Privacy Policy

Effective: March 3, 2026

1. Introduction

Vinyl Catalog ("we," "us," or "our") is a record collection management service operated by Joseph Condon. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and iOS application (collectively, the "Service").

By using Vinyl Catalog, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Account Information

  • First name and last name
  • Display name
  • Email address
  • Password (stored encrypted, never in plain text)
  • Apple ID identifier (if you sign in with Apple)
  • Date format preference

Collection Data

  • Albums and releases you add to your collection
  • Condition ratings (media and sleeve), personal notes, and star ratings you assign
  • Purchase details (price paid, date, location) if you choose to enter them
  • Folders and organizational structures you create
  • Wishlist items with priority levels, price thresholds, and notes
  • Multiple copies of the same album, each with independent metadata

Subscription Information

  • Subscription status (free, active, expired, billing issue)
  • Subscription plan and product identifier
  • Subscription expiration date and renewal status
  • Purchase source (App Store, web, etc.)
  • Original purchase date

Subscription billing is managed by RevenueCat and Apple (for App Store purchases). We do not store your payment card details. See Section 4 for more information.

Automatically Collected Data

  • Activity logs of collection changes (additions, removals, rating changes, condition updates) for your activity feed
  • Basic request information (IP address, browser type) via standard server logs
  • Approximate country (e.g. "US" or "GB"), derived from your IP address at signup or your first authenticated visit. We store only the two-letter country code on your account — your IP address itself is not saved to your profile. The lookup is performed by a third-party geolocation service (ipinfo.io). We use this information to prioritize language support and regional features.

Imported Data

If you use our CSV import feature, we process the uploaded file to add albums to your collection. The CSV file is processed on our servers and is not retained after the import is complete. Duplicate detection is performed automatically to avoid re-importing albums you already own.

Contact Form Data

If you submit a message through our contact form, we store your name, email address, message category, subject, and message body. This data is used to respond to your inquiry and is emailed to our support team. We also record the IP address of contact form submissions for anti-spam purposes.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Vinyl Catalog service
  • Authenticate your account and secure your data
  • Display your collection, statistics, and activity history
  • Estimate collection values based on marketplace pricing data
  • Manage your subscription status and feature access
  • Send transactional emails (password resets, contact form confirmations)
  • Respond to support inquiries submitted through the contact form
  • Improve the service based on usage patterns

4. Third-Party Services

Discogs

We use the Discogs API to provide album, artist, and label information. When you search for or add a release, your search queries are sent to the Discogs API. We also periodically fetch marketplace pricing data from Discogs to provide condition-adjusted value estimates for your collection. Discogs has its own privacy policy. We cache release data and pricing information locally to reduce API calls and improve performance.

RevenueCat

Subscription billing and management is handled by RevenueCat. When you subscribe to Vinyl Catalog+, RevenueCat processes your payment (via Apple's App Store or Stripe for web purchases) and sends us subscription lifecycle events (purchase, renewal, cancellation, expiration). We store your subscription status but never your payment card details. RevenueCat's privacy policy governs their handling of your data.

Image Storage

Album, artist, label, and master release images are downloaded and stored on Backblaze B2 cloud storage to ensure fast and reliable image loading. These are publicly accessible images sourced from Discogs.

Email Service

We use SMTP2GO to send transactional emails such as password reset links and contact form confirmations. Your email address is shared with SMTP2GO solely for the purpose of email delivery. We do not send marketing emails.

Apple Sign In

If you use Sign in with Apple, we receive and store only your Apple user identifier and, if you choose to share it, your email address. We verify your identity through Apple's authentication servers. Apple's privacy policy governs data on their end.

5. Data Storage and Security

Your data is stored in a MySQL database. We use industry-standard security measures including:

  • Encrypted password storage (bcrypt hashing)
  • HTTPS encryption for all data in transit
  • Token-based API authentication (Laravel Sanctum)
  • Per-user data isolation — you can only access your own collection

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Your collection data is private to your account. We share data with third-party services only as described in Section 4 (to provide core functionality such as billing, email delivery, and album data). We may disclose information if required by law or to protect the safety of our users.

7. Cookies and Local Storage

We use:

  • Session cookies — to keep you logged in and maintain your session
  • CSRF tokens — to protect against cross-site request forgery
  • Local storage — to remember your appearance preferences (dark/light mode)

We do not use tracking cookies or third-party analytics cookies.

8. Your Rights

You have the right to:

  • Access — View all data associated with your account through the app
  • Update — Edit your profile information and collection data at any time
  • Export — Download your collection data as a CSV file (available to Vinyl Catalog+ subscribers)
  • Delete — Delete your account and all associated data (collection, activity history, folders, wishlist, and personal information) through the account settings. This action is permanent and cannot be undone.

9. Children's Privacy

Vinyl Catalog is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can remove it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us.