Privacy

Privacy Policy

Last updated May 14, 2026

Resonance is a small, social app built around music and memory. This policy explains what we collect, why, and what we never will.

What we collect

• Account data. Your email address, username, and the password hash (we never store your password in readable form). If you sign in with Apple or Google, we store the identifier those providers return so we can recognize you on the next sign in.
• Content you create. The memories you post — the song, the text, the mood, the year, any optional fields — and the follows, resonances, and threads those produce.
• Profile images you choose. If you upload a profile picture, we store that selected image so it can appear on your profile. We do not scan or import the rest of your photo library.
• Linked Apple Music. If you connect Apple Music, we store the tokens required to read your library and listening history. We read metadata (track titles, artists, recently played) only as needed to power the features you use. You can disconnect Apple Music from Settings. Spotify linking is paused for new accounts; if you previously linked Spotify, we store the tokens required to keep existing Spotify-backed features working until you disconnect it.
• Device identifiers for push. If you enable notifications, we store your Expo/APNs push token so we can send you notifications.
• Subscription records. If you buy Resonance+, we store the App Store product ID, entitlement status, renewal/expiration state, and Apple transaction identifiers needed to unlock paid features and support billing questions. We never receive your full payment card details.
• Reports and moderation records. If you report content or block someone, we store the report/block record and the reason you selected so we can review abuse and enforce the rules.
• Operational telemetry. API route, request timing, status-code, upstream-service, and database health metrics so we can keep the service reliable. We do not use advertising SDKs or cross-app tracking.
• Crash diagnostics. If the app crashes, a stack trace, route, user ID when available, app version, build ID, platform, and basic error details may be recorded so we can fix it.

What we don't collect

• The App Store app does not request device location permission or collect GPS from your device.
• We don't collect your contacts, microphone audio, health data, or photo library. We only receive a photo if you choose one as your profile picture.
• We don't sell your data to anyone. Ever.
• We don't track you across other apps or websites.

Who can see what you post

Every memory has a visibility setting. You choose:

• Followers. Only people whose follow requests you accepted (plus you).
• Close friends. Only followers you added to your close-friends list.
• Private. Only you.

You can change the visibility of any memory after posting, or delete it entirely. Deleted memories are removed from our database.

Third parties we work with

• Spotify (if you link it) — to read your library and listening activity, per Spotify's terms.
• Apple — for Sign in with Apple, Apple Music, push delivery via APNs, App Store distribution, and App Store subscription billing.
• Google — only if you sign in with Google, which reveals your name and email to us.
• Expo — for push notification delivery and app build infrastructure.
• Render and our database provider — to host the API and store Resonance account, post, and relationship data.
• Resend — to send account-security email such as password-reset messages.
• Anthropic — only when an AI-powered narrative feature is requested, and only with the recent moment text and song metadata needed to generate that feature.

We do not use advertising SDKs, analytics companies that resell data, or third-party trackers.

Your rights

You can:

• See and edit your profile, follows, and memories inside the app.
• Delete any memory at any time.
• Delete your account (Profile → Settings → Delete account), which removes your data within 30 days. If you have an active App Store subscription, you must cancel it in your Apple ID settings because deleting your Resonance account does not cancel Apple billing.
• Export a copy of your data from Profile → Settings → Download my data, or by emailing support@resonating.app.

If you're in the EU/UK, you have the right to access, correct, port, or delete your data under GDPR. Email us and we'll handle it within 30 days.

Children

Resonance is rated 12+ and is not directed at children under 13. We don't knowingly collect data from children under 13. If you believe we have, email support@resonating.app and we'll delete it.

Security

Passwords are stored as bcrypt hashes. Production traffic is HTTPS-only. OAuth tokens are encrypted at rest. No system is perfect — if you spot a vulnerability, please email security@resonating.app and we'll work with you on it.

Changes to this policy

If we change anything material, we'll note it in-app before the change takes effect. The date at the top of this page is always the last update.

Contact

Email privacy@resonating.app.