Privacy Policy

Last updated: April 13, 2026

New Music Tracker is a music discovery platform. This policy explains what personal data we collect, why, and your rights regarding that data.

What we collect

When you sign in with MusicBrainz, we receive and store:

• Username — your MusicBrainz username, used as your display name.
• Email address — from your MusicBrainz account. We may occasionally email you about your account or to request feedback on the service. We will never send marketing emails or share your email with third parties.
• MusicBrainz user ID — a stable identifier used to link your account.
• OAuth tokens — access and refresh tokens for authenticating with MusicBrainz on your behalf.

When you use the platform, we also store:

• Your actions and preferences — such as artists you follow, albums you add to your wishlist, and other choices you make while using the site. These are used to personalize your experience.
• Session data — a random session token stored in a cookie to keep you signed in.

What we don't collect

• We do not track your browsing activity, search queries, or listening history.
• We do not use analytics services, advertising trackers, or third-party cookies.
• We do not sell or share your personal data with third parties.

How we use your data

• Authentication — your username and email identify your account. OAuth tokens are used to verify your identity with MusicBrainz.
• Personalization — your preferences inform features like your new-release feed and recommendations.
• ListenBrainz import — if you choose to import, we use your MusicBrainz username to fetch your top artists from the public ListenBrainz API. This is a one-time action you initiate.

Cookies

We use two cookies, both strictly necessary for the site to function:

• nmt_session — keeps you signed in. Expires after 90 days of inactivity. HttpOnly, not accessible to JavaScript.
• nmt_oauth_state — temporary CSRF protection during sign-in. Expires after 10 minutes.

We do not use any analytics, advertising, or third-party cookies. No cookie consent banner is needed because these cookies are exempt under the ePrivacy Directive (strictly necessary for the service).

Third-party services

We interact with these external services:

• MusicBrainz — for authentication and music metadata. Subject to the MetaBrainz Privacy Policy.
• ListenBrainz — for optional artist import, using the public API.

Data retention

• Sessions — automatically deleted after 90 days.
• Account data — retained until you delete your account.

Your rights

You have the right to:

• Delete your account — available in your account settings. This permanently removes your account, OAuth tokens, sessions, and all associated preferences and data.
• Access your data — contact us to request a copy of your stored data.

Data security

All connections are encrypted via HTTPS. Session tokens are cryptographically random and stored as HttpOnly cookies. We follow security best practices including rate limiting, Content Security Policy headers, and CSRF protection.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top will reflect any changes. Continued use of the site after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions, contact us at privacy@newmusictracker.com.