What we collect, why, and how to delete it.

This policy explains what data Rotation collects, how we use it, who processes it on our behalf, and your rights over it. By using Rotation you agree to the practices described below. If you do not, please do not use the app.

The short version: we collect the data we need to run a music-rating social app — your account, your ratings, your rotations, your sets, your reactions, your follows. We do not sell, share, or trade this data with advertisers. You can delete your account and all associated data any time from Settings → Delete account.

1. Account information

• A Sign in with Apple identifier — Apple hides your email by default. We never see your real email unless you choose to share it during sign-in.
• The handle (the @username) you choose.
• Display name (optional).
• Bio (optional, up to 200 characters).
• Avatar image (optional, uploaded by you).

2. Activity data

• Ratings you publish (score 1.0 to 10.0, optional review).
• Rotations (3×3 to 10×10 grids of saved albums) you build.
• Sets (live show logs) you create.
• Comments and @mentions you post.
• Reactions you place on others' content.
• Follows, blocks, bookmarks, reports.
• Artifacts you earn — server-issued cosmetic items.

3. Device information

• Device type, iOS version, app version.
• Push notification token (only if you grant push permission).
• Approximate timezone, used only for weekly digest timing.

4. Connected services (only if you opt in)

• Last.fm.When you connect a Last.fm account, we read your scrobble history to surface what you're listening to. Your Last.fm username is stored privately. You can disconnect any time from Settings → Connected Accounts → Last.fm. You can also hide your Last.fm activity from other Rotation users via the same settings panel.
• Spotify. Rotation uses Spotify's public catalog API to look up albums, songs, and artists. We do not access your personal Spotify listening data. We only proxy catalog metadata.

• Your real name (unless you put it in your display name).
• Your email address (Sign in with Apple hides it by default).
• Phone number.
• Precise location.
• Contacts.
• Microphone or camera audio.
• Browsing history outside Rotation.
• Cross-app tracking IDs — Rotation does not request App Tracking Transparency permission.
• Health, financial, or device-identifier data outside what Apple provides for crash reporting.

• To provide and improve the core app: rating, feed, search, profile, share cards.
• To compute community averages on albums and songs and surface popular content.
• To compute your Wavelength percentage (taste-overlap with other users you follow).
• To deliver push notifications you've opted into.
• To enforce community guidelines via reports and automated moderation.
• To diagnose crashes and performance issues.

Some features rely on services provided by other companies. We pass them only the data they need to do their job:

• Apple. Sign in with Apple, push notification delivery (APNs). Apple Privacy Policy.
• Google Firebase. Authentication, Firestore database, Cloud Functions, Cloud Storage (for avatars), Cloud Messaging (FCM). Firebase Privacy Policy.
• Spotify. Read-only catalog lookups, proxied through our backend. Spotify Privacy Policy.
• Last.fm. Only if you opt in via Settings → Connect Last.fm. Last.fm Privacy Policy.
• Vercel. Hosts our marketing site and link previews. Aggregated, anonymous traffic analytics only. Vercel Privacy Policy.

• We do not sell your data.
• We do not run cross-app tracking or behavioral advertising.
• We do not share your data with marketing or analytics partners outside the processors listed above.

The following is publicly readable by other Rotation users:

• Your handle, display name, bio, avatar.
• Ratings and reviews you publish.
• Rotations you save.
• Sets you log.
• Comments you post.
• Reactions you place.
• Your Artifacts shelf, active handle modifier, and tier.

The following stays private to you, stored under users/{uid}/private/* and never readable by other users:

• Your Last.fm username.
• Your push notification token and preferences.
• Your bookmarks.
• Reports you file on other users or content.

If you do not want content public, do not publish it.

Public content lives until you delete it. Private content lives until you delete it or disconnect the relevant service. Aggregated analytics may persist longer in deidentified form. Backups are retained for up to 30 days for disaster recovery.

You have the right to access, correct, and delete your data. Most actions are self-service in the app:

• Edit: change your handle, display name, bio, avatar from Settings → Profile.
• Disconnect: disconnect Last.fm from Settings → Connected Accounts.
• Delete: Settings → Delete account purges your user record, your handle, your ratings, your rotations, your sets, your reactions, your comments, your bookmarks, and your private subcollections. Reactions and comments you left on others' posts are tombstoned (parent counts adjust; text is removed). Cascades run server-side via Cloud Functions and typically complete within a minute.
• Export: request a JSON export of your content via hello@getrotation.app. We respond within 30 days.

Rotation is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, contact us and we will remove it.

We may update this policy. Substantial changes will be announced in the app and on this page. Continued use after a change means you accept the updated policy. The effective date above always reflects the current version.

Questions, deletion requests, exports, or anything else: hello@getrotation.app.