Privacy Policy
Short version: Your depth profiles and music preferences stay yours. We don't sell your data, don't share your taste with advertisers, and don't connect to any streaming service without your explicit action. When you connect YouTube, we use that connection only to create the playlists you ask us to create.
1. Who We Are
ApexDepths is a product of bigSIMPLE Development, operated as a sole proprietorship. Our contact email is bigsimpledevelopment@protonmail.com. When this policy says "we," "us," or "our," it means bigSIMPLE Development.
2. What Data We Collect
We collect only what is necessary to provide the service:
- Account information — email address and password (hashed) when you create an account
- Depth profiles — the profile names, artists, genres, and depth scores (0–100) you create and save
- Search queries — artist or track names you enter to look up catalog information via MusicBrainz and Last.fm
- YouTube OAuth tokens — access token, refresh token, and expiration timestamp, stored only when you choose to connect your YouTube account
- YouTube playlist metadata — playlist IDs and resolved video IDs for playlists you create through ApexDepths, so we can recreate or update them without re-resolving every track
- Usage data — features used, session timestamps, and error logs, collected via server logs
- Device information — iOS or Android OS version and app version, for crash reporting and compatibility
We do not collect: your location, contacts, microphone or camera access, call logs, or your streaming service listening history.
3. How We Use Your Data
- Sync your depth profiles across your devices
- Fetch artist and catalog metadata from MusicBrainz and Last.fm to power exploration features
- Curate track recommendations from a candidate list you've already scoped via your depth profile
- Create and manage YouTube playlists in your YouTube account when you explicitly publish a playlist from ApexDepths
- Resolve track names to YouTube videos via the YouTube Data API, only for playlists you have asked us to create
- Diagnose crashes and improve app performance
- Send transactional emails (e.g., password reset) — we do not send marketing email without your opt-in
We do not use your music preferences for advertising, sell them to data brokers, or share them with third parties except as described in Section 4.
4. Third-Party Services
ApexDepths relies on the following third-party services:
- MusicBrainz — open music encyclopedia used for artist and catalog metadata lookups. Queries contain only the search term you entered; no account identifiers are sent. MusicBrainz is operated under the MetaBrainz Foundation's own privacy policy.
- Last.fm — we use the Last.fm API to retrieve top tracks for artists and genres you've added to a depth profile. Queries contain only the artist or genre name; no account identifiers are sent.
- YouTube (Google) — when you connect your YouTube account, we use the YouTube Data API v3 and Google OAuth 2.0 to create playlists and add videos on your behalf. We request the
https://www.googleapis.com/auth/youtubescope, which is required to write playlists. We do not read, modify, or interact with your subscriptions, comments, channel settings, ratings, watch history, or any other YouTube data. You can revoke ApexDepths' access at any time from Depth Profile Details → Disconnect YouTube in the app, or directly at https://myaccount.google.com/permissions. - Anthropic (Claude API) — we use Anthropic's Claude models to curate which tracks from a Last.fm candidate list best match your depth profile. We send only artist names, track titles, and your depth setting. We do not send your account information, YouTube tokens, or any Google API data to Anthropic. Anthropic does not retain this data for model training.
- Stripe — payment processing for any paid subscription tier
- Render / Railway — cloud hosting infrastructure
- MongoDB Atlas — database hosting; data at rest is encrypted by the provider
We do not use advertising SDKs or analytics pixels from Facebook, Google, or similar ad networks. We do not use social login. The Google OAuth integration described above is used solely to create playlists in your YouTube account at your explicit request — it is not used for sign-in or identity.
4a. Google API Services User Data Policy — Limited Use Disclosure
ApexDepths' use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use YouTube data only to provide the user-facing playlist creation feature you have explicitly initiated.
- We do not transfer Google user data to others except as necessary to provide or improve user-facing features that are prominent in the application interface.
- We do not use Google user data for serving advertisements.
- We do not allow humans to read Google user data unless we have your affirmative agreement, or it is necessary for security purposes, to comply with applicable law, or for ApexDepths' internal operations (and only with anonymized or aggregated data).
5. Cookies, Local Storage & On-Device Data
ApexDepths stores and accesses limited information directly on your device or browser to make the service work. We use this only for functional, non-advertising purposes:
- Authentication tokens — your ApexDepths access and refresh tokens (JWT) are stored on your device, in browser
localStorageon the web app or in secure app storage on mobile, so you stay signed in between sessions. - Session cookies — a strictly necessary cookie may be set to maintain your login session and protect against cross-site request forgery. These are functional cookies, not tracking cookies.
- App preferences — interface settings (such as theme and last-viewed depth profile) are cached locally so the app opens in the state you left it.
- YouTube / Google data on device — when you connect YouTube, the OAuth flow runs through Google's own pages, which may set Google cookies on your device under Google's privacy policy. Playlist IDs and resolved video IDs for playlists you create may be cached locally to avoid re-resolving tracks.
We do not place advertising cookies, third-party tracking cookies, analytics pixels, device fingerprinting, or similar cross-site tracking technology on your device. Information stored on your device is never used to build an advertising profile or shared with ad networks. You can clear this data at any time by signing out, clearing your browser storage, or uninstalling the app; clearing authentication data will sign you out.
6. Mobile App Permissions
The iOS and Android apps request only the permissions required for core features:
- Internet access — required to sync profiles and fetch catalog data
- Storage (Android) — optional, only if you choose to export a depth profile to a local file
No other device permissions are requested. You can review and revoke permissions at any time in your device settings.
7. Data Retention
- Depth profiles: retained until you delete them or close your account
- Account data: retained for the life of your account, then deleted within 30 days of account closure
- YouTube OAuth tokens: retained only while your YouTube account is connected. When you disconnect, we revoke the token at Google and delete it from our database within 24 hours. On account closure, tokens are revoked and deleted as part of the deletion cascade.
- YouTube playlist metadata (playlist IDs, resolved video IDs): retained until you delete the saved playlist in ApexDepths, or within 30 days of account closure
- Track resolution cache (artist/title → YouTube video ID, with no user identifier): retained up to 90 days
- Payment records: retained as required by law (typically 7 years)
- Server logs: retained for 90 days for security and debugging purposes; logs are scrubbed of OAuth tokens and authorization codes before storage
- Crash reports: retained for 90 days
8. Your Rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Delete — request deletion of your account and all associated data, including depth profiles, YouTube tokens (which are revoked at Google as part of the deletion), and saved playlists. You can initiate this from Settings → Delete Account in the app, or by emailing us.
- Disconnect YouTube — disconnect your YouTube account at any time from Settings → Disconnect YouTube. This revokes our access at Google and deletes the stored tokens within 24 hours. Disconnecting does not delete your ApexDepths account or your depth profiles.
- Export — download all your depth profiles as a JSON file from account settings
- Correct — update inaccurate account information at any time
To exercise any of these rights, email bigsimpledevelopment@protonmail.com with "ApexDepths Privacy Request" in the subject. We will respond within 30 days.
9. Security
All data in transit is encrypted with HTTPS/TLS. Data at rest is encrypted by our hosting infrastructure (MongoDB Atlas). We apply principle-of-least-privilege for internal access. Passwords are stored as salted hashes and never in plaintext. OAuth tokens are stored in a database that is not publicly accessible and is protected by Atlas's network controls.
If you believe a security vulnerability exists, please disclose it responsibly to bigsimpledevelopment@protonmail.com.
10. Children
ApexDepths is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has created an account, contact us and we will delete it promptly.
11. Changes to This Policy
If we make material changes, we will post the updated policy here and update the "Last updated" date above. For significant changes, we will notify account holders by email at least 14 days in advance.
12. Contact
Questions about this policy? Reach us at bigsimpledevelopment@protonmail.com.