Privacy Policy

Last updated: June 7, 2026

The short version: RiffHunter is a thin client to Spotify, served as static files from a CDN. It has no server of its own, no database, and no analytics. All of your in-app data stays on your device. We do not track, log, or share anything.

1. Information stored in your browser

When you use RiffHunter, the following information is generated and stored in your own browser's localStorage, on your device:

Spotify OAuth tokens issued by Spotify, which allow RiffHunter to call Spotify's API on your behalf while you are using the app.
In-app activity: your votes (thumbs up / thumbs down), liked songs, session filters, saved presets, and the artist / subgenre weight model that drives the feed.
A cache of Spotify track metadata we've fetched for artists you've encountered (purely to reduce redundant API calls).

None of this leaves your device. RiffHunter has no backend service to receive it. You can clear it at any time using your browser's developer tools (Application → Local Storage → riffhunter.com → Clear) or by using the in-app "Reset preferences" button.

2. Spotify

When you click "Log in with Spotify," your browser communicates directly with Spotify's servers via their official OAuth flow. RiffHunter never sees your Spotify password. The information Spotify receives during this flow and during normal app usage is governed by Spotify's Privacy Policy. Spotify can see which tracks you play and search for — just as if you were using their normal app.

RiffHunter requests the following Spotify scopes, and only these:

streaming — required to play full songs via the Web Playback SDK.
user-read-email, user-read-private — to identify which user is logged in and which Spotify market is theirs (for region-correct track results).
user-modify-playback-state, user-read-playback-state — to start tracks at a chosen offset and pause when you scroll.

You can revoke RiffHunter's access to your Spotify account at any time at spotify.com/account/apps.

3. What we don't do

No cookies set by RiffHunter.
No analytics, telemetry, or tracking pixels.
No advertising.
No third-party SDKs other than Spotify's official Web Playback SDK.
No server logs (we have no application servers).
No sale or sharing of personal information to third parties.

4. Hosting

RiffHunter is served as static files from Cloudflare Pages. Cloudflare's edge servers see standard HTTP request metadata (your IP address, browser user agent, request path) when you load the page, the same as for any website. Cloudflare's handling of that metadata is described in their Privacy Policy.

5. Children

RiffHunter is not directed at children under 13, and we do not knowingly allow children under 13 to use the service. If you are under 13, please do not use RiffHunter.

6. Changes

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision.

7. Contact

For any questions about this policy, email support@riffhunter.com.