Privacy Policy

Effective date: April 12, 2026

TrackMoose is committed to being transparent about what data we collect and why. This policy explains our practices in plain language.

Data we collect - by account tier

What we store depends on how you use TrackMoose.

AnonymousNo account
  • IP addressUsed only for rate-limiting (max 3 searches/hour). Not stored persistently.
  • Search resultsStored in your browser's sessionStorage only. Cleared when you close the tab.
  • No account dataWe do not create a user record, set persistent cookies, or track you across sessions.
Free accountRegistered
  • Account infoEmail address and profile data managed by Clerk (our auth provider). See clerk.com/privacy.
  • Spotify artistsIf you connect Spotify, we store your top artists in our database linked to your user ID.
  • Search historyNot stored. Results are kept in sessionStorage only.
Pro$5 one-time
  • Everything aboveIncludes all free account data.
  • Search historyYour searches (input artists + results) are stored in our database. We retain up to 50 most recent. This enables the History page.
  • CSV importsArtist names imported via CSV are stored the same way as Spotify artists.

Third-party services

We use the following third-party services, each with their own privacy policies:

  • Clerk (clerk.com/privacy)
    Handles account creation, sign-in, and session management.
  • Supabase (supabase.com/privacy)
    Our database provider. Stores user artists, search history, and the artist similarity cache.
  • Spotify (spotify.com/legal/privacy-policy)
    Optional. Used only if you initiate a Spotify import. We receive your top artists via OAuth and do not retain your credentials.

Cookies & local storage

TrackMoose uses cookies set by Clerk to maintain your login session. We do not use advertising cookies, tracking pixels, or analytics cookies.

We use sessionStorage to pass search results between pages. This data is never sent to our servers and is cleared when you close the tab.

Data retention

Anonymous users: No persistent data is stored.

Free account users: Your account and saved artists are retained for as long as your account exists. Deleting your account removes all associated data.

Pro users: Search history is limited to the 50 most recent searches. Older searches are automatically removed when this limit is exceeded.

Artist similarity and tag data is cached server-side for up to 90 days by artist name only - not linked to any user.

Your rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. Registered and Pro users can delete their accounts directly through account settings, which removes all stored personal data.

If you are in the EU/EEA, you have rights under the GDPR. If you are in California, you have rights under the CCPA.

Data security

Data is stored in Supabase with row-level security enabled - users can only access their own records. All data in transit is encrypted via HTTPS/TLS. Authentication tokens are managed by Clerk and never stored in our database.

If you discover a vulnerability, please contact us responsibly before disclosing publicly.

Children's privacy

TrackMoose is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date at the top of this page. Continued use after changes constitutes acceptance.

Contact

Questions about this policy? Reach us via the contact page.

This privacy policy applies to TrackMoose only. It does not govern the practices of any third-party services linked herein.