What SoundSort does
SoundSort helps Spotify Premium members merge and organise their playlists into curated collections, saved directly back to their Spotify library.
Lawful basis for processing
We process your data on the basis of contract performance — specifically, to provide the playlist merging service you signed up for. We do not process your data for marketing, profiling, or any purpose beyond delivering the service.
What data we access
SoundSort accesses your Spotify account to read your playlists and save new ones on your behalf. We request only the minimum permissions needed — we never access your listening history, personal profile details beyond what Spotify requires for authentication, or any data outside your playlists.
Cookies and browser storage
Authentication cookies Essential
Spotify access and refresh tokens are stored in secure HttpOnly cookies. These are strictly necessary for the service to function — the app cannot work without them. No consent is required under GDPR for essential cookies. They expire automatically (access token: 1 hour; refresh token: 30 days) and are deleted immediately on sign out.
Browser storage (IndexedDB) Essential
Your playlist list is temporarily cached in your browser's IndexedDB for up to one hour to avoid repeated API calls. Artist genre data is cached locally for up to 7 days. Both are deleted immediately on sign out and never leave your device.
UI preferences (localStorage) Non-essential
A single key (soundsort:library-view) is stored in localStorage to remember your preferred playlist layout (grid or list). This contains no personal data and can be cleared at any time from Settings → Preferences.
We do not use tracking, analytics, or advertising cookies of any kind.
Data retention
-
Auth tokens — access token expires after 1 hour; refresh token after 30 days. Both are deleted on sign out.
-
Playlist cache — kept for up to 1 hour, then refreshed on next visit. Deleted on sign out.
-
Genre cache — kept for up to 7 days. Can be manually cleared in Settings at any time. Deleted on sign out.
-
Nothing is stored on SoundSort's servers. All data lives on your device or in your Spotify account.
Third parties
Spotify
All core functionality depends on the Spotify Web API. Your use of SoundSort is also subject to Spotify's Terms of Service.
Last.fm
Artist names (not user data) are sent to the Last.fm public API to look up genre tags. No personally identifiable information is shared with Last.fm.
Cloudflare
SoundSort is hosted on Cloudflare Workers. Cloudflare may process request metadata (IP addresses, headers) as part of normal network operation. See Cloudflare's Privacy Policy.
Your rights under GDPR
If you are in the EU or UK, you have the following rights:
Right of access
All data SoundSort holds about you is visible within the app — your playlists come directly from Spotify and are shown to you in full.
Right to erasure
Sign out deletes all locally cached data immediately. To remove your data from Spotify itself, manage that directly in your Spotify account settings.
Right to data portability
All playlist data originates from and is saved back to your Spotify account — you can access it at any time via Spotify directly.
Right to lodge a complaint
You have the right to lodge a complaint with your local data protection authority. In the UK: ico.org.uk. In the EU: find your authority.
Your controls
You can clear cached genre data or reset UI preferences at any time from Settings. Signing out immediately deletes all locally cached data and revokes SoundSort's access to your Spotify account.
Contact
Questions or data requests? Email hello@soundsort.net