors and API calls — no personal identifiers)

• Account management — to create and maintain your account, authenticate you, and send password-reset emails
• Playlist generation — to run the playlist engine using your preferences and blueprints
• Billing — to process subscription payments via Stripe and enforce tier limits
• Service improvement — aggregate, anonymised usage statistics to understand how the product is used
• Legal compliance — to meet our obligations under Swiss and EU law

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

Under the nDSG and GDPR, you have the following rights:

• Access — Request a copy of all personal data we hold about you
• Rectification — Correct inaccurate or incomplete data
• Deletion — Request full deletion of your account and all associated data
• Portability — Download your data in a portable format (JSON or CSV) from Settings → Account
• Withdrawal of consent — Opt out of any non-essential data processing at any time

Account deletion and data export are available directly in Settings → Account. For other data requests, contact us at the address in the Imprint.

• Account data is retained until you delete your account
• Billing records (invoices) are retained for 10 years as required by Swiss commercial law
• Server logs are automatically deleted after 30 days
• Anonymised aggregate usage statistics may be retained indefinitely

We implement appropriate technical and organisational measures to protect your data:

• Passwords are hashed using bcrypt
• All data in transit is encrypted via TLS
• Database hosted in an EU data centre with restricted access
• API keys and secrets stored in environment variables, never in code
• No personal data in application logs

We use only essential cookies required for authentication (session cookies). No tracking or advertising cookies are set. For full details, see our Cookie Policy.

For privacy-related questions or to exercise your rights, please contact us using the information in our Imprint.

We will respond to data requests within 30 days.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice in the app. The "Last updated" date at the top of this page always reflects the most recent revision.