My Flowlist

Legal

Privacy Policy

Last updated: 30 April 2026

1. Who we are

My Flowlist ("we", "us") is a service that helps you create energy-curated playlists from your Spotify library. This Privacy Policy explains what data we collect when you use myflowlist.app, how we use it, and the choices you have. If you have any questions, contact us at hello@myflowlist.app.

2. Data we collect

  • Account data: your email address and an encrypted password (or a federated sign-in identifier if you use Google).
  • Spotify data: when you connect Spotify, we receive an OAuth access token and read your saved tracks, playlists, top tracks, and audio features (tempo, energy, valence) so we can sequence Flowlists for you. We never see your Spotify password.
  • Flowlists you create: the playlists, titles, occasion templates, and energy curves you generate are stored against your account.
  • Usage data: standard request logs (IP address, user agent, timestamps) for security and debugging.

3. How we use your data

  • To provide the core Flowlist sequencing service.
  • To send you transactional emails (welcome, password reset, billing).
  • To debug issues and keep the service secure.
  • To process payments via our billing provider (if you subscribe).

We do not sell your data. We do not use your Spotify listening data for advertising or share it with third parties for marketing.

4. Spotify integration

My Flowlist uses the Spotify Web API under Spotify's Developer Terms. By connecting Spotify, you authorise us to read playlist and track data and (with your permission) create playlists in your account. You can disconnect at any time from the Sources page, or revoke access directly in your Spotify account settings.

5. Where your data is stored

Account and Flowlist data is stored in our managed cloud database (hosted in the EU). Transactional emails are sent via a third-party email provider. Payments, if any, are processed by our billing provider — we never store your card details.

6. How long we keep it

We keep your data for as long as your account is active. If you delete your account, your account record, Flowlists, and Spotify tokens are removed within 30 days. Anonymised logs may be retained for up to 90 days for security purposes.

7. Your rights

Under UK GDPR you have the right to access, correct, export, or delete your personal data, and to object to or restrict processing. Email hello@myflowlist.app and we'll action your request within 30 days.

8. Cookies

We use a small number of essential cookies to keep you signed in. We do not use third-party advertising cookies.

9. Changes to this policy

We'll update this page if our practices change and notify you by email for material changes. The "last updated" date at the top will always reflect the current version.

10. Contact

Questions, requests, or concerns? hello@myflowlist.app.