Privacy Policy
Last updated: May 28, 2026
This policy describes how MusicMe collects, uses and
protects your personal data. It applies to the iOS mobile app, the
macOS app, any CarPlay integration and the musicme.vip
website. By using the service, you agree to the practices described
here.
1. Who we are
MusicMe is operated by Apache Network SA ("we", "MusicMe"), a French société anonyme (public limited company) with a board of directors, share capital €118,166, registered in the Nanterre Trade and Companies Register under number 420 207 557 (SIRET 420 207 557 00042 — INSEE code 62.01Z), with its registered office at 47 Rue Marcel Dassault, 92514 Boulogne-Billancourt Cedex, France.
Publication director: Alexandre Marie, Chairman of the Board.
Data Protection Officer: privacy@musicme.vip.
2. What data do we collect?
2.1 Data you provide
- Email and password (hashed) when creating your account
- Display name and avatar of your choice
- Favorites and playlists you create
2.2 Usage data
- Listening history (tracks played, duration, completion) — powers your personalized recommendations
- Offline downloads (list of downloaded tracks, encrypted AES-256-CTR on your device)
- Playback preferences (crossfade, volume, language, theme)
2.3 Technical data
- IP address (server logs, retained 30 days)
- Device model and OS version (for debugging)
- Session tokens (encrypted JWT stored in iOS Keychain / macOS Secure Enclave)
2.4 Payment data
If you subscribe to MusicMe Premium, payments are handled by Apple (in-app purchase) or Stripe. We never store your credit card number. We only receive your subscription status (active, expired, canceled) and expiration date.
3. Why do we collect this data?
| Data | Purpose | Legal basis |
|---|---|---|
| Email, password | Authentication | Contract performance |
| Display name, avatar | In-app display | Contract performance |
| Favorites, playlists | Personal storage, multi-device sync | Contract performance |
| Listening history | Personalized recommendations, radio mode | Legitimate interest |
| IP, server logs | Security, fraud prevention | Legitimate interest |
| Device model, OS | Debugging, technical support | Legitimate interest |
| Subscription status | Premium access management | Contract performance |
4. Who do we share your data with?
We share data strictly with service providers necessary for the operation of the service:
- Supabase (Inc., USA and Singapore) — database and authentication hosting. Transfers outside the EU are covered by the Standard Contractual Clauses (EU Decision 2021/914).
- Stripe (Inc., USA) — payment processing. PCI-DSS Level 1 compliant.
- Apple (Inc., USA) — distribution (App Store, TestFlight), in-app purchases, push notifications, CarPlay integration.
-
Cyberscaling Hosting Media / Sonar / HAL
(France) — music catalog, track streaming, metadata, cover art
(CDN
covers-ng1.hosting-media.net).
We never sell your data. We do not perform advertising profiling.
5. Cookies and local storage
The app uses only the operating system's secure storage to:
- Persist your session (JWT — iOS Keychain / macOS Secure Enclave / Android Secure Store)
- Cache your profile for offline mode
- Remember your preferences (language, theme, playback settings)
The musicme.vip website sets no advertising or
tracking cookies — only strictly necessary cookies if any
(not subject to prior consent per French CNIL guidelines).
6. How long do we keep your data?
- Active account: as long as you use the service
- Inactive account: automatic deletion after 3 years of inactivity (email notice 30 days before)
- Deletion request: executed within 30 days
- Server logs: 30 days
- Billing data: 10 years (legal obligation, French Commercial Code art. L.123-22)
7. Your rights
Under GDPR (EU Regulation 2016/679), you have the following rights:
- Access: obtain a copy of all your data
- Rectification: correct inaccurate data
- Erasure ("right to be forgotten"): delete your account and all associated data
- Portability: retrieve your data in a structured, readable format (JSON)
- Objection: object to processing based on legitimate interest (in particular recommendations)
- Restriction: temporarily suspend a processing
- Consent withdrawal at any time, without affecting the lawfulness of prior processing
To exercise these rights, write to privacy@musicme.vip. We respond within 30 days (extendable to 60 days for complex requests, with motivated notice).
You may also lodge a complaint with the French data protection authority (CNIL) — www.cnil.fr/en — or your local supervisory authority within the EU.
8. Security
- Passwords hashed via Argon2id (Supabase Auth)
- End-to-end communications encrypted via TLS 1.3
- Offline downloads encrypted with AES-256-CTR, key bound to your account (unreadable on another device)
- Streaming sessions signed via short-lived JWT (1 hour)
- Annual audit of providers and compliance
9. Minors
The service is prohibited to children under 15, pursuant to article 45 of the French Data Protection Act (which sets the digital consent age at 15 in France, as authorized by GDPR art. 8 §1). Between 15 and 18, the user confirms having obtained consent from a parental authority holder. If you discover that a child under 15 has created an account, contact privacy@musicme.vip for immediate deletion.
10. Changes to this policy
We may update this policy to reflect legal, technical or functional changes. Any significant change will be notified at least 30 days before it takes effect:
- via email to the address associated with your account
- via an in-app banner on startup
11. Contact
For any question relating to this policy or to exercising your rights:
Apache Network SA
47 Rue Marcel Dassault
92514 Boulogne-Billancourt Cedex, France
Email: privacy@musicme.vip