Privacy Policy

1. Data Controller

The data controller for dankcharts.fm is:

Name: Erwin Solorzano

Location: Guatemala

This Privacy Policy applies to personal data collected when you use dankcharts.fm (the "Service"). It supplements but does not replace the Terms of Service, which govern the conditions of use of the Service.

2. Scope & How the Service Works

dankcharts.fm is a personal music chart visualization tool. It lets you explore your listening history by connecting to three data sources:

Last.fm — your scrobble history is fetched directly from Last.fm's public API using your username. The request goes from your browser to Last.fm; dankcharts.fm servers are never involved.
Google Sheets — you provide a publicly shared spreadsheet URL; your browser reads it directly from Google. The data does not pass through our servers.
File upload — you upload a local CSV, ZIP, or XLSX file; it is parsed entirely in your browser and never transmitted anywhere.

Your music data never passes through our servers. All listening history processing happens locally in your browser or is fetched directly from its source. We do not store, copy, or retain any of your music history.

Optional Google Sign-In allows the Service to remember your setup preferences across sessions. This is the only feature that involves storing personal data on our end.

3. Data We Collect

3.1 Account data — only when you sign in with Google

When you choose to sign in via Google through Firebase Authentication, we receive the following from Google:

Data point	Why we receive it
Display name	Shown in the UI to confirm you are signed in
Email address	Used as a human-readable identifier for your account
Profile photo URL	Shown as your avatar in the UI
Google UID	Unique identifier that links your preferences record in our database

Sign-in is entirely optional. If you never sign in, none of the above is collected.

3.2 Preferences data — only when you sign in

If you sign in, the following user preferences are stored in Firebase Firestore, linked to your Google UID:

Data source type (Last.fm, Google Sheets, or file)
Last.fm username (if you provided one)
Google Sheets URL or ID (if you provided one)
Tab / sheet name (if applicable)
UI preferences: theme color, interface language, week start day

This data is used exclusively to restore your setup when you return to the Service.

3.3 Analytics data

The Service uses GoatCounter for page-view analytics. GoatCounter is a privacy-respecting tool that:

Sets no cookies
Collects no personal data or persistent identifiers
Does not track you across sites or sessions
Records only aggregate counts (page views, referrer domain, browser language, screen size)

Aggregate traffic counts are publicly visible at erwindank.goatcounter.com. No personal data is included.

3.4 Data we do NOT collect

Your listening history, scrobbles, or any music data
Spotify, Apple Music, or any other streaming service credentials
Payment information (the core Service is free; if paid features are introduced, payment processing would be handled by a third-party provider at that time)
Precise location data
Device fingerprints or advertising identifiers
IP addresses beyond what Firebase may log as part of its standard infrastructure operation (see Firebase Privacy)

4. Legal Basis for Processing

This section applies primarily to users in the European Union and United Kingdom, where a lawful basis is required under the GDPR for processing personal data.

Processing activity	Lawful basis
Account & preferences data (signed-in users)	Contract performance — you requested the settings-sync feature; processing your account data is necessary to provide it.
GoatCounter analytics	No basis required — GoatCounter collects no personal data.
Cloudflare hosting infrastructure	Legitimate interests — serving the website requires passing requests through Cloudflare's network.

We do not use your data for advertising or automated profiling that produces legal effects.

5. How We Use Your Data

The data described in Section 3 is used exclusively to:

Authenticate you and identify your stored preferences record
Restore your configuration (data source, sheet URL, theme, language, etc.) when you return to the Service
Understand aggregate, anonymous traffic patterns via GoatCounter

We do not use your data for:

Marketing or advertising (no ad network has access to your data)
Profiling or automated decision-making with legal or significant effects
Sharing, selling, or renting to third parties outside of the processors listed in Section 6

6. Data Sharing & Third-Party Processors

We share data only with the following sub-processors, solely to the extent necessary to provide the Service:

Processor	Purpose	Data shared
Google Firebase	Authentication and Firestore database hosting	Account data, preferences data (signed-in users only)
GoatCounter	Privacy-first page-view analytics	No personal data — aggregate counts only
Cloudflare Pages	Static site hosting and CDN	Standard web request metadata (IP, user agent) as part of hosting
Last.fm	Music history API (direct browser-to-Last.fm)	Your Last.fm username is sent by your browser directly to Last.fm; dankcharts.fm is not involved

We do not sell, rent, or trade your personal information to any third party.

7. International Data Transfers

dankcharts.fm is operated from Guatemala. If you are located in the European Economic Area (EEA) or United Kingdom, your data may be transferred to and processed in the United States (where Google Firebase's servers are located) and other countries.

Google Firebase relies on the EU–U.S. Data Privacy Framework and Standard Contractual Clauses as the legal mechanism for these transfers. You can review Google's data transfer safeguards in the Firebase Privacy documentation.

8. Data Retention & Deletion

Your account and preferences data in Firebase is retained for as long as you maintain a signed-in account with the Service.

To delete your data:

Email yourdata@dankcharts.fm with the subject line "Delete my account".
We will permanently delete your Firestore record and Firebase Authentication entry within 30 days of your request.

If you never signed in, no personal data was stored and no deletion action is needed.

GoatCounter analytics data contains no personal information and is retained indefinitely as aggregate statistics only.

9. Cookies & Local Storage

The Service uses no advertising or tracking cookies. The only browser storage in use is:

Storage type	What it holds	Leaves your device?
localStorage	UI preferences: theme, language, source selection, chart settings	No — stays in your browser. Synced to Firebase only if you sign in.
Firebase session cookie	Short-lived authentication token set by Firebase Auth	Yes — sent to Firebase on authenticated requests only. Not used for tracking.

GoatCounter does not use cookies or any persistent identifiers.

You can clear localStorage at any time via your browser's developer tools or settings. Clearing it will reset your local preferences; your synced preferences in Firebase (if signed in) will be unaffected.

10. Your Rights — EU & UK (GDPR)

If you are located in the European Union or United Kingdom, you have the following rights under the GDPR and UK GDPR:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — ask us to correct inaccurate or incomplete data.
Right to erasure — ask us to delete your personal data ("right to be forgotten").
Right to restriction of processing — ask us to limit how we process your data.
Right to data portability — receive your data in a structured, machine-readable format (e.g., JSON).
Right to object — object to processing based on legitimate interests.
Right to withdraw consent — where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at yourdata@dankcharts.fm. We will respond within 30 days. For complex requests we may extend this by a further two months, and will notify you accordingly.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority (e.g., your national DPA within the EU, or the ICO in the UK).

11. Your Rights — California (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to delete — request deletion of personal information we have collected from you, subject to certain exceptions.
Right to opt out of sale — we do not sell personal information, so no opt-out mechanism is required or provided.
Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, email yourdata@dankcharts.fm. We will respond within 45 days as required by California law, with the option to extend by a further 45 days when reasonably necessary.

12. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you are under 16 (or the applicable age of digital consent in your country), you must have parental or guardian consent before signing in or providing any personal data.

If you believe we have inadvertently collected personal data from a child under 13, please contact us at yourdata@dankcharts.fm and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes take effect constitutes acknowledgment of the revised Policy.

For material changes that affect how your personal data is collected or used, we will make reasonable efforts to notify signed-in users (e.g., via a notice on the app's landing screen) before the changes take effect.

14. Contact & Data Requests

For any questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern:

Data Controller: Erwin Solorzano