Daily Floyd
Sign inSign up

Privacy Policy

Last updated: 2026-04-28

Daily Floyd is a music discussion app. This page explains what we collect, why, and what we don't. We try to keep this honest and short.

What we collect

  • Account info. When you sign in with Apple or Google, we receive a stable user identifier and your email (or a private relay address if you used Apple's "Hide My Email"). If you sign up with email + password, we store the email and a one-way hash of your password — never the password itself. You also choose a public display name.
  • Activity. Ratings (1–10), comments, replies, and upvotes you create are stored against your user record. Comments and ratings are public to other users.
  • Device tokens. If you opt in to push notifications, we store an APNs/FCM device token so we can send you the daily song notification. We do not use it for anything else.
  • Session metadata. Sessions log the IP address and user-agent string at sign-in for security and abuse detection. Sessions expire and are rotated.
  • Feedback. If you submit feedback through the app or website, the message body and any optional email you provide are stored so we can read it and (sometimes) reply.

What we don't collect

  • No third-party analytics SDKs (Google Analytics, Firebase Analytics, etc.).
  • No advertising identifiers, no ad tracking, no IDFA.
  • No location data.
  • No microphone, camera, contacts, photos, or health data.
  • No browsing history outside the app.

How your data is used

Data is used solely to operate Daily Floyd:

  • Authenticate you and keep you signed in.
  • Render your ratings, comments, and replies to other users.
  • Compute community charts (top rated, most discussed, etc.).
  • Send the daily song push notification (if enabled).
  • Detect and prevent abuse / moderate content.

We do not sell your data. We do not share it with advertisers. We don't have advertisers.

Third parties we use to run the service

  • Vercel — application hosting (US).
  • Neon — Postgres database (US).
  • Apple, Google — sign-in providers (only the IDs they return are stored).
  • Resend — transactional email (account verification, password reset, feedback receipts).
  • APNs (Apple) and FCM (Google) — push notification delivery.
  • Wikipedia / Wikimedia — public catalog metadata and album art.
  • Genius — links to lyrics pages (we never receive your behaviour from Genius).

Your rights

  • Access. The app shows everything we have on you — your stats page lists every rating, comment, and upvote you've made.
  • Deletion. Tap "Delete account" in your Profile to permanently remove your account. Your comments are anonymized (the body remains so threads stay readable; the author becomes "[deleted]"); ratings, votes, devices, and your user record are erased. This is irreversible.
  • Export. Email hello@dailyfloyd.com and we'll send you a JSON dump of your data within 30 days.
  • Correction. Edit your display name in Profile, or email us for anything else.

Children

Daily Floyd is not directed at children under 13. We don't knowingly collect data from anyone under 13. If you believe a child has signed up, email us and we'll delete the account.

Changes

If we change this policy in a way that materially affects what we collect or how we use it, we'll show you a notice in the app before applying it.

Contact

Questions: hello@dailyfloyd.com