Privacy Policy

Last Updated: February 17, 2026

1. INTRODUCTION AND SCOPE OF PRIVACY

1.1 Commitment to Privacy and Data Stewardship. Spinz (the “Application” or the “Service”), owned and operated by Spinz Studios, LLC, an Oregon limited liability company (“Company,” “we,” “us,” or “our”), is founded on the principle that your musical collection is personal. We are deeply committed to maintaining the privacy, integrity, and security of the information entrusted to us by our users (“User,” “you,” or “your”). This Privacy Policy serves as a comprehensive and transparent disclosure of our protocols regarding the collection, transmission, storage, and algorithmic processing of your Personal Data. It applies to all aspects of the Service, including mobile interfaces, web-based components, and any "Buddy" social features introduced in future updates.

1.2 Affirmative Consent and Contractual Agreement. By installing, registering for, or interacting with the Application, you acknowledge that you have read and understood this Policy and provide your express, informed, and unambiguous consent to the data practices described herein.

  • Binding Nature: You agree that your interaction with the Service constitutes a digital signature of approval.

  • Withdrawal of Consent: If you do not agree with any part of these practices, you must immediately cease use of the Service and uninstall the Application. Continued use following any updates to this Policy constitutes your acceptance of the revised terms.

  • Dynamic Nature of Service: As the Spinz AI evolves, we may introduce new processing methods; we will notify you of material changes via in-app notifications or the email address associated with your account.

1.3 Comprehensive Global Compliance Framework. While Spinz Studios, LLC is headquartered in Portland, Oregon, we recognize that vinyl collecting is a global passion. Consequently, this Policy is engineered to meet or exceed the stringent requirements of multiple international and domestic privacy frameworks:

  • GDPR (General Data Protection Regulation): We adhere to the principles of data minimization and purpose limitation for our users in the European Union and United Kingdom.

  • CCPA/CPRA (California Consumer Privacy Act): We provide specific "Do Not Sell My Info" protections for California residents, even though Spinz does not engage in the sale of data to third-party brokers.

  • APPI (Japanese Act on the Protection of Personal Information): To support our users in Japan, we maintain strict controls over cross-border data transfers and the "Foreign Third Party" rules regarding AI processing partners.

  • Data Controller Designation: Under these frameworks, Spinz Studios, LLC acts as the Data Controller. This means we determine the "how" and "why" of your data processing and are directly responsible to you for the safety of that information.

1.4 Scope and Exclusions. This Policy applies strictly to data collected directly by Spinz. It does not apply to the privacy practices of third parties that we do not own or control, such as the physical record stores you may visit, external websites linked within the app, or the Apple App Store’s own independent data collection. We encourage you to review the privacy policies of any third-party service you engage with through our platform.

2. DETAILED DATA COLLECTION PRACTICES AND TAXONOMY

We utilize a "data minimization" approach, collecting only the information necessary to provide a high-fidelity vinyl identification experience. We categorize the information we collect through three primary channels:

2.1 Personal Account Data and Identifiers. To establish your unique presence within the Spinz ecosystem and secure your "Vault," we collect:

  • Registration Credentials: When you create a native Spinz account, we collect and securely hash your password, alongside your email address and a self-selected username. This data is essential for account recovery and multi-device synchronization.

  • Third-Party OAuth Tokens (e.g., "Sign in with Apple"): If you choose streamlined authentication, we receive a unique alphanumeric identifier (token) from the provider. If you utilize Apple’s "Hide My Email" feature, we receive a masked, relay email address rather than your personal one. We do not receive your third-party account passwords.

  • Social Profile Metadata: In connection with our "Buddy" social features, we collect any information you voluntarily choose to display, including profile biographies, custom avatars, and location taglines. Please be aware that profile data is intended for social interaction and may be visible to other users within the "Buddy" network.

2.2 User-Generated Content (The "Scans," "Vault," and Audio). The core utility of Spinz relies on the processing of physical media data:

  • Visual Photographic Data: When you activate the Label Scanner, the Application accesses your device’s camera to capture images of vinyl labels, jackets, and matrix run-outs. Important Privacy Note: Our AI processes the entire image frame. You acknowledge that these scans may inadvertently include "peripheral data" such as your physical surroundings, family photos in the background, or your reflection in the vinyl surface. We encourage users to scan in neutral environments.

  • The Digital "Vault" Architecture: We collect and store a persistent record of every item you successfully identify. This "Metadata Association" links your User ID to specific release IDs (e.g., Discogs Master IDs), allowing us to reconstruct your collection if you switch devices.

  • Acoustic Fingerprinting: If you opt into audio-based identification features, the Application accesses your microphone to capture short snippets of ambient audio. This data is converted into a mathematical "fingerprint" in real-time. The raw audio is processed "on-the-fly" and is typically not stored on our servers once identification is complete.

2.3 Automatically Collected Analytics and Telemetry. To maintain the stability of the Spinz infrastructure and protect against fraud, we automatically ingest:

  • Detailed Hardware Telemetry: We collect "Non-Personal Identifiers" including the Identifier for Vendors (IDFV), Identifier for Advertisers (IDFA), hardware model (e.g., iPhone 15), operating system version, and system performance logs. This allows our Portland-based engineering team to identify if a specific bug is localized to a certain device type.

  • Interaction and Behavioral Logs: To refine our "Neural Recommendation" engine, we track internal app events: which genres you browse most frequently, how long you view a specific "Price Suggestion," and your engagement levels within the "Buddy" feed.

  • Geographic and Network Data: We collect your IP address to determine your general vicinity (City/Region level). This is used to display local currency (e.g., Yen vs. USD) and to surface "Record Stores Near Me." We do not collect precise GPS coordinates (latitudinal/longitudinal) unless you explicitly grant "Precise Location" permissions via your device’s system settings.

3. PURPOSES OF DATA PROCESSING (LEGAL BASES FOR PROCESSING)

We process your data primarily under the legal bases of Contractual Necessity (to provide the services you’ve requested) and Legitimate Interests (to improve the app and maintain security). Specifically, your data is utilized for the following purposes:

3.1 Core Functionality and Algorithmic Identification. To fulfill our primary service—turning a physical photo into digital data—we process your information as follows:

  • Neural Vision Processing: We utilize the photographic data you capture to perform high-speed Optical Character Recognition (OCR) and visual pattern matching. This involves transmitting the image to the Google Gemini API, which analyzes font styles, artist logos, and matrix codes to return a highly probable identification.

  • Metadata Enrichment and Valuation: Once an item is identified, we transmit non-personally identifiable strings (e.g., "Pink Floyd - Dark Side of the Moon - 1973 UK Pressing") to the Discogs API and other third-party databases. This allows the "Valuation Engine" to fetch real-time market snapshots, historical sales medians, and rarity tiers without ever revealing your personal identity to these third parties.

3.2 The "Neural Recommendation" and Personalization Engine. We believe your "Vault" should be more than a static list. To enhance your experience, we use your data for:

  • Predictive Taste Modeling: Our proprietary machine learning models analyze the "DNA" of your collection—focusing on genre clusters, release eras, and artist lineages. By processing this "Scan History," the Service generates "Spin Suggestions" and personalized discovery paths tailored to your specific musical palette.

  • Automated Curation: We use your interaction data to rank search results and prioritize "Market Alerts" for records we predict you may want to acquire or sell based on your historical behavior within the Application.

3.3 Infrastructure Integrity, Security, and Fraud Prevention. To ensure Spinz remains a safe environment for all collectors, we process telemetry and account data for:

  • Network Defense: We monitor IP traffic and hardware identifiers to detect and mitigate Distributed Denial of Service (DDoS) attacks, automated "bot" registration, and unauthorized attempts to "scrape" our proprietary metadata or "Neural Recommendation" logic.

  • Social Safety: In our "Buddy" ecosystem, we process profile data to flag and remove fraudulent accounts, spam, or users who violate our community standards, ensuring that social interactions remain authentic.

  • Financial Integrity and Entitlement: We synchronize with the Apple App Store to perform real-time "Receipt Validation." This ensures that Premium features are only accessible to valid subscribers and protects the Company’s revenue streams from "jailbroken" or fraudulent access attempts.

3.4 Service Communications and Operational Updates.

  • Administrative Messaging: We use your email address and device tokens to send essential service updates, such as changes to these Terms, security alerts, or "Vault" backup confirmations.

  • User Support: If you contact our Portland-based support team, we process your account history and device logs to diagnose technical issues and provide personalized assistance.

4. DATA SHARING AND THIRD-PARTY DISCLOSURES

4.1 Our "No-Sale" Philosophy. Spinz is not a data brokerage. We do not sell, rent, lease, or trade your Personal Data to third-party marketers, advertisers, or "people search" databases. Your information is treated as a confidential asset, used exclusively to enhance your experience within the Application. Disclosure to third parties occurs only under the strict operational circumstances outlined below.

4.2 AI Processing and Cloud Infrastructure Partners. To provide a global-scale service from our Portland headquarters, we rely on industry-leading infrastructure providers:

  • Google Cloud & Firebase: We utilize the Google Firebase suite for our core backend operations. This includes "Firebase Authentication" (to securely manage your login credentials), "Cloud Firestore" (to host your "Vault" collection data), and "Cloud Storage" (to house your uploaded images). All data is encrypted both in transit and at rest using enterprise-grade security protocols.

  • Google Gemini API (Generative AI): When you scan a record, the raw image is transmitted via a secure, encrypted tunnel to the Google Gemini API.

    • Enterprise Privacy: As a "Vertex AI" or Enterprise API customer, our agreement with Google ensures that your scanned images are used solely for real-time identification.

    • No Training on Your Data: Under these professional-tier terms, Google does not use the images sent via our API to train their base global models (e.g., the public version of Gemini). Your data remains isolated to the Spinz identification request.

4.3 Market Intelligence and Performance Analytics. We collaborate with specialized partners to provide the data that makes Spinz valuable:

  • Discogs API (Market Metadata): To provide "Price Suggestions" and release history, we send specific, non-identifying queries to the Discogs database. We do not share your name, email, or profile information with Discogs. We only share the "Record ID" to retrieve the corresponding market statistics.

  • Mixpanel and Firebase Analytics: To ensure the app doesn't crash during a "crate-digging" session, we use analytics tools to monitor app performance.

    • Anonymized Events: These tools track events (e.g., "User clicked scan button") rather than individuals.

    • Debugging: If the app crashes, a "Crashlytics" report is sent to our developers containing technical device data, which helps us issue a fix in the next App Store update.

4.4 Social Interaction ("Buddy" Ecosystem). By using the "Buddy" features in v1.1, you acknowledge that certain data is shared with other users:

  • Public Profile: Your username, profile picture, and any "Public Vault" items you choose to showcase will be visible to other Spinz users.

  • Peer-to-Peer: Messages sent within the "Buddy" system are stored on our servers to facilitate delivery, but they are not shared with any third-party marketing partners.

4.5 Legal Mandates and Regulatory Compliance. We may be required to disclose User Data if we have a good-faith belief that such action is necessary to:

  • Comply with Legal Obligations: Adhere to a valid subpoena, warrant, or court order issued by a court of competent jurisdiction in the State of Oregon or federal authorities in the United States.

  • Protect Rights and Safety: Protect and defend the rights or property of Spinz Studios, LLC, or act in urgent circumstances to protect the personal safety of our users or the public.

  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, User Data may be transferred as a business asset, subject to the same privacy protections outlined in this Policy.

5. DATA RETENTION AND DELETION PROTOCOLS

5.1 Persistent Storage and Account Lifecycle. Spinz is designed to be a long-term companion for your collecting journey. Accordingly, we retain your personal identifiers, "Vault" history, and "Buddy" interactions for as long as your account remains in an active state. This persistent storage is a core feature of the Service, enabling seamless synchronization of your collection data across multiple mobile devices and ensuring your digital archives remain intact during hardware upgrades or app reinstalls.

5.2 Intentional Account Deletion and the "Purge" Timeline. We respect your "Right to be Forgotten." If you choose to terminate your relationship with the Service via the "Delete Account" feature in the Application settings, the following protocols are triggered:

  • Purge of Personally Identifiable Information (PII): Your email address, encrypted password, username, and any profile metadata (such as your "Buddy" bio or profile photo) will be systematically purged from our active, "live" databases within thirty (30) days of your request. Once this action is completed, it is irreversible, and your account cannot be recovered.

  • Vault De-indexing: Your specific collection list (the "Vault") will be disconnected from your identity. While the record IDs themselves may remain in our aggregate statistics, they will no longer be associated with you as an individual.

5.3 Retention of Anonymized "Knowledge" and Machine Learning Data. You acknowledge and agree that the primary value of the Spinz ecosystem is the collective accuracy of its identification engine. To that end:

  • De-Identified Scan Data: We may retain the raw images of vinyl labels and their associated metadata IDs in our "Global Training Set."

  • The "Blind" AI Principle: This data is strictly anonymized. All links to your User ID, location, or name are stripped away. We retain this "blind" data indefinitely to improve the AI's ability to distinguish between pressing variants for the benefit of the entire community. Because this data no longer constitutes "Personal Data" under the GDPR or APPI, it is not subject to the 30-day purge.

5.4 Backup Latency and Disaster Recovery. For the safety of our entire user base, Spinz Studios, LLC maintains encrypted, off-site backups to recover the Service in the event of a catastrophic server failure or cyber-attack.

  • The 90-Day Window: When you delete your account, residual fragments of your data may persist within these encrypted archives for a maximum of ninety (90) days.

  • Restricted Access: This "latent" data is not accessible during normal business operations and is only accessed if a full system restoration is required. If a restoration occurs, your data will be re-deleted through our next scheduled maintenance cycle.

5.5 Legal and Administrative Holds. Notwithstanding the above, the Company reserves the right to retain specific transaction records (e.g., subscription receipts) or communication logs if required to comply with financial auditing standards, tax laws in the State of Oregon, or if the data is subject to a "Legal Hold" related to an ongoing investigation or subpoena.

6. GLOBAL USER RIGHTS AND DATA SOVEREIGNTY

6.1 Universal Privacy Standards. At Spinz, we believe privacy is a fundamental human right, not a geographic privilege. While specific laws like the GDPR (Europe), CCPA/CPRA (California), and APPI (Japan) provide the legal foundation for these rights, Spinz Studios, LLC voluntarily extends these "Digital Rights" to our entire global user base. Whether you are digging for crates in Oregon or Osaka, you have the following controls over your information:

6.2 Your "Digital Rights" Inventory.

  • The Right of Access (Transparency): You have the right to request a comprehensive summary of the Personal Data we maintain about you. This includes a disclosure of the categories of data collected, the specific sources of that data, and the third-party partners (like Google and Discogs) with whom we have shared non-identifying metadata for processing.

  • The Right of Rectification (Accuracy): If you discover that your account information is inaccurate or incomplete—such as an outdated email address or an incorrect username—you have the right to request a correction. Most profile identifiers can be updated directly within the Application settings; for deeper database corrections, our support team is available to assist.

  • The Right to Erasure (The "Right to be Forgotten"): As detailed in Section 5, you have the right to demand the permanent deletion of your account and all associated Personal Data. This right is subject to certain legal exceptions (such as the retention of subscription payment records for Oregon state tax purposes), but we will fulfill all valid deletion requests within thirty (30) days.

  • The Right to Data Portability: Your collection data belongs to you. You have the right to request a digital export of your "Vault" in a structured, commonly used, and machine-readable format (such as .CSV or .JSON). This ensures that you are never "locked in" to the Spinz ecosystem and can migrate your collection history to other platforms if you choose.

6.3 Control Over Automated Decision-Making.

  • Personalization Opt-Out: Our "Neural Recommendation" engine uses automated processing to suggest new records. You have the right to object to this processing. If you choose to opt-out of personalization, the Application will still function, but your "Spin Suggestions" will be randomized or based on global trends rather than your specific musical taste.

  • Restriction of Processing: In certain circumstances (such as during a dispute over the accuracy of your data), you may request that we temporarily "freeze" the processing of your information while we investigate your claim.

6.4 Exercise of Rights and Verification. To exercise any of the rights listed above, please submit a request to jason@spinzvinyl.com with the subject line "Data Rights Request."

  • Identity Verification: To protect your security and prevent "identity spoofing," we must verify your identity before fulfilling a request. This may involve confirming the email address associated with your Apple ID or providing a unique token generated within the app.

  • No Discrimination: We will not discriminate against you for exercising your privacy rights. Choosing to opt-out of certain data practices will never result in higher subscription fees or a degraded user interface, though it may limit the effectiveness of personalized AI features.

7. PROTECTION OF MINORS AND AGE-BASED RESTRICTIONS

7.1 Minimum Age Requirements. The Service is designed and intended for use by adults and established collectors. It is not directed at, or intended for, children.

  • General Age Limit: In accordance with the Children's Online Privacy Protection Act (COPPA), the Application is strictly prohibited for use by anyone under the age of 13.

  • Regional Variations (GDPR/EEA): For users residing in the European Economic Area (EEA) or the United Kingdom, the minimum age of consent is 16 (or the age specified by local law in your specific member state).

  • Japanese Standards: In compliance with the APPI, we do not knowingly process the sensitive data of minors without verifiable parental consent, which our Service is currently not equipped to verify.

7.2 Strict Prohibition of Data Collection. Spinz Studios, LLC does not knowingly or intentionally "target" children or collect "Personal Information" (as defined by COPPA) from children. Because the Application utilizes camera access and AI-based image processing, there is a heightened risk that a child could inadvertently capture their own likeness or surroundings. We strictly forbid minors from:

  1. Creating a Spinz account or "Vault."

  2. Submitting photos to our Label Scanner.

  3. Engaging with other users through "Buddy" social features.

  4. Purchasing Premium Subscriptions via the Apple App Store.

7.3 Mandatory Parental Notification and Deletion. If you are a parent or legal guardian and you discover that your child has bypassed our age restrictions to create an account, we urge you to contact us immediately.

  • Contact Protocol: Please email jason@spinzvinyl.com with the subject line "Minor Account Deletion Request."

  • Our Response: Upon notification and verification, we will prioritize the permanent deletion of that account and all associated data (including scan history and IP logs) from our active servers and backups as quickly as possible, typically within forty-eight (48) hours.

7.4 Safeguards Against Accidental Exposure. We encourage parents to use the built-in "Parental Controls" (Screen Time) provided by Apple on iOS devices to restrict their children's ability to download apps or utilize camera-based software. Spinz Studios, LLC shall not be held liable for any data captured from a minor who utilizes a device or an Apple ID belonging to an adult collector.

7.5 No "Child-Directed" Content. You acknowledge that the aesthetic, metadata, and "Neural Recommendation" features of Spinz are optimized for adult enthusiasts of music history and physical media. We do not utilize cartoon characters, child-oriented marketing, or any features that would categorize Spinz as "primarily directed to children" under 16 CFR Part 312.8. CONTACT INFORMATION

For any privacy-related inquiries or to exercise your data rights, please contact our Data Privacy Officer: Spinz Studios Email: jason@spinzvinyl.com Address: Portland, OR, USA

8. Contact Us

For any privacy-related queries, please contact:

Jason/Spinz Studio Email: support@spinzvinyl.com