Privacy Policy

Last Updated: November 23, 2025

Introduction

Phlock ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

Information We Collect

1. Personal Information You Provide

When you create an account with Phlock, we collect:

  • Email address - Provided through Spotify or Apple Music OAuth authentication
  • Display name - Chosen by you during profile setup
  • Profile photo - Optional, uploaded by you
  • Platform user ID - Your Spotify or Apple Music user identifier

2. Music and Sharing Data

To provide our core service, we collect:

  • Music shares - Songs you send to friends, including track details and optional messages
  • Music preferences - Artists and tracks you search for or interact with
  • Listening activity - When you play previews of shared songs
  • Saved tracks - Songs you mark as saved from shares

3. Social Network Data

To enable friend connections, we collect:

  • Friend relationships - Users you connect with on Phlock
  • Contact information - Phone numbers and contact names (only if you grant permission) to help you find friends
  • Friend requests - Sent and received friend connection requests

4. Third-Party Authentication Data

We use OAuth authentication with:

  • Spotify - Access to your Spotify profile, email, top artists, and playlists (read-only)
  • Apple Music - Access to your Apple Music library and ability to search the Apple Music catalog

We store encrypted access tokens to maintain your connection to these platforms.

5. Automatically Collected Information

When you use Phlock, we automatically collect:

  • Device information - Device type, operating system version
  • Usage data - App interactions, features used, error logs
  • Network information - IP address, connection type (for API requests)

How We Use Your Information

We use the collected information to:

  1. Provide and maintain the service - Enable music sharing, friend connections, and feed activity
  2. Authenticate your account - Verify your identity through Spotify or Apple Music
  3. Personalize your experience - Show relevant music recommendations and friend suggestions
  4. Communicate with you - Send notifications about shares, friend requests, and app updates
  5. Improve our service - Analyze usage patterns to enhance features and fix bugs
  6. Ensure security - Detect and prevent unauthorized access or abuse

Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

With Other Users

  • Profile information - Display name and profile photo are visible to other Phlock users
  • Music activity - Songs you share are visible to recipients and appear in their feeds
  • Friend connections - Your friends can see your profile and shared music

With Third-Party Services

  • Supabase - Our backend database and authentication provider (encrypted storage)
  • Spotify - To access your Spotify data and search the Spotify catalog
  • Apple Music - To search Apple Music and play song previews

For Legal Reasons

We may disclose your information if required by law, court order, or to:

  • Protect our rights or property
  • Prevent fraud or security issues
  • Comply with legal obligations

Data Storage and Security

  • Encryption - All platform access tokens are encrypted in our database
  • Secure transmission - All data is transmitted over HTTPS
  • Access controls - We use row-level security policies to ensure users can only access their own data
  • Third-party infrastructure - Data is stored on Supabase's secure cloud infrastructure

Your Data Rights

You have the right to:

Access Your Data

You can view all your personal information, shares, and friend connections within the app.

Update Your Information

You can edit your display name and profile photo in the Profile settings.

Delete Your Account

You can request account deletion by contacting us at support@phlock.app. This will remove:

  • Your profile and personal information
  • All music shares you've sent or received
  • Friend connections
  • Stored authentication tokens

Revoke Platform Access

You can revoke Phlock's access to Spotify or Apple Music through their respective settings:

  • Spotify: Account Settings → Apps → Phlock → Remove Access
  • Apple Music: iOS Settings → Privacy → Media & Apple Music → Phlock → Toggle Off

Contact Matching

If you grant permission, Phlock accesses your device contacts to help you find friends. We:

  • Match contacts locally on your device
  • Do not upload your entire contact list to our servers
  • Only store connections for users who accept friend requests
  • Allow you to revoke contact access at any time in iOS Settings

Children's Privacy

Phlock is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you believe we have collected data from a child, please contact us immediately.

International Data Transfers

Your data may be transferred to and stored on servers located outside your country of residence. By using Phlock, you consent to such transfers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted in the app and on this page with an updated "Last Updated" date. Continued use of Phlock after changes constitutes acceptance.

Third-Party Links

Phlock may contain links to Spotify and Apple Music. We are not responsible for the privacy practices of these third parties. Please review their privacy policies.

Data Retention

We retain your information for as long as your account is active or as needed to provide services. After account deletion, we may retain certain data for legal or operational purposes.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale (we do not sell your information)
  • Right to deletion
  • Right to non-discrimination

To exercise these rights, contact us at privacy@phlock.app.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Phlock Team