Privacy Policy

Google user data

GraceNote uses Google Sign-In (OAuth 2.0) to let you create an account and sync your data across devices. We access only the minimum information required.

When you sign in with Google, we receive and store:

• Your display name
• Your email address
• Your Google profile photo URL

How we use this information:

• Your name is displayed in the app to identify your account
• Your email address links your songs, sets, and preferences to your account, and may be used for product updates if you opt in
• Your profile photo is shown as your avatar in the app

How we protect this data:

• Stored securely in Supabase (EU servers, encrypted at rest)
• Never shared with any third parties
• Never used for advertising or marketing
• Never used to train AI or machine learning models

Retention and deletion:

• Your Google account data is kept for as long as your GraceNote account exists
• Deleting your GraceNote account permanently removes all associated Google data within 30 days

Your rights:

• Revoke GraceNote's Google access at any time: myaccount.google.com/permissions
• Delete your GraceNote account at any time: Settings → Delete account

OAuth scopes we request (minimum required):

• openid — to verify your identity
• email — to retrieve your email address
• profile — to retrieve your name and photo

We do not access your Google Drive, Gmail, Google Calendar, or any other Google service.