Privacy Policy

Last Updated: February 14, 2025

1. Introduction

This Privacy Policy ("Policy") describes how Playlist Pilot, owned and operated by Alexander Sbragia ("we," "us," "our"), collects, uses, discloses, and protects personal information in connection with our website, application, and related services ("Services"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, the California Consumer Privacy Act of 2018 ("CCPA"), and the California Privacy Rights Act of 2020 ("CPRA").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Policy. If you do not agree with this Policy, you should not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect the following information when you create an account, subscribe to a plan, or communicate with us:

  • Full name
  • Email address
  • Password (hashed and salted; never stored in plain text)
  • Any information you choose to provide when contacting support

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

  • Token usage data (e.g., number of playlist matches generated, AI pitches created)
  • Campaign and feature usage activity
  • Device type, browser type, operating system, and IP address
  • Date and time of access, login attempts, and in-app activity logs

2.3 Payment Information

We do not collect or store your full payment card details. All payment processing is handled securely by Paddle, our payment provider and merchant of record. Paddle collects billing information, card details, and related payment data subject to its own Privacy Policy (https://paddle.com/legal/privacy).

3. Purpose and Legal Basis of Processing

We process your personal data for the following purposes:

  • To create and maintain your account
  • To process subscription payments via Paddle
  • To allocate and track token usage
  • To deliver purchased features and Services
  • To respond to support inquiries
  • To detect and prevent fraud, abuse, and unauthorized access
  • To comply with applicable laws and regulations

Legal bases under GDPR include:

  • Performance of a contract (Article 6(1)(b) GDPR)
  • Compliance with legal obligations (Article 6(1)(c) GDPR)
  • Legitimate interests in operating and improving our Services (Article 6(1)(f) GDPR)
  • Consent, where required (Article 6(1)(a) GDPR)

4. Sharing of Information

We share personal data only with:

  • Paddle, for payment processing and invoicing
  • Hosting providers, for service delivery and data storage
  • Email service providers, for account and transactional communications
  • Analytics providers, for service monitoring and improvement

We may also disclose personal information if required by law, legal process, or to protect the safety and security of our users or Services.

5. Cookies and Tracking Technologies

We use cookies and similar technologies strictly necessary for authentication, maintaining user sessions, and ensuring platform security. We do not use advertising or behavioral tracking cookies.

6. Data Retention

We retain personal data only as long as necessary for the purposes set out in this Policy or as required by law. Upon account deletion, personal data will be permanently deleted within thirty (30) days, except where retention is necessary for legal compliance, dispute resolution, or fraud prevention.

7. Your Rights

7.1 GDPR Rights (EEA/UK Residents)

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request data portability
  • Object to certain processing activities
  • Withdraw consent, where applicable

7.2 CCPA/CPRA Rights (California Residents)

California residents have the right to:

  • Know the categories and specific pieces of personal information collected
  • Request deletion of personal information
  • Opt out of the sale or sharing of personal information (we do not sell personal data)

To exercise these rights, contact us at support@playlistpilotapp.com. We will respond within the timeframes required by applicable law.

8. Account Deletion

You may delete your account at any time through the Settings page. Account deletion is permanent and results in the removal of all associated personal data and usage logs, except where retention is legally required.

9. Security Measures

We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our Services are not directed to children under the age of thirteen (13). We do not knowingly collect personal data from children under this age. If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete it promptly.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. Where legally required, we implement appropriate safeguards, such as Standard Contractual Clauses, to protect transferred data.

12. Changes to This Policy

We may amend this Policy from time to time to reflect changes in our practices, legal requirements, or other factors. Material changes will be communicated via email or in-app notice before taking effect. Continued use of our Services after changes take effect constitutes acceptance.

Contact Information

Support Email: support@playlistpilotapp.com

Legal Name: Alexander Sbragia