DiscogMix

Privacy Policy

Last updated: April 6, 2026

DiscogMix ("we", "us", or "our") operates the DiscogMix Chrome extension and the discogmix.com website. This Privacy Policy explains how we collect, use, and protect your information when you use our products and services.

We are committed to respecting your privacy. DiscogMix is designed to work with minimal data collection, and we do not sell or share your personal information with third parties for advertising purposes.

What the Chrome Extension Accesses

The DiscogMix Chrome extension interacts with the Spotify Web Player (open.spotify.com) to provide its functionality. Here is exactly what the extension accesses:

  • Spotify authentication credentials: The extension intercepts network requests made by the Spotify Web Player to capture authentication credentials and session identifiers (such as access tokens, device identifiers, and API configuration data). These are stored in your browser's session storage and used exclusively to communicate with Spotify's APIs on your behalf. This data is never transmitted to our servers and is automatically cleared when your browser session ends.
  • Spotify Web Player interface: The extension injects UI elements into the Spotify Web Player to provide the artist selection and shuffle interface.
  • Local storage: Your artist selections, saved mixes, preferences, and license cache are stored locally in your browser using Chrome's storage API. This data never leaves your device.

Important: All Spotify credentials remain entirely within your browser. Server-side communication is limited to license validation and anonymous usage tracking (via a one-way hash of your Spotify username). We do not collect, store, or transmit your Spotify listening data, library, or credentials to our servers.

Usage Tracking

DiscogMix collects a one-way cryptographic hash (SHA-256) of your Spotify username to track weekly usage of the free tier and to manage Pro license activation. This hash cannot be reversed to reveal your Spotify username. The hash is stored on our servers and used solely to enforce usage limits and license validation. We do not sell, share, or transfer this data to any third parties.

What the Website Collects

When you purchase a DiscogMix Pro subscription through our website, the following information is collected:

  • Email address: Collected by our payment processor, Lemon Squeezy, to deliver your license key and send purchase receipts.
  • Payment information: Credit card and billing details are processed entirely by Lemon Squeezy. We never see, store, or have access to your full payment information.
  • License key: A unique license key is generated for your purchase, which you enter into the extension to activate Pro features.

What We Do NOT Collect

We want to be transparent about what we explicitly do not collect or track:

  • No listening history: We do not track, store, or have access to your Spotify listening history, play counts, or library data.
  • No analytics or tracking: Our website does not use Google Analytics, Facebook Pixel, or any third-party tracking scripts. We do not use cookies for advertising or tracking purposes.
  • Limited usage data: The extension sends only a one-way hash of your Spotify username and mix counts to our server for enforcing free tier limits. No listening data, library content, or artist selections are ever transmitted.
  • No personal profiles: We do not build profiles about you or your music preferences.

Data Retention

Since we collect minimal data, our retention practices are straightforward:

  • Local extension data: Stored in your browser and persists until you uninstall the extension or clear your browser data. You control this entirely.
  • Purchase records: Your email and license key are retained by Lemon Squeezy for as long as your subscription is active, plus any period required by applicable tax and accounting laws.
  • Support communications: If you contact us via email, we retain those communications for as long as necessary to resolve your inquiry, and no longer than 2 years after last contact.
  • Server usage data: A one-way hash of your Spotify username and weekly mix counts are stored on our servers. This data is used to enforce free tier limits and manage license activation. The hash cannot be reversed to identify you.

Third-Party Services

DiscogMix uses the following third-party services:

  • Lemon Squeezy: Payment processing and subscription management. Their privacy policy is available at lemonsqueezy.com/privacy.
  • Spotify: The extension communicates with Spotify's internal APIs using your existing browser session to fetch your discography, manage playlists, and control playback. Spotify's privacy policy governs their handling of your data.
  • Cloudflare: Our website is served through Cloudflare, which may process basic connection metadata (IP address, request headers) as described in their privacy policy.

Your Rights (GDPR & CCPA)

We process personal data on the following legal bases:

  • Contract performance: Processing your license key and subscription status to provide the service you purchased.
  • Legitimate interest: Processing Spotify session credentials locally to enable the extension's core functionality, and storing an anonymized usage hash to enforce free-tier limits. These interests do not override your data protection rights, as the processing involves minimal data and poses no undue risk.

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access: Request a copy of any personal data we hold about you.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to data portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to the processing of your personal data in certain circumstances.
  • Right to non-discrimination (CCPA): We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at [email protected]. For server-side data (your anonymized usage hash), we will delete your record from our systems within 30 days of your request. For payment-related data held by Lemon Squeezy, please also contact Lemon Squeezy directly.

Children's Privacy

DiscogMix is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us so we can promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your information.

Chrome Web Store Compliance

DiscogMix's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically, DiscogMix:

  • Only uses data necessary to provide its core functionality
  • Does not transfer user data to third parties except as necessary to provide the service
  • Does not use user data for advertising or data resale
  • Does not allow humans to read user data except with your explicit consent, for security purposes, or to comply with applicable law

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

[email protected]