When you connect your Spotify account, Bwomp accesses your profile name, playlists, top tracks, top artists, and recently played tracks. This data is used solely to generate recommendations and display your listening stats within the app.
Bwomp does not store your Spotify data in any database. Your Spotify OAuth token is cached locally on the server for the duration of your session. No personal data is sent to third parties beyond the API calls to Spotify and Last.fm required to provide the service.
Bwomp uses the Last.fm API (read-only) to find similar tracks and music tags. No Last.fm account or personal data is required. Only artist names, track titles, and tags are queried.
When you share a playlist, the track list (titles, artists, album art URLs) is stored in a local file on the server. Shared playlists are accessible via their unique link. No personal information is included in shared playlist data.
You can disconnect your Spotify account at any time using the "Disconnect" button in the app sidebar. This removes your cached token. You can also revoke Bwomp's access from your Spotify account settings.
Bwomp uses browser localStorage to save your recent playlist history. No tracking cookies or analytics are used.
If you have questions about this privacy policy, please open an issue on the project's GitHub repository.
Last updated: March 2026