Privacy Policy
SoundStash is a self-hosted application. Your data stays on your own server and devices. We do not collect analytics, track usage, or store your data on any external servers.
1. About SoundStash
SoundStash is a self-hosted audio library manager that you run on your own server using Docker. It also has an iOS companion app that connects to your SoundStash server on your local network to provide offline listening. Because SoundStash runs entirely on hardware you own and control, your data never leaves your infrastructure unless you choose to make it accessible remotely.
2. Data We Do NOT Collect
SoundStash does not operate any central servers or cloud services. We want to be explicit about what we do not do:
- We do not collect analytics or usage data
- We do not track how you use the application
- We do not collect crash reports
- We do not log IP addresses
- We do not collect email addresses
- We do not have an account system or user registration
- We do not use advertising or advertising trackers
- We do not share data with third parties (except RevenueCat for purchase processing on iOS, described below)
3. Data Stored Locally
3.1 Web Application
When you use the SoundStash web application, the following data is stored on your own server:
- Audio files: Downloaded audio content stored in your configured library directory
- Metadata database: An SQLite database containing track titles, artists, albums, play counts, and other library metadata
- Settings: Your application preferences and configuration
- Thumbnails: Cover art and thumbnail images for your audio content
All of this data resides on your server and is fully under your control. You can access, modify, back up, or delete it at any time.
3.2 iOS App
When you use the SoundStash iOS companion app, the following data is stored locally on your device:
- Downloaded audio: Audio files you download for offline listening, stored in the app's private document directory
- Cover art: Album artwork downloaded alongside audio content
- Playback state: Your playback position, playback speed, and repeat mode preferences, stored locally using AsyncStorage
- Server connection: The address of your SoundStash server, stored locally on the device
This data is stored only on your device and is not accessible to other apps. It is removed when you uninstall SoundStash.
4. Third-Party Services
4.1 YouTube (via yt-dlp)
The web application uses yt-dlp to download audio from YouTube. URLs you provide are processed locally on your server by yt-dlp. No data is sent to SoundStash servers -- the download happens directly between your server and YouTube.
4.2 Plex
If you use Plex integration, your Plex OAuth token is stored locally on your server. The application communicates with plex.tv for authentication and with your own Plex Media Server for content access. No Plex data is sent to SoundStash servers.
4.3 RevenueCat (iOS Only)
The iOS app uses RevenueCat to process in-app purchases. When you make a purchase, RevenueCat receives your purchase history from Apple to validate the transaction and manage your entitlements. RevenueCat does not receive your name, email address, or payment details. For more information about how RevenueCat handles data, see RevenueCat's Privacy Policy.
4.4 Apple (iOS Only)
App Store purchases are processed by Apple according to Apple's standard terms. Payment is charged to your Apple ID account. SoundStash does not collect or store your payment information.
5. Network Access
The SoundStash web application is accessed via your local network or any remote access you configure on your own server. The iOS companion app communicates with your SoundStash server on your local network. No data is routed through external SoundStash servers -- all communication is between your devices and your own server.
6. Cookies
The SoundStash web application uses a single session cookie for Flask session management. This cookie is essential for the application to function and is not used for tracking or advertising purposes. No third-party cookies are used. The iOS app does not use cookies.
7. Children's Privacy
SoundStash is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from anyone, regardless of age, as the application does not have any data collection mechanisms.
8. UK Data Protection
SoundStash is designed to be compliant with the UK General Data Protection Regulation (UK GDPR) by design. Because SoundStash is self-hosted software that stores all data locally on your own server and devices, there is no data controller in the traditional sense -- you control all of your own data.
Your rights under UK GDPR -- including the right to access, rectify, erase, and port your data -- are inherently satisfied because you own and operate the server where your data resides. You can access, export, or delete your data at any time by managing the files and database on your server directly.
These terms are governed by the laws of England and Wales.
9. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in the application or legal requirements. The date at the top of this page indicates when the policy was last updated. We encourage you to review this policy periodically.
10. Contact
SoundStash is open-source software. For questions about this privacy policy or data handling, please open an issue on the project's GitHub repository or contact the developer.