Privacy Policy

BopSpot is a location-based music sharing platform available on iOS. "BopSpot", "we", "our", or "us" refers to the BopSpot application and its operators.

Information You Provide:

• Email address — used for OTP-based authentication. No passwords stored.
• Profile information — display name, username, bio, profile photo.
• Onboarding preferences — favorite artists and tracks.
• Content — song drops, drop notes, drop photos, comments, direct messages.

Collected Automatically:

• Precise location — GPS coordinates while the app is in use, to place drops on the map and show nearby content.
• Usage data — features accessed, interaction timestamps, session info.
• Device information — model, iOS version, push notification token.
• Log and diagnostic data — crash reports and error logs.

• Authenticate your identity via one-time passcode (OTP).
• Display your drops, profile, and activity on the map and feed.
• Enable social features: friends, messaging, comments, and likes.
• Personalize your experience based on your music preferences.
• Deliver push notifications you have opted into.
• Store and deliver your direct messages and conversation history.
• Diagnose technical issues and improve app performance.
• Comply with applicable legal obligations.

If you are in the EEA, UK, or Switzerland, we process your data on the following legal bases:

• (a) Contract — necessary to provide the BopSpot service.
• (b) Legitimate Interests — for analytics, security, and fraud prevention.
• (c) Consent — for push notifications and precise location access.

You may withdraw consent at any time without affecting prior processing.

BopSpot uses the Spotify Web API for music search. When you search for songs, queries are forwarded to Spotify's servers. BopSpot does not access your Spotify account, listening history, or credentials. BopSpot is not affiliated with or endorsed by Spotify AB.

Location is accessed only while the app is in the foreground ("While Using"). Drop coordinates are stored on our servers and are visible to other users on the map. We do not collect background location. You can revoke access at any time in iOS Settings › Privacy & Security › Location Services › BopSpot.

Photos uploaded to drops or your profile are stored on BopSpot's servers and displayed to other users. We do not scan or analyze photos for any purpose other than display. Revoke access in iOS Settings › Privacy & Security › Photos › BopSpot.

Direct messages are stored on our servers for delivery and conversation history. Messages are not end-to-end encrypted. We do not use message content for advertising or sell it to third parties.

We do not sell, rent, or trade your personal information. We may share data only:

• With other BopSpot users — public profile, drops, comments, and likes are visible to other users. Messages are visible only to participants.
• With service providers — hosting, push notifications, error monitoring. Bound to process data only on our behalf.
• With Spotify — search queries forwarded to Spotify's API.
• For legal compliance — when required by law, court order, or to protect rights and safety.
• In a business transfer — with prior notice if ownership changes.

We retain data while your account is active. Upon account deletion request, personal data is permanently deleted within 30 days (except where law requires retention). To delete your account: [email protected].

Depending on your jurisdiction:

• Access — request a copy of your data.
• Correction — request inaccurate data be corrected.
• Deletion — request we delete your data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Restriction — request limits on how we process your data.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — via device settings at any time.

Contact: [email protected]. Response within 30 days.

California residents may: know what data we collect and how it is used; request deletion; opt out of sale (we do not sell data); and receive non-discriminatory service. Contact: [email protected] with subject "California Privacy Request".

BopSpot is not directed at children under 13 and does not knowingly collect data from them. Contact [email protected] if you believe a child under 13 has an account.

All communications are encrypted via HTTPS/TLS. Auth tokens are stored in the iOS Keychain. We review security practices regularly. If you suspect compromise: [email protected].

Data may be processed in the United States or other countries. We apply appropriate safeguards including standard contractual clauses where required.

We will notify you of material changes via in-app notice or email at least 14 days before they take effect. Continued use constitutes acceptance.

[email protected]

Response within 30 days.