Privacy Policy

This Privacy Policy explains how Tsuki Transfer Service ("we", "us") collects, uses, and protects your personal information while you move playlists between Spotify, Apple Music, and Picnic. We keep data handling lightweight, transparent, and focused on the features you choose.

The controller responsible for the processing of personal data on this website according to the GDPR is:

We only collect the information required to complete your playlist transfers and keep the service secure:

• Spotify account identifiers (only after your consent)
• Spotify playlist metadata (only after your consent)
• Apple Music authentication tokens (stored locally on your device)
• Picnic account identifiers (only when you enable Picnic features)
• Technical diagnostics such as IP address, browser details, and time zone
• Usage insights to improve stability and prevent abuse

We process your data under these grounds:

• Your consent (Art. 6(1)(a) GDPR) for Spotify, Apple Music, and Picnic access
• Performance of a contract (Art. 6(1)(b) GDPR) to deliver playlist transfers
• Our legitimate interests (Art. 6(1)(f) GDPR) to maintain and improve the service

Your data is used solely to:

• Connect to Spotify, Apple Music, and Picnic so you can move playlists
• Resolve sync issues and keep transfers reliable
• Improve Tsuki Transfer based on anonymized usage patterns
• Comply with applicable laws and platform requirements

Some infrastructure partners may operate outside the European Economic Area (EEA). When data leaves the EEA, we rely on Standard Contractual Clauses or equivalent safeguards to keep it protected.

Tsuki Transfer uses only essential cookies required to deliver the service. We do not run analytics, advertising, or tracking cookies without your explicit opt-in.

We keep data only as long as necessary. Authentication tokens stay on your device and never persist on our servers. Temporary technical logs rotate automatically within seven days.

Under the GDPR, you may exercise the following rights:

• Access the data we hold about you (Art. 15 GDPR)
• Rectify inaccurate or incomplete data (Art. 16 GDPR)
• Erase data when legally permissible (Art. 17 GDPR)
• Restrict how we process your data (Art. 18 GDPR)
• Receive a copy for portability (Art. 20 GDPR)
• Object to certain processing activities (Art. 21 GDPR)
• Withdraw consent at any time (Art. 7(3) GDPR)

To exercise any of these rights, contact us using the details listed above.

You may lodge a complaint with your local supervisory authority, the authority at your place of employment, or where a potential breach occurred if you believe your data protection rights have been violated.

We may update this policy as Tsuki Transfer evolves. When changes occur, we will post the revised policy here and update the "Updated" date shown at the top of the page.