Hit The Mic ("the app") and the website at hitthemic.com ("the site") are
operated by Danny Delacruz. This policy explains what data is collected, how it is used, and your
choices. Together the app and site are referred to as the "Services".
Data stored on your device
The app stores the following data locally in a SQLite database on your device only:
Your song favorites, play history, and queue
Spotify playlists you have imported (song titles and artist names only — no Spotify credentials)
Favorite artists and genres
A record of which in-app tips you have dismissed (stored as a numeric bitmask)
A randomly generated device identifier used to identify your device within a party session
This data never leaves your device except as described below.
Data sent to my server
The following information is transmitted to my servers (hitthemic.com) solely to provide
features of the Services:
Search queries — song and artist names you type into the search bar,
used to return results from my karaoke database.
Library sync — favorites, history, and playlists may be synced so you
can restore your library on a new device. Synced data is linked to your device ID, and
additionally to your name and email if you sign in (see below).
Account sign-in — if you sign in with Apple, Google, or email/password,
your name and email address are stored on my server and linked to your library so it
can be restored across devices. Passwords (email sign-in only) are stored as bcrypt
hashes — I never see or store the plaintext.
Party sessions — when you create or join a party (from the app or from a
web browser as a guest), song titles, artist names, your chosen device name, and your
device ID are shared with the party session for the duration of the session. Sessions
expire automatically. If a host blocks a participant, a limited block record may be
retained beyond the session so the block can be enforced.
Party photos — you may optionally upload a photo to be shown on the
party's display screen when you are the current or next singer. The photo is stored
temporarily on my server, linked to your device ID for the duration of the party, and
is deleted when the party ends. You can remove it at any time from the party's guest
list, and the party host can remove it as well. Please upload only a photo you are
comfortable showing publicly, and do not upload photos of other people without their
permission.
Usage events — certain in-app actions (a song played, queued, favorited,
or a search returning a result) are sent to my server with a song identifier, solo/party
context, a timestamp, and your device identifier. The device identifier is stored as a
one-way hash (SHA-256, truncated). These records power features such as the end-of-year
"Year in Singing" recap and are retained for approximately 120 days.
Push notifications — if you enable notifications, your device's push
token is stored so I can send alerts such as "you're up next" during a party.
Feedback — if you submit feedback through the app, your message and
(optionally) the email you provide are sent to me as a notification.
Song requests — when a search returns no results, you can submit the
song title and (optionally) artist name so I can add it. The search query that produced
no results is also recorded. No name, email, or device ID is attached.
Website waitlist & contact form — if you enter your email in the
launch sign-up form on the site, it is stored so I can email you about the launch (you can
ask me to remove it at any time). If you use the site's contact form, your email and
message are sent to me as a notification so I can respond.
I do not sell or share your data with third parties for advertising purposes.
Analytics
The app uses Aptabase, a privacy-friendly analytics service, to understand
which features are used. It records anonymous, aggregate events and low-detail properties and is
designed not to collect personal information, advertising identifiers, or to track you across other
apps or websites. Separately, the first-party "usage events" described above are used for the same
purpose on my own server.
Third-party services
YouTube / Google — songs are played via the YouTube app or website, and
YouTube's own privacy policy applies to that playback.
Spotify — you can import a public Spotify playlist by sharing its link
into the app. The app reads only the playlist's public track listing (song titles and artist
names) to match against the karaoke catalog. There is no Spotify login, and I never receive
your Spotify password, account, or access tokens.
Sign in with Apple and Google Sign-In — used for optional
account sign-in.
Aptabase — anonymous product analytics, as described above.
TheAudioDB — artist images are fetched from TheAudioDB's public API.
GetSongBPM — song tempo and key data.
Microphone
The app requests microphone access only for the voice search feature. Audio is processed
on-device by Apple's Speech Recognition framework. No audio recordings are stored or
transmitted by the app.
Audio playback controls
Optional audio adjustments (such as key and reverb, available on some platforms) are processed
entirely on your device while a song plays. No audio is recorded, uploaded, or transmitted to me or
any third party as part of these features.
Children
The Services are not directed at children under 13 and I do not knowingly collect data
from children.
Your rights
You may request access to, correction of, or deletion of the personal information I hold about
you, and you can unsubscribe from waitlist emails at any time. If you are a California resident,
you have rights under the CCPA, including to know what is collected and to request deletion; I do
not sell personal information. To exercise any of these rights, email me at the address below.
Changes
I may update this policy. Continued use of the Services after changes constitutes acceptance
of the revised policy.