Privacy Policy

This Privacy Policy describes how DLM(“Spinn Radio”, “we”, “our” or “us”) collects, uses and protects information when you use the Spinn Radio website, Progressive Web App, Android app and iOS app (collectively, the “Service”).

The Service includes a 50,000+ station internet radio directory, an interactive 3D globe, curated playlists, podcasts, music videos, sports content, movies and a social layer. Some features are powered by third-party services whose own privacy policies also apply when you interact with them.

DLM is the data controller. You can reach our privacy team at privacy@dlmradio.com.

Account information

When you sign in with Google or Apple, we receive your name, email address and a profile picture (Google only). For Sign in with Apple, you may choose to share a private relay email address — we honor it. We use this information to identify your account and sync your preferences across devices.

Service usage

We store your favorites, listening history, playlists, schedule presets, downloads (when applicable) and any social posts, comments or messages you create. This content is tied to your account so it can be available on every device you sign in on.

Anonymous diagnostics

We collect aggregated, non-identifying performance metrics through Vercel Analytics (cookie-less) — page views, region, browser type and Core Web Vitals. This data cannot be used to identify you.

Subscription information

When you start a Pro subscription, our payment processors (Stripe on the web, Apple In-App Purchase on iOS, and Google Play Billing on Android) collect billing information. We never see or store your card number or banking details. We retain only the subscription identifier and product/price ID needed to grant Pro features.

What we do not collect

• Precise GPS coordinates.
• Contacts, calendar entries or your photo library.
• Microphone audio (we never record you).
• Advertising identifiers (IDFA, AAID).
• Cross-app browsing data via SDK trackers.

• Operate, maintain and secure the Service (sign-in, sync, streaming).
• Personalize the experience (recommendations, recently-played, suggested artists, sports teams).
• Send transactional emails and (opt-in) push notifications about new content.
• Process subscription payments and verify entitlements with our payment partners.
• Diagnose bugs and improve performance using anonymized telemetry.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell, rent or trade your personal information. We share it only with processors who help us run the Service, and only the minimum needed:

• Infrastructure providers (Vercel, Neon, Railway) under written data processing agreements.
• Payment processors (Stripe, Apple, Google) for billing and fraud prevention.
• Authentication providers (Google, Apple) when you choose to sign in.
• Legal authorities if compelled by a valid legal process — and only after assessing the request.
• Successors in the unlikely event of a merger, acquisition or asset sale, with notice to you.

• Authentication cookies — a single secure, http-only session cookie issued by Auth.js after you sign in. Required to keep you logged in.
• Preference storage — theme, volume, last visited section and tutorial state are kept in localStorage on your device.
• Cache — service-worker caches for offline-friendly browsing of previously loaded pages.
• No ad cookies, no trackers— we don't set marketing, advertising or cross-site tracking cookies.

Account data is retained for the lifetime of your account. Listening history older than 24 months is automatically pruned. Payment records are kept for the period required by tax and accounting regulations (typically 7 years). Logs containing IP addresses and request paths are kept for up to 30 days for security and abuse prevention.

You can permanently delete your account and all associated data at any time from the in-app settings or via our Delete Account & Data page.

• Access — receive a copy of the personal data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — delete your account and data ('right to be forgotten').
• Restriction & objection — limit how we use your data, or object to specific processing.
• Portability — export your favorites and history in a machine-readable format.
• Withdraw consent — at any time, without affecting prior lawful processing.
• Lodge a complaint with your local supervisory authority (e.g. ICO, CNIL, EDPB).

To exercise any right, email privacy@dlmradio.com. We respond within 30 days.

Spinn Radio is operated from the United States. Personal data is processed in the United States and the European Union (Vercel and Neon regions). Where data leaves your jurisdiction, transfers are protected by the appropriate safeguards including the EU Standard Contractual Clauses and the UK International Data Transfer Addendum.

Spinn Radio is rated for general audiences. We do not knowingly collect personal data from children under 13 (or under 16 in the EEA / UK). If we learn that we have inadvertently collected such data, we will delete it. Parents or guardians who believe their child has provided us with personal data can contact privacy@dlmradio.com.

We use industry-standard safeguards: TLS 1.3 in transit, encryption at rest in our databases and blob storage, hashed credentials, scoped service tokens, and regular dependency & vulnerability scanning. Access to production data is restricted to a small number of engineers using SSO with hardware-key MFA.

No system is invulnerable. If you discover a security issue, please disclose responsibly to security@dlmradio.com.

We may update this policy as the Service evolves or to reflect new third-party services. Material changes will be flagged in-app and the updated date at the top of this page will reflect the revision. Continued use of the Service after a change constitutes acceptance of the updated policy.

For privacy questions, data subject requests, or to report concerns: