Privacy Policy
Privacy Policy (v 1.0 – June 19 2025)
Who we are
We run the Setlist & Co service ("Service") that transforms your Spotify playlists into personalized artwork.
Contact: hello@setlistandco.com
What we collect & why
| Data | Purpose | Retention |
|---|---|---|
| Spotify playlist data | Generate requested artwork | Deleted ≤ 24 hours after generation |
| Generated artwork & results | Shown to you, troubleshooting, fraud prevention | Deleted ≤ 24 hours |
| Log data (IP, browser, timestamps) | Security, performance, legal compliance | ≤ 30 days |
| Marketing/analytics cookies (Meta/Facebook Pixel, Reddit Pixel, TikTok Pixel) | Improve ads & measure traffic | See Cookie Notice |
Lawful basis
We rely on your explicit consent (GDPR Art 6 (1)(a) & 9 (2)(a)) for analyzing playlist data, and on legitimate interest for basic security logs.
Processors & transfers
- Vercel Inc. – hosting (🇺🇸)
- Spotify AB – playlist data access (🇸🇪)
- Meta Platforms Inc. – advertising analytics (🇺🇸)
- Reddit Inc. – advertising analytics (🇺🇸)
- TikTok Pte. Ltd. – advertising analytics (🇸🇬)
Data may be transferred outside the EEA under Standard Contractual Clauses.
Your rights
Where applicable you may: access, delete, withdraw consent, object, or complain to your local authority (e.g. EDPB, Israeli PPA). Email privacy@ (above) with your request.
Children
The Service is 18+ only. We do not knowingly process children's data.
Security
Server-side encryption at rest, TLS in transit. Only authorized personnel have console access.
Changes
We'll post any material changes here and update the "v" date.