Cue.
2026
← Home

Appendix · Privacy

Privacy policy.

Effective May 11, 2026 · Cue is operated by Jonah Dworkin (Los Angeles, USA).

Cue is a music diary. We collect what we need to make the diary work and the recommendations honest, and not much else. This page tells you what that means in concrete terms. If anything here is unclear, write to info@jointhecue.app.

1. What we collect

Account & profile

  • Sign in with Apple. We receive your Apple-anonymized email and (if you choose to share it) your name. We never see your Apple password.
  • Username, display name, profile picture, bio, privacy setting: whatever you put on your profile.
  • City & country, derived from your IP address on sign-in via a third-party service (ipapi.co). Used so artists can target campaigns to regions, never displayed publicly. Refreshed every 60 days.

Your diary

  • Entries: the song, artist, mood, optional note, and date for each day you log. Stored locally on your iPhone (SwiftData) and synced to our server (Supabase) so it survives device changes.
  • Likes & follows: who you follow, whose entries you've liked, recommendation taps.
  • Comments & replies: the text you post on entries, plus any GIF or photo you attach.

Photos & comment media

Two places in the app ask iOS for photo-library access, and only when you actively tap to add an image: your profile picture, and photo replies on comments (max 5 MB; JPEG, PNG, HEIC, WebP, or GIF). We don't browse your library. iOS hands us only the single image you pick. We do not request camera, microphone, contacts, calendar, or precise-location access anywhere in the app.

Music-service data (only if you connect)

  • Spotify is currently a lightweight link only. We store the connection state and a token but do not yet read your top artists, tracks, or play history (awaiting Spotify's extended-quota approval). We'll update this page before turning on any reads.
  • Apple Music: if connected, we read your heavy-rotation artists (MusicKit) to power recommendations and ad targeting, storing an aggregated summary, not individual play history. Refreshed roughly every 18 hours, replaced not appended.
  • Connecting either service is optional. The diary works fully without it. Disconnect any time in Settings.

Device tokens & analytics

If you grant push permission, your iOS device-token is stored so we can deliver notifications (deleted when invalid or on sign-out). We collect crash reports via Apple TestFlight / App Store Connect and standard server logs. No Google Analytics, Facebook Pixel, or third-party analytics SDKs.

2. What we don't collect

  • Your contacts
  • Your full photo library, only the specific images you tap to upload
  • Your location beyond city-level (no GPS, no precise location)
  • Your microphone, camera, or calendar
  • Your full Spotify or Apple Music play history, only aggregated summaries

3. Who else sees your data

Other Cue users: if your profile is public (the default), they can see your username, display name, picture, bio, and entries you've marked visible to followers. Switch to private in Settings to require approval before anyone follows you.

Service providers: Supabase (backend host, U.S.), Apple (App Store, Sign in with Apple, push), Spotify (only if connected), Stripe (only for artist purchases, we never see card numbers), ipapi.co (resolves IP to a city once at sign-in; we store only the city), and GIPHY (GIF search runs from your device; GIPHY never receives your Cue identity).

Advertisers (sponsored cards): we never share your identity or contact info. They get aggregated reporting only: impressions, taps, and breakdowns by city or mood, with no individual users named.

Law enforcement: we share data only when required by valid legal process, and will tell you unless prohibited by law.

4. How long we keep your data

  • Account & entries: kept while your account is active; fully purged within 30 days of deletion.
  • Music-service summaries: refreshed ~every 18 hours, replaced not appended; email us to purge before deletion (within 7 days).
  • Profile pictures & comment media: kept as long as the comment, account, or profile they belong to.
  • Sponsored-card impression logs: 13 months, then permanently anonymized.
  • Server request logs: 30 days.

5. Your rights

Regardless of where you live, you can access, correct, delete, or export your data. Email info@jointhecue.app, or use Settings → Edit profile / Delete account. EU/UK residents have additional GDPR rights; California residents have CCPA rights. Cue does not sell personal information.

6. Children

Cue is not directed at children under 13 and we don't knowingly collect their data. If you believe a child has signed up, email info@jointhecue.app and we'll delete the account.

7. Changes to this policy

If we change this policy meaningfully, we'll post a notice in the app and on this page at least 7 days before it takes effect. Trivial wording changes won't trigger a notice.

8. Contact

Privacy questions, deletion requests, or anything else: info@jointhecue.app.

Cue · Privacy