Privacy

• Track metadata and chart snapshots derived from public playlists (ids, URLs, labels, timestamps).
• Elo ratings per track.
• Short-lived rate limit counters keyed by a hashed IP+UA bucket.
• For charts: public playlist ranks scraped from kworb.net’s Spotify snapshots; cached for under an hour.

• No analytics events, no long-lived profiles by default.
• No cookies unless you add them later; current flow is cookie-free.
• No Spotify tokens or refresh secrets—playlist browsing is anonymous.

We render chart metadata locally. If you follow outbound links, those services apply their own policies—see Spotify's privacy policy for details.

Requests are rate limited using a rotating HMAC key derived from IP, user agent, and the current hour bucket. Counters expire automatically.