np
NOW PLAYING
Spotify → Slack, in real time
SIDE C · PRIVACY POLICY

What we see, why,
and what we don't.

Now Playing connects Spotify to your Slack custom status. To do that we need a couple of permissions, and nothing more. This page explains exactly what those are, in language a person can read.

LAST UPDATED May 7, 2026 EFFECTIVE May 6, 2026 JURISDICTION Independent operator
TRACK 01

The short version

  • We read your currently playing track from Spotify and write it to your Slack custom status.
  • We do not read your Slack messages, channels, DMs, or contacts.
  • We do not sell, rent, or share your data with advertisers or analytics brokers.
  • You can revoke access at any time from Spotify or Slack and your data is purged within 30 days.
TRACK 02

What we collect

From Spotify

We request the user-read-currently-playing scope. That's it. We poll the now-playing endpoint every few seconds while your account is active and read back the track name, artist, album, and play state.

From Slack

We request the scopes needed to set your users.profile custom status — specifically users.profile:write. We do not request access to messages, files, or channels.

Account metadata

When you authorize Now Playing we store your Spotify and Slack user IDs, workspace ID, and OAuth tokens. Tokens are encrypted at rest. We also keep timestamps for connection events for debugging and abuse prevention.

Usage analytics

We record product-usage events — such as connecting an account, starting or stopping sync, and setting a schedule — using PostHog. These events are tied to your Slack user ID so the operator can understand how the product is used in aggregate. No listening history, track data, or message content is included.

TRACK 03

What we do with it

Your Spotify data is used solely to keep your Slack status in sync with what's playing. The most recent track is held in memory long enough to update your status; we don't keep a listening history, and we don't use your activity to train models or build profiles.

Usage events (connect, sync start/stop, schedule changes) are recorded so the operator can understand how the product is being used. This data is never sold or shared with advertisers, data brokers, or any third party beyond the analytics processor described below.

PLAIN ENGLISH — track in, status out. Usage events go to the operator only — to understand if the product is working, not to profile you.
TRACK 04

Who else sees it

We use a small number of infrastructure providers bound by data-processing agreements: cloud hosting, error monitoring, transactional email, and PostHog for usage analytics. PostHog receives your Slack user ID and the usage events described above — nothing more. We never sell or rent your data. We will only disclose information to third parties when required by valid legal process and will notify you where legally permitted.

TRACK 05

How long we keep it

OAuth tokens and account metadata are kept for as long as your account is active. When you revoke access — from Spotify, from Slack, or by emailing us — your tokens are deleted immediately and any remaining records are purged within 30 days.

TRACK 06

Your choices

  • Revoke at the source: remove Now Playing from your Spotify or Slack account at any time.
  • Email us: write to support@nowplaying.dev for export or deletion of any data we hold about you.
  • Regional rights: if you're in a jurisdiction with data-protection law (GDPR, UK GDPR, CCPA, etc.), the rights it grants you apply here too.
TRACK 07

Children

Now Playing isn't directed at children under 13, and we don't knowingly collect data from them.

TRACK 08

Changes to this policy

If we make material changes we'll update the date at the top and, where reasonable, notify active users by email. Continued use after a change means you accept the updated policy.

TRACK 09

Contact

Questions, requests, or complaints: support@nowplaying.dev.