Privacy Policy

Last updated: November 26, 2025

1. Introduction

Album Ranker ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (hashed using bcrypt with salt - we never store your actual password)

Important: Your password is never stored in plain text. Supabase uses bcrypt hashing with a unique salt for each password. This means even if someone gains access to the database, they cannot see or recover your actual password. Only a one-way hash is stored, which cannot be reversed to reveal your password.

2.2 Album Data

When you use our service, we store:

  • Albums you rank (title, artist, year, genres, country)
  • Your ranking positions
  • Album cover art URLs
  • Any additional metadata you provide

2.3 Technical Data

We automatically collect technical information including:

  • IP address
  • Browser type and version
  • Device information
  • Usage patterns and timestamps

2.4 What We Do NOT Store

For your security, we explicitly do NOT store:

  • Plaintext passwords - Only bcrypt hashes are stored
  • Payment information - We don't process payments
  • Personal identifiers beyond email address
  • Location data beyond what's provided in album metadata

3. How We Use Your Information

We use your information to:

  • Provide and maintain our service
  • Authenticate your account and manage your session
  • Store your album rankings and preferences
  • Improve our service and user experience
  • Respond to your requests and provide support
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Data Storage and Security

Your data is stored securely using Supabase, a GDPR-compliant cloud platform. We implement industry-standard security measures including:

  • Encrypted data transmission (HTTPS)
  • Encrypted data storage
  • Authentication tokens for secure access
  • Row-level security policies to ensure data isolation

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following circumstances:

  • With service providers (like Supabase) who help us operate our service
  • When required by law or legal process
  • To protect our rights, privacy, safety, or property
  • In connection with a business transfer (merger, acquisition, etc.)

6. Your Rights

Under GDPR and other privacy laws, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a structured format
  • Objection: Object to processing of your data
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us or use the account deletion feature in your profile settings.

7. Cookies

We use essential cookies to maintain your authentication session. These cookies are necessary for the service to function and cannot be disabled. For more information, see our Cookie Policy.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide our service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.

9. Children's Privacy

Our service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. You are advised to review this policy periodically.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at albumrankerapp@gmail.com or use the account deletion feature in your profile settings.