Legal

Privacy Policy

Effective date: April 26, 2026 · Last updated: May 10, 2026

Vicinita is designed from the ground up to collect as little data as possible. We built the app around anonymity and ephemerality — your music disappears within 30 seconds, and we never store who you are.

1. Who we are

Vicinita is an independent app that lets users discover what music people nearby are listening to on Spotify or Apple Music, anonymously and in real time. We are not affiliated with Spotify AB or Apple Inc.

If you have questions about this policy, contact us at: privacy@vicinita.app

2. What we collect

The short version: We collect your approximate location and your currently playing track — only when you choose to broadcast. Both expire automatically within 30 seconds. We never store your identity.

When you use the app:

Approximate location — converted to a geohash cell (~100 metre resolution) to match you with nearby listeners. Your precise GPS coordinates are never stored or transmitted.
Currently playing track — track name and artist, fetched from Spotify or Apple Music only while you are actively broadcasting. This data is stored in memory on our relay server with a 30-second TTL and is then permanently deleted.
Spotify OAuth tokens — stored exclusively on your device in the iOS Keychain or Android Keystore. These tokens are never sent to our servers.
Push notification token — if you grant notification permission, your Expo push token and approximate location are stored on our relay server so we can send you venue updates. This is stored for up to 30 days and is refreshed on each app launch.
Email address (waitlist only) — if you join the waitlist, we store your email address to notify you when a spot opens. This is stored for 90 days and is deleted after you are notified or your place expires.

What we never collect:

Your Spotify or Apple Music profile information — while Spotify's authorization screen may display your profile details, Vicinita only requests and receives your currently playing track. We never access or store your username, email address, or profile picture.
Your listening history or saved tracks
Your precise GPS coordinates
Any persistent user identifier or account
Advertising identifiers

3. How we use your data

To show nearby listeners what you are currently playing, anonymously
To show you what others nearby are currently playing
To send push notifications about venue broadcasts within 20 miles, if you opt in
To display aggregate listening trends computed in memory and never persisted
To send waitlist confirmation and availability emails

We do not use your data for advertising, profiling, or any purpose other than operating the app.

4. Data retention

Broadcast data — deleted automatically after 30 seconds via Redis TTL
Like counts — stored for 48 hours then deleted automatically
Push tokens and location — stored for up to 30 days, refreshed on each app launch
Trending data — computed in memory only, never written to disk
Spotify and Apple Music tokens — stored on your device only, deleted when you log out
Waitlist email addresses — stored for up to 90 days, deleted after notification or expiry

We do not operate any persistent user database. There is no account to delete because no account is created.

5. Third-party services

Spotify — We use the Spotify Web API to read your currently playing track. Your use of Spotify is subject to Spotify's Privacy Policy. We request only the minimum required scope: user-read-currently-playing.

Apple Music — If you connect Apple Music, we use Apple's MusicKit to read your currently playing track. Your use of Apple Music is subject to Apple's Privacy Policy. We request only the minimum required access to detect what is currently playing.

Expo — We use Expo's push notification service to deliver venue broadcast notifications. Push tokens are transmitted to Expo's servers. See Expo's Privacy Policy.

Resend — We use Resend to send waitlist confirmation and availability emails. Your email address is transmitted to Resend's servers solely for the purpose of delivering these emails. See Resend's Privacy Policy.

We do not use analytics services, advertising networks, or any other third-party data processors beyond those listed above.

6. Aggregate insights

We may use anonymised, aggregate listening data (e.g. which tracks are trending in a geographic area) to provide insights to music venues and the music industry. This data contains no personally identifiable information — it is a count of how many anonymous users played a track in a general area during a time window. No individual user can be identified from this data.

7. Your rights

Because we do not create user accounts or store personally identifiable information, there is no profile to access, correct, or delete. Your broadcast data expires automatically within 30 seconds.

To remove your push notification token, disable notifications for Vicinita in your device Settings. Your token will expire from our servers within 30 days.

To revoke Spotify access, visit spotify.com/account/apps and remove Vicinita.

To remove your waitlist email address, contact us at privacy@vicinita.app and we will delete it immediately.

8. Children

Vicinita is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has used the app, please contact us at privacy@vicinita.app.

9. Changes to this policy

We may update this policy from time to time. We will update the effective date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email us at privacy@vicinita.app or visit vicinita.app.