← Back to VinylBPM

Legal

Privacy Policy

Last updated: May 11, 2026  ·  Effective: April 1, 2026  ·  vinylbpm.com

The short version: VinylBPM collects only what's needed to run the app — your email, your records, and your scans. We don't sell your data. We don't show ads. We use AI to read vinyl labels and look up prices. You're in control.

1. Who We Are

VinylBPM ("we," "us," or "our") is a vinyl record management platform available at vinylbpm.com and as an iOS app. For privacy questions contact privacy@vinylbpm.com.

2. Information We Collect

Account Information

  • Email address and username
  • Password (stored as a one-way bcrypt hash — we cannot read it)

Record Collection Data

  • Record details you scan or enter (artist, title, label, catalog number, year)
  • Track information (BPM, key, genre, energy)
  • Label photos you upload for scanning
  • Condition grades and collection notes
  • Your want list (records you're hunting for)

Technical Information

  • IP address (security and fraud prevention only)
  • Device type and OS version (iOS app)
  • Push notification token (only if you enable notifications)
  • Session data (to keep you logged in)

Payment Information

Payments are processed by Stripe. We never store your card number or CVV. Stripe shares only a customer ID and subscription status with us. See Stripe's Privacy Policy.

3. How We Use Your Information

  • To run the service — storing your collection, generating mix suggestions, calculating collection value
  • AI label scanning — your label photos are sent to OpenAI's GPT-4o Vision API to extract record details. Photos are not retained by OpenAI beyond the immediate API call per their terms
  • BPM & key lookup — artist and track names are sent to GetSongBPM and MusicBrainz to retrieve music data
  • Market pricing — artist, title, and catalog number are sent to the Discogs API for marketplace prices
  • Spotify previews — track names are searched via Spotify's API for preview links. No listening data is collected
  • Push notifications — only if you opt in on iOS
  • Security — IP addresses and session data for fraud prevention
  • Communication — account emails, password resets, subscription receipts

We do not sell your data, use it for advertising, or use it to train AI models.

4. Third-Party Services

OpenAI (GPT-4o)

Label photos are sent to OpenAI for record identification. API data is not used for model training per OpenAI's business terms. OpenAI Privacy Policy →

Discogs

Artist, title, and catalog numbers are sent for release info and pricing. Discogs Privacy Policy →

GetSongBPM / GetSong.co

Artist and track names sent for BPM and key data. GetSongBPM Privacy Policy →

Spotify

Track names searched for preview audio. No Spotify account required or linked. Spotify Privacy Policy →

MusicBrainz / AcousticBrainz

Free open-source databases for BPM and key data. No personal data shared. MetaBrainz Privacy Policy →

Stripe

Payment processing for subscriptions and marketplace. Stripe Privacy Policy →

5. Data Storage and Security

  • Data stored on servers in the United States
  • Passwords hashed with bcrypt — unrecoverable by us
  • All connections use HTTPS/TLS
  • API tokens stored as SHA-256 hashes
  • Label photos are private to your account only

6. Your Rights

Access

All your data is visible in the app. Contact us to request a full data export.

Correction

Edit any record data directly in the app or website.

Deletion

Delete individual records anytime in the app. To delete your entire account, email privacy@vinylbpm.com with subject "Delete My Account." We'll permanently delete everything within 30 days.

Push Notifications

Disable anytime: iOS Settings → VinylBPM → Notifications.

California Residents (CCPA)

You have the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal data. Contact privacy@vinylbpm.com to exercise your rights.

EU/EEA Residents (GDPR)

You have rights to access, rectification, erasure, restriction, portability, and objection. Our legal basis is contract performance and legitimate interests. Contact privacy@vinylbpm.com.

7. Data Retention

  • Active accounts: retained as long as account is active
  • Deleted accounts: permanently removed within 30 days
  • Payment records: 7 years (legal requirement)
  • Server logs: 90 days for security purposes

8. Children's Privacy

VinylBPM is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us personal information, contact us and we will delete it immediately.

9. Marketplace

  • Seller username and listing details are publicly visible
  • Buyer shipping address is shared with the seller to fulfill orders
  • Email addresses are never shared between buyers and sellers
  • Transaction data is shared with Stripe for payment processing

10. Changes to This Policy

We may update this policy from time to time. We'll update the date at the top and notify you by email for material changes. Continued use after changes = acceptance.

Privacy Questions?

We respond within 5 business days.

privacy@vinylbpm.com

© 2026 VinylBPM · Privacy Policy