Privacy policy

Effective date: April 2026

Your privacy matters to us. What you listen to is yours. We built HearLore with that principle at the center. This policy explains what data we collect, why, and what we do with it.

What data we collect

Account data

When you create an account, we store your email address and a securely hashed password through Supabase Auth. If you sign in with Google or Apple, we receive and store your email address and, optionally, the display name provided by your OAuth provider. We also store a profile record with your chosen display name.

Usage data

For authenticated users, we store listening history, bookmarks, playlists, and library items in Supabase. This data powers your personal library and lets you pick up where you left off.

Local storage data

HearLore stores several items in your browser's local storage. This data never leaves your device and is not transmitted to our servers. These items include your theme preference (hearlore-color-mode), player settings (hearlore-player-settings), audio playback state (hearlore_audio_state), play queue and history (hearlore_play_queue, hearlore_play_history, hearlore_recently_played), and cached copies of your library and playlists (hearlore_library, hearlore_playlists).

Cookies

We use essential cookies only. Supabase session cookies (prefixed with sb-) maintain your authenticated session. A UX gate cookie (hearlore-unauth-blocked) tracks whether you have been shown the sign-up prompt. We do not use advertising cookies or cross-site tracking cookies.

Analytics

We use Google Analytics 4 to collect anonymized usage metrics and page views. We also use Ahrefs for SEO analytics, which does not collect user-level data. These tools help us understand how people use HearLore in aggregate so we can improve the experience.

Bot detection

During signup, we use BotID for browser fingerprinting to prevent automated bot registrations. This data is used only for bot prevention and is not stored beyond the signup verification step.

Rate limiting

We use Upstash Redis for IP-based rate limit counters to protect the service from abuse. No personal data is stored in this system. Only request counts associated with IP addresses are tracked, and these counters expire automatically.

How we use your data

We use the data we collect to provide and improve the service, authenticate your sessions, remember your preferences, and analyze aggregate usage patterns. We do not use your data for any purpose other than operating and improving HearLore.

Third-party services

HearLore relies on the following third-party services, each of which receives only the data necessary for its function:

  • Supabase (authentication and database): stores your account data, playlists, bookmarks, and listening history.
  • Google Cloud (OAuth): receives your email address for authentication when you choose to sign in with Google.
  • Apple (OAuth): receives your email address and optional name for authentication when you choose to sign in with Apple.
  • Cloudflare R2 and Backblaze B2 (audio CDN): serve audio files to your browser. No user data is transmitted to these services.
  • Google Analytics 4: receives anonymized page views and usage events.
  • Ahrefs: receives SEO crawl analytics. No user-level data is collected.
  • Vercel (hosting): maintains standard web server logs including IP addresses and user agent strings.
  • IndexNow: receives search engine indexing notifications. No user data is transmitted.

What we do not do

We do not sell, trade, or share your personal data with advertisers. We do not build behavioral profiles for ad targeting. We do not use your listening history to serve you ads. What you listen to is yours.

Data retention

Account data is retained while your account is active. Usage data such as listening history, bookmarks, and playlists is retained while your account is active. Analytics data is retained per the default retention policies of Google Analytics and Ahrefs. Local storage data is controlled entirely by your browser and can be cleared at any time.

Your rights

You may request a full export of your data or request that your account and all associated data be permanently deleted. To make either request, contact us at legal@hearlore.com.

Children

HearLore is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us and we will delete it promptly.

Changes to this policy

We may update this privacy policy from time to time. When changes are made, the effective date at the top of this page will be updated. Your continued use of HearLore after any changes constitutes your acceptance of the updated policy.

Contact

If you have questions about this privacy policy, please contact us at legal@hearlore.com.