Privacy Policy

Effective Date: 2026-05-06

This policy explains what data StirFle-O (“we”, “our”, “us”) collects when you use the service, how we use it, and what choices you have. The service has no user accounts, so most concerns about data tied to your identity simply do not apply.

1. Information we collect

1.1 Public playlist metadata

When you submit a public Spotify or Apple Music playlist URL, we fetch the public metadata of that playlist: track titles, artists, album info, cover art, owner display name, and follower count. We never access private playlists or any data tied to your own Spotify or Apple Music library.

1.2 Diagnosis records

Each diagnosis is stored under a random, anonymous share ID so the result page works as a shareable URL. The record contains the playlist metadata above plus the derived analysis (personality type, score, traits). It is NOT linked to any user identity — we have no way to know which records were created by which person.

1.3 Approximate location (country / region / city)

We send your IP address to freeipapi.com (with ipinfo.io as a fallback) to look up the corresponding country, region, and city. The looked-up location is recorded in our server logs for aggregate analytics. The IP address itself is discarded immediately after the lookup and is never persisted.

1.4 Server access logs

Standard request logs are emitted by our application: request path, HTTP method and status code, response time, User-Agent, Referer header, and the geo data above. These are written to our hosting provider’s log system.

1.5 Browser-local preferences (never sent to our server)

Your browser may store the following in localStorage / sessionStorage purely for in-browser behaviour: theme (dark / light), language (EN / JA), view mode (mobile / desktop), and a temporary timestamp used to measure end-to-end page-load timing. None of these are transmitted to our server.

2. Information we do NOT collect

User accounts or login credentials (the service has no sign-in flow at all).
Email address, real name, phone number, or postal address.
Personal Spotify or Apple Music data such as followed artists, listening history, library contents, or payment information.
Your raw IP address. Only the derived country / region / city is recorded; the IP itself is not persisted.
Tracking cookies, cross-site analytics identifiers, or advertising IDs.
Payment information. The service is free and has no payment flow.

3. Third-party services

We rely on the following external services to operate. Sending a request to our service necessarily involves these providers:

Spotify (Spotify AB) — Public catalogue and playlist metadata API. Privacy Policy
Apple Music (Apple Inc.) — Source of public playlist pages we read for Apple Music diagnoses. Privacy Policy
Wikidata (Wikimedia Foundation) — Source of artist origin-country data for the world map. Privacy Policy
freeipapi.com (freeipapi.com) — Primary IP-to-location lookup (country / region / city). Privacy Policy
IPinfo (IPinfo) — Fallback IP-to-country lookup when the primary provider is unavailable. Privacy Policy
Neon (Neon, Inc.) — PostgreSQL database hosting (where diagnosis records live). Privacy Policy
Render (Render Services, Inc.) — Application hosting and server log storage. Privacy Policy

4. Data retention

Diagnosis records: retained indefinitely so that shareable URLs continue to work.
Artist origin-country cache: retained indefinitely as low-cardinality reference data.
Server logs: retained according to our hosting provider (Render)’s operational policy. We do not separately archive them.
Geo-lookup cache: lives only in process memory with a 24-hour TTL. Cleared on every server restart.

5. Cookies and browser storage

We do NOT use cookies. The application is fully server-stateless and requires no session cookie. Your browser may store a few preferences (theme, language, view mode) in localStorage and a short-lived timing value in sessionStorage; both are scoped to your browser and are never transmitted to our server. You can clear them at any time via your browser settings.

6. Your rights

Because the service collects no information that identifies you personally, the conventional rights to access, correct, or delete “your data” have limited applicability — we have no records that we can match to you. Concretely:

Browser-local preferences: clear them yourself via your browser settings or developer tools.
Diagnosis records: cannot be selectively deleted on request. We have no way to verify which records belong to which person, so even if you possess a share ID we cannot reliably authenticate the request and therefore do not honour individual deletion requests.
Server logs: managed by our hosting provider’s retention policy.

7. Children’s privacy

The service is not directed to children under 13. We do not knowingly collect any information from children under that age.

8. Changes to this policy

If we change this policy, we will update the “Effective Date” shown at the top of this page. We do not maintain a separate change log; the source repository’s commit history serves that purpose.

9. Contact

Questions about this policy can be sent via DM to the developer’s X account, linked from the About page.