Privacy Policy

Last updated April 22, 2026.

Resonance is a small, social app built around music and memory. This policy explains what we collect, why, and what we never will.

What we collect

• Account data. Your email address, username, and the password hash (we never store your password in readable form). If you sign in with Apple or Google, we store the identifier those providers return so we can recognize you on the next sign in.
• Content you create. The memories you post — the song, the text, the mood, the year, any optional fields — and the follows, resonances, and threads those produce.
• Linked music accounts. If you connect Spotify or Apple Music, we store the OAuth tokens required to read your library and listening history. We read metadata (track titles, artists, recently played); we do not read your private playlists beyond what's needed to power the features you use.
• Device identifiers for push. If you enable notifications, we store your Expo/APNs push token so we can send you notifications.
• Usage analytics. Anonymized interaction events (what screens load, which buttons you tap) so we can understand which features people use. No advertising SDKs. No cross-app tracking.
• Crash diagnostics. If the app crashes, a stack trace and basic device info may be recorded so we can fix it.

What we don't collect

• We don't collect your precise location. The optional "city" field on a memory is free-text you type in yourself.
• We don't collect your contacts, photos, microphone audio, or health data.
• We don't sell your data to anyone. Ever.
• We don't track you across other apps or websites.

Who can see what you post

Every memory has a visibility setting. You choose:

• Followers. Only people whose follow requests you accepted (plus you).
• Private. Only you.

You can change the visibility of any memory after posting, or delete it entirely. Deleted memories are removed from our database.

Third parties we work with

• Spotify (if you link it) — to read your library and listening activity, per Spotify's terms.
• Apple — for Sign in with Apple, push delivery via APNs, and App Store distribution.
• Google — only if you sign in with Google, which reveals your name and email to us.
• Expo (the framework we build on) — for push notification delivery.
• Our own backend infrastructure for hosting the API and database.

We do not use advertising SDKs, analytics companies that resell data, or third-party trackers.

Your rights

You can:

• See and edit your profile, follows, and memories inside the app.
• Delete any memory at any time.
• Delete your account (Profile → Settings → Delete account), which removes your data within 30 days.
• Export a copy of your data by emailing support@resonance.app.

If you're in the EU/UK, you have the right to access, correct, port, or delete your data under GDPR. Email us and we'll handle it within 30 days.

Children

Resonance is rated 12+ and is not directed at children under 13. We don't knowingly collect data from children under 13. If you believe we have, email support@resonance.app and we'll delete it.

Security

Passwords are stored as bcrypt hashes. Production traffic is HTTPS-only. OAuth tokens are encrypted at rest. No system is perfect — if you spot a vulnerability, please email security@resonance.app and we'll work with you on it.

Changes to this policy

If we change anything material, we'll note it in-app before the change takes effect. The date at the top of this page is always the last update.

Contact

Email privacy@resonance.app.