1. Introduction
Vibe Twin ("we", "our", "us") is a music-based social networking application that connects people through their music taste. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.
2. Information We Collect
Account Information:- Display name, username, email address
- Profile photo (optional)
- Age, gender, country (optional)
- Instagram handle (optional)
Music Data (via Spotify / Last.fm):- Your top artists and tracks (last 6 months)
- Music genres you listen to
- Audio features of your music (energy, danceability, valence)
- Recently played tracks
- Currently playing track (when app is active)
- Listening habits (peak hours, daily listening time)
Usage Data:- Swipe actions (like, pass, superlike)
- Chat messages between matched users
- Friend requests sent and received
- Vibe session participation
- App crash reports and performance data (via Sentry)
Device Information:- Device type and operating system
- Push notification token
- IP address (not stored, used for rate limiting)
3. How We Use Your Information
- Matching: We analyze your music data to find users with similar taste and calculate compatibility scores.
- Social Features: Enable messaging, friend requests, now playing feed, and vibe sessions between matched users.
- Personalization: Provide AI-powered song recommendations through Vibe Doctor based on your mood and music profile.
- Notifications: Send push notifications for new matches, messages, and friend requests (configurable in settings).
- Improvement: Analyze usage patterns and crash reports to improve the app experience.
4. Data Sharing
We do NOT sell your personal data. We share data only in these cases:
- With Other Users: Your display name, profile photo, top artists, genres, audio profile, and currently playing track are visible to matched users. You can control visibility in Privacy settings.
- Service Providers: Supabase (database hosting), Sentry (crash reporting), Expo (push notifications), Google Gemini (AI recommendations).
- Legal Requirements: When required by law or to protect our rights.
5. Third-Party Services
- Spotify: We access your listening data through Spotify's API. We never post to or modify your Spotify account. You can revoke access anytime in Spotify settings.
- Last.fm: Optional connection to enrich your music data from other platforms. You can unlink anytime.
- Sentry: Collects crash reports and performance data in production builds only.
6. Data Storage & Security
Your data is stored securely on Supabase (hosted on AWS) with row-level security policies. Sensitive data (access tokens) is stored locally on your device using encrypted secure storage. We implement rate limiting, input sanitization, and SQL injection prevention.
7. Data Retention
- Listening history: automatically deleted after 90 days
- Chat messages: retained until you delete them or unmatch
- Account data: retained until you delete your account
- Crash reports: retained for 90 days
8. Your Rights
You can:
- View and edit your profile information anytime
- Control notification preferences and privacy settings
- Disconnect Spotify or Last.fm
- Delete individual messages
- Delete your account entirely (cascades to all associated data)
- Request a copy of your data by contacting us
9. Children's Privacy
Vibe Twin is not intended for users under 13 years of age. We do not knowingly collect data from children under 13. If we discover such data, we will delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or email. Continued use after changes constitutes acceptance.