WrapEx

Privacy Policy

Last updated: March 14, 2026

1. What We Collect

We collect the minimum data necessary to provide the Service:

  • Account info — email address and hashed password (we never store plaintext passwords)
  • Spotify data — your uploaded Extended Streaming History ZIP file, processed to generate dashboard analytics
  • Payment info — processed entirely by Stripe; we never see or store your card number
  • Usage data — basic request logs for security and debugging (IP addresses, timestamps)

2. How We Use Your Spotify Data

Your listening data is used exclusively to generate your dashboard.

  • We strip personally identifiable fields (like IP addresses) during ingestion
  • We do not sell, rent, or share your data with third parties
  • We do not use your data for advertising or profiling
  • We do not train machine learning models on your data

3. Data Processing & Storage

Your uploaded ZIP file is stored in encrypted object storage (S3-compatible). After processing, the raw file may be deleted. Your generated dashboard data is stored as long as your account exists.

Processing happens on our servers via an automated pipeline. No human reviews your data unless you report a bug and explicitly share details with support.

4. Data Retention

Dashboard data is retained for as long as your account is active. You can request deletion of your account and all associated data at any time by contacting us.

  • Uploaded ZIP files — deleted after processing completes
  • Dashboard data — retained until account deletion
  • Payment records — retained as required by law (typically 7 years)
  • Server logs — automatically purged after 30 days

5. Third-Party Services

We use the following third-party services:

  • Stripe — payment processing (their privacy policy)
  • Railway — application hosting and infrastructure
  • Cloudflare R2 — encrypted file storage

6. Cookies

We use only essential cookies for authentication (JWT tokens stored in memory / localStorage). We do not use tracking cookies, analytics pixels, or any third-party tracking scripts.

7. Your Rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to or restrict processing of your data
  • Withdraw consent at any time

To exercise any of these rights, contact us via our Contact page.

8. Security

We implement industry-standard security measures including encrypted storage, hashed passwords, HTTPS-only access, and JWT-based authentication with short-lived tokens. However, no system is 100% secure — use the Service at your own risk.

9. Children

WrapEx is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related inquiries, reach out on our Contact page.