Go back

Privacy Policy

Last updated: Nov 4, 2024

1. Introduction

Welcome to covercollage.com ("we," "us," or "our"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our application.

2. Data Controller

The data controller responsible for your personal data is:

Leonhard Driesch
Musterstraße 5
12345 Musterstadt
[email protected]

3. Personal Data We Collect

  • Cookies and Tokens:
    HTTP-only JWT Cookie used for authentication purposes. This cookie contains a JSON Web Token that is used to authenticate your session securely without exposing sensitive data to client-side scripts.

We collect the following categories of personal data:

  • Identification Data:
    • Name: Retrieved from your Spotify account when you use it to log in.
    • Email Address: Retrieved from your Spotify account when you use it to log in.
    • Spotify ID: Your unique identifier on Spotify.
  • Authentication Data:
    • Password Hash: If you create an account using our service instead of Spotify, we store a hashed version of your password (including salt) for authentication purposes.
    • Refresh Token: Used to maintain your session with Spotify services.
  • Usage Data:
    • Collage Preferences: Details about the collages you create, such as name, rows, columns, and creation date.
    • Collage Items: Information about each item in your collage, including size, URL, artist name, title, and Spotify link.
  • Technical Data:
    • Created At: Timestamp of when your account and collages are created.

4. Purpose and Legal Basis for Processing

  • Authentication Cookies: To maintain a secure authenticated session for users by using an HTTP-only JWT cookie.
    Legal Basis: Performance of a contract (Article 6(1)(b) GDPR).

We process your personal data for the following purposes:

  • Providing Our Service: To create and display collages based on your most-listened-to artists on Spotify.
    Legal Basis: Performance of a contract (Article 6(1)(b) GDPR).
  • User Authentication: To authenticate your access to our application via Spotify or our own login system.
    Legal Basis: Performance of a contract (Article 6(1)(b) GDPR).
  • Service Improvement: To enhance and personalize your user experience.
    Legal Basis: Legitimate interests (Article 6(1)(f) GDPR).

5. Data Storage and Retention

Your personal data is stored securely on our servers. We retain your data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Information: Retained until you delete your account or withdraw consent.
  • Collage Data: Retained to provide you ongoing access to your collages.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

  • Service Providers: Trusted third-party service providers who assist us in operating our application (e.g., hosting providers). They process data only on our instructions and under contractual obligations.
  • Legal Obligations: If required by law or in response to valid requests by public authorities.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, and secure storage practices.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request confirmation of whether we process your personal data and access to that data.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data under certain conditions.
  • Right to Restriction: Request restriction of processing under certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly used format and transmit it to another controller.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

To exercise your rights, please contact us at [Your Contact Email].

10. Account Deletion and Data Removal

You can delete your account at any time through the application settings. Upon deletion, we will erase your personal data from our systems, except for data we are required to retain by law.

11. Children's Privacy

Our application is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us to have it removed.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Leonhard Driesch
Musterstraße 5
12345 Musterstadt
Email: [email protected]

14. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority in your country of residence.