Privacy Policy

This Privacy Policy explains how Knots(“we,” “us,” or “our”) collects, uses, and protects information when you use the Service.

2.1 Account Information. We collect information you provide to create an account, such as email address and profile preferences. Passwords are stored as cryptographic hashes (not in plain text).

2.2 Connected Music Services. If you connect Spotify and/or Apple Music, we store OAuth tokens and related identifiers needed to sync your library (for example, followed artists and favorites). Tokens are stored securely using encryption and used only for authorized functions you initiate.

2.3 Usage Data. We collect the following usage and device information:

• IP address (anonymized at collection — last octet masked for IPv4)
• Approximate geographic region (country and continent derived from Cloudflare headers)
• Device type classification (web browser vs native app)
• Login timestamps and frequency
• Server response time measurements
• Pages visited and navigation patterns

We use server-side metrics (Prometheus) for performance monitoring; this data is not linked to individual user accounts.

2.4 User-Generated Content. We store content you create, such as saved graphs/views, favorites, notes, and custom relationships.

2.5 Activity & Analytics. We collect the following activity data to improve the Service:

• Daily active usage tracking (date and interaction count per day, 90-day retention)
• UI interaction events such as button clicks and navigation (anonymous session identifier, not linked to your account, 90-day retention)
• Search and browsing history of artists you view (retained for 1 year, then automatically deleted)

2.6 Crash Reports. When the app encounters an error, we may collect: app version, operating system version, device model, error type, and technical stack trace. Crash reports are retained for 90 days and used solely to identify and fix bugs.

2.7 Security & Anti-Abuse. Authentication events (login attempts, password changes) are logged for security purposes and retained for 90 days. We use Cloudflare Turnstile for bot protection during login and registration. This sends your IP address to Cloudflare for risk assessment. Cloudflare's privacy policy applies to this processing.

2.8 Subscription Data. If you subscribe to Knots Premium, we store: subscription status (active, expired, etc.), product identifier, subscription period, renewal status, and a transaction identifier provided by Apple. Payment details (credit card numbers, billing address) are processed and stored exclusively by Apple and are never transmitted to or stored on our servers. We receive only the information necessary to verify your subscription status and provide Premium features.

• Provide and operate the Service
• Authenticate users and maintain sessions
• Sync connected music services at your request
• Personalize graphs, recommendations, and saved views
• Improve performance, reliability, and features
• Prevent fraud, abuse, and security incidents
• Comply with legal obligations

We share information only as needed to operate the Service, for example:

• Spotify / Apple Music: for OAuth authorization and library sync
• Hosting & infrastructure providers: to store and deliver the Service
• Server-side metrics: to understand feature usage and improve the Service (not linked to user identity)

We do not sell your personal information.

Knots aggregates music metadata from multiple third-party sources:

• MusicBrainz: Artist metadata, relationships (CC0)
• Wikipedia / Wikidata: Biographies, structured data (CC BY-SA / CC0)
• Discogs: Discography information
• Last.fm: Artist images, play counts
• Fanart.tv: High-quality artist images
• Setlist.fm: Concert history
• OpenStreetMap: Map tiles (ODbL)

See our Attribution page for full licensing details.

We apply specific retention periods to each category of data we collect. When data reaches the end of its retention period, it is permanently deleted.

We run automated cleanup processes weekly to enforce these retention periods.

Access & Export: You may request a copy of your personal data by emailing [email protected]. We will respond within 30 days.

Deletion:You can delete your account at any time from Settings > Security. Your account will be disabled immediately and permanently deleted after a 10-day grace period. You may also request deletion by emailing [email protected].

You may disconnect Spotify/Apple Music integrations in Settings. If you disconnect, previously imported library data may remain in your account unless you delete it or request deletion.

For EU/EEA users (GDPR): You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, email [email protected]. We will respond within 30 days.

For California users (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt-out of sale (we do not sell personal information).

We use industry-standard safeguards, including encryption (TLS in transit, encrypted at rest for sensitive data) and access controls, to protect information. However, no system is 100% secure.

Knots may process and store data in the United States and other countries where our providers operate. By using the Service, you consent to the transfer of your information to these locations.

Knots uses the following cookies:

• Authentication session cookies (essential, HttpOnly) — maintain your signed-in session
• Theme preference cookie (essential, cross-subdomain) — remember your light/dark mode choice
• Cloudflare security cookies — set by Cloudflare Turnstile and CDN for bot protection and performance

We do not use third-party tracking or advertising cookies.

Knots is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us to have it removed.

We may update this Privacy Policy from time to time. If changes are material, we will provide notice as required by law (e.g., by email or prominent notice on the Service).

Privacy inquiries: [email protected]