Privacy Policy
Last updated: March 7, 2026
Bachlog is a free, non-commercial project. We don't run ads, sell data, or track you. This policy explains what we do collect and why.
What We Collect
When You Create an Account
- Email address — for account recovery only.
- Username and display name — shown on your public profile.
- Password — stored as a bcrypt hash. We never see or store your actual password.
When You Use the Site
- Ratings, reviews, favorites, playlists, bio — content you choose to create. Publicly visible on your profile.
- Follow relationships — who you follow and who follows you.
If You Connect Spotify
We store an OAuth token to create playlists on your behalf. We don't access your listening history, library, or any other Spotify data. You can disconnect at any time from Settings.
Automatically
- One cookie —
bachlog_session, an httpOnly authentication cookie. No analytics, tracking, or advertising cookies. - IP address — used only for rate limiting login/registration. Held in memory briefly, never logged or stored.
What We Don't Collect
No analytics. No tracking pixels. No fingerprinting. No location data. No third-party scripts.
How We Use It
Exclusively to run the site: authenticate you, display your content, rate-limit against abuse, and export playlists to Spotify when you ask. That's it.
Who Sees It
Your profile, ratings, reviews, favorites, and public playlists are visible to anyone. Private playlists are visible only to you. We don't share data with third parties. There is nothing to sell.
Your Rights (GDPR)
If you're in the EU/EEA/UK, you have the right to access, correct, delete, or export your data, and to object to processing. Our legal basis is contract (providing the service you signed up for) and legitimate interest (rate limiting).
Deleting Your Data
You can delete your reviews, ratings, favorites, and playlists at any time through the site. To delete your entire account, contact us.
Security
Passwords are bcrypt-hashed (12 rounds). Sessions use signed JWTs in httpOnly cookies. The database runs on encrypted infrastructure. No system is perfectly secure, but we keep things minimal — less data collected means less data at risk.
Children
Bachlog is not intended for anyone under 16.
Changes
If this policy changes materially, we'll notify registered users by email.