Privacy Policy
Last updated: April 18, 2026
Purrlist is built to respect your privacy. This policy explains what we collect, how we use it, and what we don't do with it.
What we do not collect
- We do not require accounts or registration.
- We do not collect your name, email address, phone number, or location.
- We do not use third-party analytics or advertising SDKs in the app.
- We do not sell, rent, or share user data with third parties.
What stays on your device
All saved cat profiles, cat photos, and generated playlists are stored locally on your device using the operating system's secure storage. We do not transmit or store these on our servers.
What is sent to third parties
When you generate a Purrlist, the cat photo you select is sent to Google's Gemini AI service for the purpose of generating a playlist description. Google processes the image and returns the result to our backend, which forwards it to your device. We do not retain the image on our servers. Google's handling of Gemini API input is governed by their terms (see https://ai.google.dev/terms).
Track metadata (artist, title, preview URL, artwork URL) is looked up via the Apple iTunes Search API, which is a public service that does not require any personal information.
YouTube Music integration
If you choose to create a playlist in YouTube Music, Purrlist uses YouTube Data API Services (operated by Google) to create the playlist in your YouTube account. Purrlist's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- What we request: The
https://www.googleapis.com/auth/youtubescope, which allows Purrlist to create a new playlist in your YouTube account and add the 20 generated tracks to it. - What we do with it: We create exactly one playlist per generation, add the 20 matched tracks, and stop. We do not read your existing playlists, library, subscriptions, watch history, or any other YouTube account data.
- Where tokens are stored: The access and refresh tokens Google issues are stored only on your device, in the operating system's secure storage (Keychain on iOS). Tokens are never transmitted to or stored on Purrlist's servers.
- What we do not do: We do not sell, transfer, use for advertising, or allow humans to read your YouTube data. We do not use this data to train AI or ML models.
- Revoking access: You can revoke Purrlist's access at any time at myaccount.google.com/permissions.
Push notifications
If you grant permission for push notifications, your device registers with Expo's push service, which returns a push token. That token is sent with each playlist-generation request so our backend can notify you when your playlist is ready. We store the token only as long as needed to deliver the notification.
Subscriptions and payments
Subscriptions are processed entirely by Apple's App Store. We never see or handle your payment information. Apple's privacy practices apply to your subscription data.
Rate limiting and abuse protection
To protect against abuse, our backend temporarily logs the IP address of each playlist generation request along with a timestamp. These logs are retained for a maximum of 24 hours and are used solely to enforce rate limits. They are not used for analytics, targeting, or any other purpose.
Children's privacy
Purrlist is not directed at children under 13 and does not knowingly collect information from them. If you believe a child has provided us information, please contact us and we will delete it.
Changes to this policy
If we update this policy, we will update the "Last updated" date above. Material changes will be communicated in-app.
Contact
Questions or concerns? Email us at support@purrlist.app.