You are also responsible for the security measures used by third parties providing services to you. Make sure your data practices protect users, including providing industry standard security protection for data. Don’t break the law or encourage or enable others to do so. Don’t build or distribute an SDA which violates the Spotify user guidelines. Further, when a user disconnects their Spotify account or otherwise expresses an intent to prevent your SDA from accessing their data, you agree to delete and no longer request or process any of that user’s personal data.
#Spotify how to#
However, you must provide all users with an easily accessible mechanism to disconnect their Spotify account from your SDA at any time and provide clear instructions on how to do so. As a general rule, you may store users’ personal data for as long as is necessary to provide your SDA. Only request and process the data that is needed to operate your SDA. Don’t email users unless they have provided you with their explicit consent, or you obtained their email and permission from somewhere other than the Spotify Platform. You must provide a privacy policy which clearly describes how you intend to access, use, process and disclose user data. Don’t mislead or confuse users about the ways you intend to use their data.