At Momics (the company behind Vybes) we believe in only storing and using data that is needed to run the services for you, our user. With this we mean data that is fundamentally needed to make an application function. We do not believe in collecting data for vague purposes or storing data ‘just because we might need it in the future’.
With what purpose is data processed?
When using Vybes, Momics processes the following personal data. All of this data is collected only to provide the functionality of our service.
Account creation and profile
In order to use Vybes you will need to create an account by connecting with your Spotify account. All of the following data is retrieved from Spotify and stored upon registering an account.
Your profile name Vybes will store your Spotify profile name so your buddies can find you. Your profile name can be changed to anything you like in the settings tab of the app.
Your profile picture If your Spotify account has a profile picture, a URL to this picture is stored. This is used throughout the app to personalize the experience and to allow your buddies to quickly identify you visually. As of speaking it is not possible to modify this image from inside the app. It is definitely on the roadmap.
Your country code The country code (ISO 3166) associated with your Spotify account is stored. We need this code to check what music you have access to
Your subscription type We store what type of Spotify subscription you have to check if your account can make use of premium functionality such as ‘connect’ features: directly playing, pausing and queueing music from the Vybes app. Freemium users can still use Vybes, but playing tracks directly from the Vybes app is disabled by Spotify.
Your spotify id and uri These are unique identifiers from spotify that we need to ensure there is only one ‘you’ on our platform and to create and edit playlists in your account.
The core of Vybes is to discuss and share music with your buddies. This is done in the form of messages. Vybes stores all messages that are sent in the database so they can be retrieved by you, the user at any time from any authorized device. The following things are stored:
Text The text that you typed when sending the message.
Type A message currently can either be plain text (when chatting in a room) or a share (when pressing ‘share’ from the share screen).
Context Is the track you are currently listening to, including the position in ms. This is displayed in the app with every message to ‘expose’ what you are listening to when sending messages. It allows users to immediately be inspired by what you are listening, react to it and even ‘join’ what you are or were listening when sending the message.
Topic When you make a suggestion for a piece of music inside a chatroom, we store a link to the music that was shared with the message.
Users Every message has a reference or ‘ids’ of all receivers and the sender of the message.
When you ‘hype’ (the little flaming icon) music in Vybes we store what you hyped and how often you pressed the button. This allows Vybes to be a little more expressive about how much you like certain music than merely storing the fact that you ‘liked’ a piece of music.
Whenever you share music with buddies a room is created for you and your buddies to chat about what you shared. A room includes ids to the users inside the room and the music topic of the room.
Buddies & Invites
Vybes stores all invites you’ve sent or invites that have been sent to you, it stores whether those invites were accepted and/or rejected and it stores with whom you’ve become buddies.
Vybes stores all playlists you’ve created with the app. This allows us to show a list of all playlists you’ve created with Vybes. It also allows us to make sure you can unfollow any playlist created by Vybes easily.
Vybes stores all tracks you’ve listened to and when, from when you first created an account. We do this so we can show what tracks, albums and artists you’ve listened to before in the share functionality of the app. Also, it is used as input for our ‘make’ functionality so we can create personalized playlists for you.
Permissions on Spotify
Because Vybes has an integration with Spotify we will also outline all the permissions you give Momics when logging in with your Spotify account. Naturally, we only use these capabilities to provide our services. We’ve included the technical ‘scope’ names of these permissions so you can review them on the Spotify developer website itself (https://developer.spotify.com/documentation/general/guides/scopes).
User-read-recently-played: this allows Vybes to regularly check and store recently played tracks. This data is used to intelligently make recommendations and playlists in the ‘make’ section of the Vybes app.
User-top-read: this allows Vybes to fetch the short, mid and long term favorite tracks and artists, which again are used to intelligently make recommendations and playlists in the ‘make’ section of the Vybes app.
User-read-playback-state: this allows Vybes to fetch information about your current device and what it is playing. It also allows Vybes to fetch a list of available device. This is used by Vybes to select the right device for playback when you hit ‘play’ inside the app.
User-read-currently-playing: this allows Vybes to fetch information about what you are currently playing. It is used in the share screen to easily share your current track and find past social moments around what you are listening to.
User-modify-playback-state: this allows Vybes to start playing music on one of your devices. It is used to play any music or playlist inside the app on demand.
User-library-modify: this allows Vybes to add and remove tracks from your Library. When you like/hype a track in Vybes it is used to add liked/hyped tracks in your library on Spotify.
User-library-read: this allows Vybes to read what tracks, albums and artists are part of your library. This is used by our make functionality to recommend and create personalized playlists.
User-read-private: this allows Vybes to read your personal profile information (see Account creation for more details)
Playlist-modify-public: this allows Vybes to edit any public playlists you might have. This is used to create collaborative playlists of all tracks that were shared in specific groups.
Playlist-modify-private: this allows Vybes to edit any private playlists you might have. This is used to create custom personalised playlists using the ‘make’ functionality of the app.
Playlist-read-collaborative: this allows Vybes to retrieve a list of any collaborative playlists you might have. It is used to fuel our ‘make’ functionality for recommendations and creating personal playlists.
Playlist-read-private: this allows Vybes to retrieve a list of any private playlists you might have. It is used to fuel our ‘make’ functionality for recommendations and creating personal playlists.
Reaching out to us
When reaching us through our support email, our email providers will store your email address so we can get back to you. Any personal data you choose to include in these emails will be directly available to our team. Please ensure you never share personal data with us other than needed to fulfill your query or request.
How we protect your personal data
We take the security of your data seriously and we take appropriate measures to prevent misuse, loss, unauthorized access, inappropriate disclosure and unauthorized modification. If you believe your personal data is not secured well enough, please reach out to our customer service via firstname.lastname@example.org. Momics has take the following measures to protect your personal data:
Firewall Our servers all run a standard setup with a firewall.
Closed database access Databases cannot be accessed directly from the network. Their addresses are not exposed to the web. Access is only possible through SSH.
TLS All data transferred goes over a secure internet connection using TLS.
DKIM, SPF and DMARC Our customer service and other mail services use the G-mail service. G-mail uses DKIM, SPF and DMARC to prevent you from receiving emails on our behalf that contain viruses, are spam or are trying to acquire sensitive information from you.
DNSSEC DNSSEC is an additional security measure to DNS that converts a domain name to its matching IP address. It uses a digital signature that can be verified by you, the user. In this way we prevent you from being redirected to a fake IP address.
Storage of your personal data
Vybes stores data no longer than necessary to provide its services. We believe that Vybes becomes more powerful over time as you interact more and more about music with your buddies, so in practice this means all your personal data will be kept on our servers until you request us to remove it.
Account and data removal can be requested over email (email@example.com) for now. We will build a feature for this inside the app itself eventually. When requesting account removal, Vybes will remove all your personal data immediately. When your data is removed there is no way of retrieving it.
Analytics & crash reports
Vybes does not have any additional analytics setup. We use Sentry (https://sentry.io/) to keep track of fatal errors in the app (like crashes and errors) these contain no personal data. Because we have no Analytics setup we rely completely on our community to provide us with feedback. So please feel free to reach out to us if you have any thoughts to share.
In order to keep in touch with our product and its growth we may run anonymous aggregation on all stored functional data. Examples of this may be; how many shares are there per day, do people send messages more often than hypes? If we do any of these aggregations, we will always make sure they are on a population level, rather than on an individual level. As mentioned earlier, we will never store data that is only for the purpose of analytics. We only store data that has a functional benefit for you, the end user.
Third party data sharing
Vybes does not share personal data with any third party unless requested by you, or to comply with any legal obligations.
Cookies & comparable technologies
Vybes does not use any (tracking) cookies except for an authentication cookie, which is used to verify that you are logged in to our service.
You have the right to view, correct or delete your personal data. You also have the right to request your consent to withdraw data processing or to object to the processing of your personal data by Momics and you have the right to data portability. This means that you can submit a request to us for any personal data that we have on you. We will then bundle all your personal data in a computer file and share this with you or any other organization mentioned by you.
You can send any request related to access, correction, deletion or transfer of personal data, cancellation of your consent or objection to the processing of your personal data to firstname.lastname@example.org.
To ensure that the request for access has been made by you, we ask you to send a copy of your ID with the request. Please make sure that you mask the following things with black before sending it: your passport photo, the MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number and Citizen Service Number (BSN). This is to protect your privacy.
We will respond to your request as soon as possible, at least within four weeks. We also would like to point out that you always have the opportunity to file a complaint with the national supervisory authority (e.g. the Dutch Data Protection Authority). In the Netherlands this can be done using the following link: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap
Vybes https://vybes.io email@example.com
Momics https://momics.eu Bayeuxlaan 22, 5654 AX, Eindhoven