Back to home

Privacy Policy

Last updated: December 2, 2025

phlock ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service"). Please read this policy carefully. By using phlock, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address (from your music platform or Apple ID)
  • Display name and username
  • Profile photo (if you choose to upload one)
  • Phone number (optional, for friend discovery)
  • Bio and profile information you provide

1.2 Music Platform Data

When you connect your Spotify or Apple Music account, we access:

  • Your music platform profile (name, email, profile image)
  • Your top artists and recently played tracks
  • Your music library and playlists (read-only access)
  • Your subscription type and country/region

We store OAuth tokens securely to maintain your connection to these services. We do not store your music platform passwords.

1.3 Contact Information

If you grant permission, we access your device contacts to help you find friends on phlock. We use a privacy-preserving approach:

  • Phone numbers are cryptographically hashed (SHA-256) before being sent to our servers
  • We never store or transmit your contacts' actual phone numbers
  • Hashes are used solely to match with existing phlock users
  • Contact names and other details remain on your device only

1.4 Usage Data

We automatically collect information about your use of the Service:

  • Daily song selections and sharing history
  • Engagement with shared songs (plays, saves, forwards)
  • Your phlock relationships (who you follow and who follows you)
  • Messages and comments you send through the Service
  • Streak data and activity patterns

1.5 Device Information

We collect device information necessary for the Service:

  • Device type and operating system
  • Push notification tokens (for sending notifications)
  • App version information

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Enable you to share daily song picks with friends
  • Build and display your personalized daily playlist from your phlock
  • Facilitate social connections and friend discovery
  • Send push notifications about friend activity and daily picks
  • Track your daily song streak and engagement metrics
  • Cross-reference songs between Spotify and Apple Music platforms
  • Communicate with you about updates, features, and support
  • Detect and prevent fraud, abuse, and security issues
  • Comply with legal obligations

3. Information Sharing and Disclosure

3.1 With Other Users

The Service is inherently social. The following information is visible to other users:

  • Your profile (name, username, photo, bio)
  • Your daily song picks (visible to your followers)
  • Your phlock count (how many people have you in their phlock)
  • Your follower and following lists
  • Comments and messages you send to other users

If your account is set to private, only approved followers can see your daily picks.

3.2 With Third-Party Services

We integrate with the following third-party services:

  • Spotify: To access your music data and enable song sharing
  • Apple Music: To access your music data and enable song sharing
  • Supabase: Our backend infrastructure provider for data storage and authentication
  • Apple Push Notification Service: To deliver push notifications

These services have their own privacy policies governing their use of your data.

3.3 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3.4 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS/SSL
  • OAuth tokens are stored securely and encrypted at rest
  • Database access is protected by Row Level Security (RLS) policies
  • Phone numbers are hashed before storage (we never store actual numbers)
  • We use Supabase, which maintains SOC 2 Type II compliance

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you delete your account
  • Song sharing history: Retained indefinitely while account is active
  • OAuth tokens: Retained until expired or you disconnect the service
  • Push notification tokens: Cleared when you sign out or delete your account
  • Hashed contact data: Deleted when you delete your account

6. Your Rights and Choices

6.1 Account Deletion

You can delete your account at any time through the app settings. When you delete your account, we will delete:

  • Your profile and account information
  • All your song shares and engagement history
  • Your follow relationships and phlock memberships
  • Your OAuth tokens and connected services
  • Your push notification tokens
  • Your hashed contact data
  • All comments and messages you've sent

Account deletion is permanent and cannot be undone.

6.2 Data Access and Portability

You can request a copy of your data by contacting us at privacy@phlock.fm. We will provide your data in a commonly used electronic format within 30 days.

6.3 Manage Permissions

You can manage app permissions through your device settings:

  • Contacts: Revoke access in iOS Settings → phlock → Contacts
  • Notifications: Manage in iOS Settings → phlock → Notifications
  • Music services: Disconnect in the phlock app settings

6.4 Privacy Settings

You can set your account to private, which requires approval before others can follow you and see your daily picks.

7. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected personal information from a child under 13, we will delete that information promptly. If you believe we have collected information from a child under 13, please contact us at privacy@phlock.fm.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we've collected about you
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@phlock.fm.

10. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

Our legal basis for processing your data includes: your consent, performance of our contract with you, our legitimate interests, and compliance with legal obligations.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@phlock.fm

General Inquiries: hello@phlock.fm

We will respond to your inquiry within 30 days.