NowPlaying

Privacy Policy

Last updated: June 2025

1. Information We Collect

When you use NowPlaying, we may collect:

  • Account information: email address, username, and password (hashed).
  • OAuth data: Twitch user ID, username, and avatar; Google account ID; Spotify access and refresh tokens (encrypted).
  • Usage data: songs played, widget configurations, bot settings, and queue activity.
  • Payment data: processed securely by Stripe. We store only your Stripe customer ID — never your card details.
  • Technical data: IP address (for rate limiting and security), browser user-agent, and request timestamps.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Authenticate your account and manage sessions.
  • Process subscriptions and billing through Stripe.
  • Display your currently playing music on stream overlays.
  • Manage song request queues and Twitch bot integrations.
  • Enforce security measures such as rate limiting and abuse prevention.
  • Send transactional emails (verification, password resets).

3. Third-Party Services

NowPlaying connects to third-party services to function. When you link your accounts, data is exchanged with:

  • Spotify — to fetch your currently playing track and manage song requests.
  • Twitch — to authenticate and operate the chat bot.
  • Google — for optional OAuth sign-in.
  • Stripe — to process payments for premium subscriptions.
  • StreamElements — for optional overlay integration.

Each third-party service operates under its own privacy policy. We encourage you to review them.

4. Data Storage & Security

Your data is stored in a PostgreSQL database. Passwords are hashed using industry-standard algorithms. OAuth tokens are stored encrypted. We use HTTPS in production and apply security headers to all responses. While we take reasonable measures to protect your data, no system is 100% secure.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Some aggregated, anonymized data (e.g., total songs played statistics) may be retained indefinitely.

6. Cookies & Sessions

We use session cookies to keep you logged in. We do not use third-party tracking cookies or advertising trackers. Session tokens are stored as HTTP-only, secure cookies.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Disconnect third-party accounts (Spotify, Twitch, Google) at any time through your dashboard.

8. Children's Privacy

NowPlaying is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child, please contact us so we can remove it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via the Service. Continued use of the Service after changes take effect constitutes acceptance.

10. Contact

If you have questions or concerns about this Privacy Policy, please reach out via our Discord or contact us through the dashboard.