Skip to content

Update Privacy Policy for OAuth Music Service Integration and Playlist Information #150

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: copilot/fix-csp-settings-for-apple-music
Choose a base branch
from
Draft

Update Privacy Policy for OAuth Music Service Integration and Playlist Information #150

wants to merge 2 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Nov 26, 2025
edited
Loading

Updates privacy policy to document OAuth data handling for connected music services (Apple Music) and TuneBridge playlist data storage/access. This is a preliminary update for professional review before publishing.

Changes

OAuth Data Handling

  • Section 2.2: Documents Apple Music token storage (user token, expiration)
  • Section 6.2: Details MusicKit JS OAuth flow, scope of access (read-only playlists), and what is NOT accessed (listening history, subscription status, Apple ID)

Playlist Data

  • Section 2.4: Documents TuneBridge playlist storage (ID, user ID, title, card IDs, timestamps)
  • Section 3: Clarifies connected service playlists only accessed when explicitly chosen
  • Section 4: Added usage explanation for connected accounts and TuneBridge playlists

User Consent & Data Control

  • Section 7.2: Manage connected music services (view status, disconnect, refresh)
  • Section 7.3: Manage TuneBridge playlists (view, delete, export)
  • Section 7.4: Updated account deletion to include tokens and playlists

Data Storage & Retention Tables

  • Added connected music service tokens and TuneBridge playlists (logged-in: indefinite, anonymous: 2 weeks)
Original prompt

This section details on the original issue you should resolve

<issue_title>Update Privacy Policy for OAuth Music Service Integration and Playlist Information</issue_title>
<issue_description>### Summary
Update the privacy policy documentation to reflect the handling and storage of user information when connecting via OAuth to external music service providers, and clarify information stored or accessed related to user playlists.

Details

  • Explain what data is collected during OAuth authentication with music providers (e.g., Spotify, Apple Music)
  • Specify what information about playlists (e.g., names, content, access tokens) is accessed or stored by TuneBridge
  • Clarify user consent and data control options for linked music services
  • Ensure the revised policy is clear, accurate, and meets legal requirements for user privacy

Acceptance Criteria

  • Privacy policy is updated to include new OAuth data handling details
  • Playlist data usage is clearly described
    </issue_description>

<agent_instructions>Note, this is just preliminary updates and the document will be reviewed by a professional before publishing</agent_instructions>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Update privacy policy for OAuth music service integration Update Privacy Policy for OAuth Music Service Integration and Playlist Information Nov 26, 2025
Copilot AI requested a review from tsmarvin November 26, 2025 09:14
Copilot finished work on behalf of tsmarvin November 26, 2025 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tsmarvin tsmarvin Awaiting requested review from tsmarvin

Assignees

@tsmarvin tsmarvin

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tsmarvin