privacy policy

Last updated: April 5, 2026

what we collect

when you sign in, we receive your name, email address, and profile information from the provider you use (Google, Discord, Spotify, or SoundCloud). we store this to create and maintain your account.

when you use the platform, we collect:

  • account information (username, display name, linked providers)
  • activity data (rooms joined, tracks played, chat messages, votes)
  • presence data (online status, current page, which room you're in)
  • transaction history (token purchases, bids, queue actions)
  • device and connection information (IP address, browser type)

how we use it

  • to provide and operate the service
  • to show your activity to other users (online status, room presence, crowd avatars)
  • to enable social features (follows, friend requests, chat)
  • to moderate content and enforce our terms
  • to improve the platform and fix issues
  • to process token transactions

visibility to other users

your username, display name, and avatar are visible to other users. when you're in a room, other users in that room can see you. your online status and current activity may be visible to other users. you can control some of this through your account settings (e.g. "show me in crowd").

oauth & linked accounts

when you link a provider (Google, Discord, Spotify, SoundCloud), we store encrypted access tokens to interact with their APIs on your behalf. this may include reading your playlists, liked tracks, and profile information. we do not store your passwords. you can unlink any provider at any time from your account settings.

cookies

we use httpOnly secure cookies for authentication. these cookies contain a session token and cannot be read by JavaScript. we do not use tracking cookies or third-party advertising cookies.

data storage & security

your data is stored on servers in the United States. oauth tokens are encrypted at rest using AES-256-GCM. passwords are never stored — we use oauth exclusively. all connections use HTTPS/WSS encryption in transit.

data sharing

we do not sell your personal information. we do not share your data with third parties for marketing. we may share data with law enforcement if required by law.

data retention

your data is retained as long as your account is active. if you delete your account, your data is soft-deleted and may be permanently removed after a retention period. chat messages and play history associated with your account will be anonymized or deleted.

your rights

  • access your data through your account settings
  • update your profile information at any time
  • unlink any connected provider
  • delete your account and associated data
  • opt out of activity tracking through account settings
  • request a copy of your data by contacting us

children

apez dj is not intended for users under 13 years of age. we do not knowingly collect information from children.

changes

we may update this policy as the product evolves. material changes will be communicated through the platform. continued use after changes constitutes acceptance.

contact

questions about your privacy? reach out through our contact page.