Effective Date: February 8, 2026
Last Updated: February 8, 2026
Version: 1.0
Welcome to CutBeat!
CutBeat (“we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the CutBeat mobile application (the “App”).
By using CutBeat, you agree to the collection and use of information in accordance with this policy.
Important: - CutBeat requires a Spotify Premium account - You must be at least 13 years old to use the App - The App is non-commercial (free, no advertising)
CutBeat
Website: https://cutbeat.app
Email: support@cutbeat.app
Country: Sweden
For questions about this Privacy Policy, contact us at: support@cutbeat.app
When you connect your Spotify account to CutBeat, we request the following permissions:
| Permission | What we access |
|---|---|
user-read-email |
Your email address |
user-read-private |
Your username, Spotify ID, Premium status |
streaming |
Ability to play music via Spotify |
app-remote-control |
Control Spotify app (play, pause, seek) |
user-read-playback-state |
Read playback status |
user-modify-playback-state |
Modify playback |
playlist-read-private |
Read your private playlists |
playlist-read-collaborative |
Read collaborative playlists |
Specific data we collect from Spotify: - Email address - Username/display name - Spotify User ID - Premium subscription status (yes/no) - Spotify access token and refresh token - Token expiration date
Track metadata from Spotify: - Song title - Artist name - Album artwork URL - Track duration - Popularity (0-100) - Spotify Track ID and URI
Cue Points (start/stop markers): - Start time for each track (in milliseconds) - Stop time for each track (in milliseconds) - These are your own settings that you create manually
Playlists: - Playlist names (chosen by you) - Number of tracks in each playlist - Dates when playlists were created and updated
Tracks in Playlists: - Track order in your playlists - Relationship between tracks and playlists
Session Data: - Session token (to keep you logged in) - Session expiration date
No other technical data is collected: - ❌ We do NOT collect IP addresses (not stored permanently) - ❌ We do NOT collect device identifiers (IDFA) - ❌ We do NOT collect location data - ❌ We do NOT use cookies for tracking - ❌ We do NOT collect analytics or usage statistics
We use your data only to:
IMPORTANT about token storage: We store your Spotify access and refresh tokens in our database. We do this to: - Automatically refresh tokens when they expire - Avoid requiring you to approve Spotify access every time you open the app
You must still be logged into CutBeat to use the app. Tokens are NOT used to access your Spotify account without your knowledge.
We may use aggregated, anonymized cue point statistics from other users to suggest cue points for you. No personally identifiable data is shared with other users.
We NEVER use your data to: - ❌ Sell to third parties - ❌ Show advertising - ❌ Analyze your behavior (no analytics) - ❌ Send marketing emails - ❌ Share with other users
Provider: Supabase Inc.
Location: EU North 1 (Stockholm, Sweden)
Privacy Policy: https://supabase.com/privacy
We store the following data in Supabase:
| Data Type | Storage |
|---|---|
| User info | Email, name, Spotify ID, Premium status |
| Spotify tokens | Access token, refresh token, expiration date |
| Playlists | Name, track count, version |
| Cue points | Start/stop times for each track |
| Sessions | Session tokens with expiration dates |
Security: - HTTPS encryption for all communication - Row Level Security (RLS) in database - Encryption of data at rest - Physical servers in EU (GDPR-compliant)
We securely store the following on your device: - Session token (to keep you logged in) - Spotify session data (from Spotify SDK)
Security: - iOS Keychain (encrypted by Apple) - Only accessible to CutBeat app - Deleted upon app uninstallation
For better performance, we temporarily cache in app memory: - Your playlists - Track metadata
Security: - Automatically deleted when you close the app - Deleted upon “Sign Out” - No sensitive data cached
We share your data only with the following services that are necessary for the app to function:
Purpose: Music streaming and authentication
Data shared: OAuth tokens, playback status
Privacy Policy:
https://www.spotify.com/legal/privacy-policy/
Purpose: Backend infrastructure, database,
authentication
Data shared: All data (see section 5.1)
Privacy Policy: https://supabase.com/privacy
Location: EU (Stockholm, Sweden)
We NEVER share your data with: - ❌ Ad networks - ❌ Analytics services - ❌ Data brokers - ❌ Social media platforms - ❌ Other app users
| Data Type | Retention Period |
|---|---|
| Spotify tokens (backend) | Until you request account deletion |
| Playlists and cue points | Until you delete them or close account |
| Session tokens | 7-30 days or until you log out |
| Keychain data (local) | Until you log out or uninstall app |
| RAM cache (local) | Until you close app or log out |
Automatic Cleanup: - Expired sessions are automatically deleted from backend - Local cache cleared when app closes - Keychain cleared upon “Sign Out”
Under GDPR, you have the following rights:
You have the right to obtain a copy of all data we have about
you.
How: Contact support@cutbeat.app
You can update your playlists and cue points directly in the
app.
How: Edit in app or contact support@cutbeat.app
You can request that we delete all your data.
How: Contact support@cutbeat.app
Response Time: Within 30 days
You can receive your data in machine-readable format to transfer to
another service.
How: Contact support@cutbeat.app
You can disconnect your Spotify account at any time.
How: Click “Sign Out” in the app
You can object to our processing of your personal data.
How: Contact support@cutbeat.app
If you’re not satisfied with how we handle your data, you can complain to:
Swedish Data Protection Authority
(Datainspektionen)
Website: https://www.imy.se
Email: imy@imy.se
Or your local data protection authority.
Click “Sign Out” in the app. This deletes: - ✅ Session token from your device - ✅ Spotify tokens from your device - ✅ Cached playlists and tracks
NOTE: This does NOT delete: - ❌ Data in our backend (playlists, cue points, Spotify tokens) - ❌ Your user account
To delete ALL data including your account: 1. Contact: support@cutbeat.app 2. Provide: Your email address linked to Spotify 3. We’ll delete all your data within 30 days
What gets deleted: - ✅ User account - ✅ Spotify tokens - ✅ All playlists - ✅ All cue points - ✅ Session data
We protect your data through:
CutBeat is NOT intended for children under 13 years old.
If we discover we have data from children: - Data is immediately deleted - Account is closed - Parent/guardian notified (if possible)
If you are a parent and believe your child has used CutBeat, contact: support@cutbeat.app
Primary Storage: EU (Stockholm, Sweden)
Spotify (USA-based company): - OAuth handled via Spotify’s servers - Covered by Spotify’s Privacy Shield / Standard Contractual Clauses - Privacy Policy: https://www.spotify.com/legal/privacy-policy/
Supabase (USA-based company, EU servers): - Data physically stored in EU - Covered by GDPR - Standard Contractual Clauses in place
We NEVER transfer data to: - ❌ Countries outside EU/EEA without appropriate safeguards - ❌ Insecure locations
We may update this Privacy Policy from time to time. When we do, we will:
Your Responsibility: - You are responsible for periodically reviewing this policy - Continued use after changes means you accept the update
Version History: - Version 1.0 (February 8, 2026): First version
CutBeat does NOT use cookies or tracking technologies.
We do NOT use: - ❌ Tracking cookies - ❌ Analytics (Google Analytics, Mixpanel, etc.) - ❌ Advertising trackers - ❌ Cross-site tracking - ❌ Fingerprinting - ❌ Device identifiers for tracking (IDFA)
Session Management: - We use session tokens (stored in iOS Keychain, NOT cookies) - Only for authentication, NOT for tracking
Under GDPR, we must have a legal basis to process your personal data:
| Data | Legal Basis |
|---|---|
| Spotify data (OAuth) | Consent - You approve Spotify access at login |
| Playlists and cue points | Contract - Necessary to provide the service |
| Session tokens | Contract - Necessary for authentication |
| Cache (performance) | Legitimate Interest - Optimize app performance |
You can at any time: - Withdraw consent by signing out - Request deletion of your account
For data processing questions:
Email: support@cutbeat.app
Response Time: Within 30 days per GDPR
Language: English
For privacy questions:
Email: support@cutbeat.app
For data requests: - Export data: support@cutbeat.app - Delete account: support@cutbeat.app - Rectify data: Edit in app or contact us
For general support:
Email: support@cutbeat.app
Address:
Sweden
In short:
✅ We collect: Spotify data (OAuth), playlists and
cue points you create
✅ We store in: Supabase (EU), iOS Keychain (local),
RAM (temporary)
✅ We use for: Playing music from your chosen cue
points
✅ We share with: Only Spotify (playback) and Supabase
(backend)
✅ We do NOT sell: Your data to anyone
✅ You can: Sign out anytime, request deletion, export
data
✅ GDPR: Full compliance, data in EU, your rights
respected
Thank you for using CutBeat!