GROVV Privacy Policy

1. Information We Process

Information stored or created locally

GROVV helps you manage a vinyl record collection. To provide that functionality, the app may store information on your device, including:

• Collection and want list records, including Discogs IDs, record titles, artists, years, labels, genres, styles, countries, formats, catalog numbers, Discogs links, artwork URLs, tracklists, added dates, and collection or want-list status.
• Notes, if a notes feature is available and you choose to enter them.
• Share poster settings, such as display name, signature, and whether to show a catalog-number code.
• App preferences, including theme, music source, poster style, shuffle queue, widget display data, and backup settings.
• A Discogs Personal Access Token if you manually enter one for Discogs API access.

Connected account information

If you connect third-party services, GROVV may process:

• Discogs OAuth token, OAuth token secret, and Discogs username.
• Spotify access token, refresh token, token expiration time, display name or account ID, and product type such as Premium status.
• Apple Music authorization status used for MusicKit search and playback.

Search, scan, and photo information

• Search terms, record names, artist names, barcodes, catalog numbers, and Discogs IDs used to perform searches or fetch record details.
• Camera scan results from barcodes, QR codes, Aztec codes, and catalog-number text recognition. Camera frames are processed on device for recognition and are not intentionally uploaded by GROVV.
• Photos that you choose through the system photo picker for barcode or text recognition. The selected image is processed on device for recognition and is not intentionally uploaded by GROVV.
• Generated share posters when you choose to save them to your photo library.

Cache, backup, and widget data

• Artwork image cache stored in memory and on local disk to improve loading speed.
• Backup files such as grovver_backup.json, which may include backup version, export date, Discogs IDs, catalog numbers, and collection or want-list status.
• Widget data stored in the App Group container, including current record title, artist, genre, playback state, and artwork image.

2. Information We Do Not Currently Collect

Based on the current app implementation, GROVV does not include advertising SDKs, third-party analytics SDKs, third-party crash-reporting SDKs, in-app purchases, subscriptions, location tracking, contacts access, microphone access, or health data processing. We do not sell personal information and do not use your information for cross-app or cross-site advertising tracking.

3. How We Use Information

We use information only to provide and maintain app functionality, including to:

• Search for records, show record details, manage your collection and want list, filter records, and search locally.
• Fetch record data, artwork, tracklists, and release versions from Discogs.
• Search Spotify content, read basic account information, read playback state, find playback devices, and control playback when you connect Spotify.
• Search and play Apple Music content through MusicKit when authorized.
• Recognize barcodes, QR codes, Aztec codes, and catalog numbers using camera, photo, and system vision features.
• Cache artwork, sync widget display data, generate share posters, and save posters when you request it.
• Create, read, and import backup files.
• Maintain app preferences and basic app state.
• Respond to support, feedback, or rights requests if you contact us.

4. Storage and Retention

• Local data: collection data, preferences, OAuth tokens, image cache, widget data, and local backups are primarily stored on your device until you delete them, disconnect accounts, clear app data, disable backups, or uninstall the app.
• iCloud-related backups: when available, GROVV may store backup files in an iCloud ubiquity Documents location. That storage is provided by Apple and is subject to Apple's terms and privacy policies.
• Third-party service data: requests and responses involving Discogs, Spotify, Apple Music, or artwork hosts are processed by those providers under their own terms and privacy policies.
• Image cache: artwork may be cached locally. The current disk cache limit is approximately 150 MB, after which older cached files may be removed.

5. Third-Party Services

Discogs

When you search records, scan barcodes or catalog numbers, view record details, restore backups, or connect a Discogs account, GROVV may send necessary requests to Discogs. These requests may include search terms, barcodes, catalog numbers, Discogs IDs, OAuth credentials, or a Personal Access Token. Discogs may return record metadata, artwork links, tracklists, and account username information.

Spotify

When you connect Spotify and use Spotify features, GROVV may request account information, account product type, search results, album or track information, current playback state, available devices, and playback control actions. The Spotify scopes requested by GROVV include user-read-private, user-modify-playback-state, and user-read-playback-state.

Apple and system services

GROVV uses Apple-provided system capabilities including SwiftData, MusicKit, AVFoundation, Vision, Photos, WidgetKit, App Groups, and iCloud-related storage. These services are provided by Apple and are subject to Apple's terms and privacy policies.

Artwork hosts

When GROVV displays or caches artwork from a URL, the corresponding image server may receive network-level information such as IP address, request time, and device network information. Most artwork URLs are returned by Discogs.

6. Permissions

GROVV may request the following permissions:

• Camera access, used to scan record barcodes, QR codes, Aztec codes, and catalog numbers.
• Photo picker access, used to read only the image you select for local barcode or text recognition.
• Add-only photo library access, used to save generated share posters to your photo library.
• Apple Music access, used to search and play Apple Music content.
• Network access, used to reach Discogs, Spotify, Apple Music, and artwork resources.
• iCloud-related storage, used to save backup files when available.
• App Group storage, used to share current display data between the main app and widgets.

You can manage system permissions in iOS Settings. Disabling a permission may make the related feature unavailable.

7. Your Choices

• Delete records from your collection or want list inside the app.
• Log out of Discogs or remove a manually entered Discogs token by clearing app data or using any available token controls.
• Disconnect Spotify in app settings or revoke access from your Spotify account settings.
• Turn off automatic backup in Data Management.
• Delete backup files such as grovver_backup.json from local storage or iCloud Drive.
• Manage camera, photo, and media permissions in iOS Settings.
• Uninstall the app to remove app data stored on the device, subject to iOS and iCloud retention behavior.

8. Security

We use reasonable measures to protect information, such as relying on system network security, requesting only the authorization scopes needed for app features, and storing most collection data locally. No method of transmission or storage is completely secure.

Some credentials may currently be stored using local app storage. Sensitive credentials should be protected by your device passcode and system security features.

9. Children

GROVV is not directed to children. Users under 13 years old, or a higher minimum age required by local law, should not use the app without consent and supervision from a parent or legal guardian.

10. International Transfers

Discogs, Spotify, Apple, and artwork servers may process requests in countries or regions outside your place of residence. By using features that depend on those services, you understand that request information may be transferred to and processed by those providers according to their own policies.

11. Third-Party Links

GROVV may display Discogs links, Spotify content, artwork URLs, or other third-party resources. Third-party services are not governed by this Privacy Policy. Please review their own terms and privacy policies.

12. Changes to this Policy

We may update this Privacy Policy for product, legal, third-party service, or operational reasons. Material changes may be communicated through the app, release notes, a published page, or another reasonable method. The updated policy is effective from the stated effective date. Continued use of the app after an update means you accept the updated policy.

13. Contact