Privacy Policy

Last updated: March 2026

SoundStash is a self-hosted application. Your data stays on your own server and devices. We do not collect analytics, track usage, or store your data on any external servers.

1. About SoundStash

SoundStash is a self-hosted web application for managing personal audio libraries. It runs entirely on your own hardware. An iOS companion app is also available on the App Store, which connects to your self-hosted SoundStash server to provide offline listening on your mobile device.

Because SoundStash is self-hosted, you are in full control of your data at all times. There are no SoundStash servers that receive, process, or store your information.

2. Data We Do NOT Collect

SoundStash does not collect, transmit, or store any of the following:

Analytics or usage data
Tracking information or behavioural data
Crash reports or performance metrics
IP addresses or device identifiers
Email addresses or personal contact information
Usernames, passwords, or account credentials (there is no account system)

3. Data Stored Locally

3.1 Web Application

All data created by the SoundStash web application is stored on your own server, in the storage location you configure. This includes:

Audio files you download or import
An SQLite database containing track metadata (titles, artists, albums, durations, play counts)
Application settings and preferences
Thumbnail images and cover art

3.2 iOS App

The iOS companion app stores data locally on your device:

Downloaded audio files in the app's document directory for offline listening
Cover art images for downloaded tracks
Playback position, playback speed, and repeat settings (stored in AsyncStorage)
Your SoundStash server connection details (address and optional credentials)

4. Third-Party Services

4.1 YouTube (via yt-dlp)

When you use SoundStash to download audio from YouTube, the open-source tool yt-dlp processes the URL locally on your server. No data is sent to any SoundStash server. Your server communicates directly with YouTube to retrieve the content you request.

4.2 Plex

If you use the Plex integration, your Plex OAuth token is stored locally on your server. SoundStash communicates with plex.tv for authentication and with your own Plex Media Server for content access. No Plex credentials or tokens are transmitted to any SoundStash server.

4.3 RevenueCat (iOS Only)

The iOS app uses RevenueCat to process in-app purchases. RevenueCat receives purchase transaction information from Apple (such as transaction IDs and product identifiers) to verify and manage your purchase status. RevenueCat does not receive your name, email address, or payment details.

For more information about how RevenueCat handles data, please see the RevenueCat Privacy Policy.

4.4 Apple (iOS Only)

App Store purchases are processed by Apple under Apple's standard terms and privacy practices. SoundStash does not receive or store your payment information.

5. Network Access

The SoundStash web application is accessed via your local network or any remote access you configure on your own server. The iOS app communicates with your SoundStash server over your local network. No data is routed through external SoundStash servers at any point.

6. Cookies

The SoundStash web application uses a single session cookie for Flask session management. This cookie is essential for the application to function and does not track you across websites. There are no tracking cookies and no third-party cookies.

The iOS app does not use cookies.

7. Children's Privacy

SoundStash is not intended for use by children under the age of 13. Since SoundStash does not collect personal data from anyone, no personal data is collected from children.

8. UK Data Protection

SoundStash is compliant with the UK General Data Protection Regulation (UK GDPR) by design. Because SoundStash is self-hosted software with no central data collection, there is no data controller in the traditional sense -- you control all of your own data on your own server and devices.

Your rights under UK GDPR -- including the rights of access, erasure, and data portability -- are inherently satisfied because you own and operate the server where your data is stored. You can access, export, or delete your data at any time by managing the files and database on your own server.

This policy is governed by the laws of England and Wales.

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in the application or legal requirements. The date at the top of this page reflects the most recent update. We encourage you to review this page periodically.

10. Contact

SoundStash is open-source software. For questions about this privacy policy or data handling, please open an issue on the project's GitHub repository or contact the developer.