Spinbound helps you track the vinyl records you've pre-ordered — what's on order, where it is, and when it's coming. This policy explains what we collect, why, who processes it, and the choices you have. Spinbound is operated by Lane Becker.
What we collect and why
Account information. When you create an account with Sign in with Apple or an email and password, we store the email address associated with your account and a user identifier. If you use Sign in with Apple's "Hide My Email," we only ever see Apple's private relay address. This authenticates you and keeps your data yours.
Your records and order details. The artist, album, edition, shop, order number, tracking number, expected/ordered/arrived dates, and any notes you add for each record you're tracking.
Forwarded order emails (optional). If you set up email forwarding, order receipts you
forward to your personal Spinbound address (u_<id>@in.spinbound.app) are received and
processed to extract those order details. We may store a reference to the source message (for example a
link to the email in your own mailbox) and, in some cases, an image of the receipt, so you can confirm
what was added. We only process mail you send to that address; we do not read your inbox.
Push notification token. If you enable notifications, we store the Apple Push Notification (APNs) device token so we can tell you when a record ships, is out for delivery, arrives, or needs your attention.
Operational metadata. Minimal records needed to run the service reliably — a log of inbound email events, de-duplication keys, and internal usage counters that enforce cost limits.
We do not collect location, contacts, browsing or search history, advertising identifiers, or analytics about how you tap around the app.
Who processes your data
Spinbound relies on a few well-known services to operate. We share only what each needs to do its job:
- Supabase — our database, authentication, and file storage (hosted in the United States), protected by row-level security so each account only sees its own data.
- Apple — Sign in with Apple and the Apple Push Notification service.
- Cloudflare — receives the order emails you forward, and hosts our website.
- Anthropic — when an order email can't be read by our built-in parser, its contents are sent to Anthropic's Claude models to extract the order details. This content is processed to serve your request and is not used to train models.
- EasyPost — we send tracking numbers to look up live carrier status.
- Discogs, Apple iTunes, and Deezer — album-artwork lookups by artist and title; these use album metadata only and do not receive your account information.
We do not use advertising networks or third-party analytics SDKs, and we do not share your data with data brokers.
Data retention and deletion
We keep your records for as long as your account is active. Arrived records are archived (kept as history) rather than deleted, so you can look back at what you've collected.
You can delete your account and all associated data from within the app (Settings → Delete account). This permanently removes your account and the data linked to it — your records, forwarding address, device tokens, and event history. You can also contact us to request deletion.
Security
Data is transmitted over encrypted connections (HTTPS/TLS). Your login session is stored securely in the iOS Keychain. Access to your data is restricted by per-account row-level security, and server-side keys that can bypass those restrictions are never included in the app.
Children
Spinbound is not directed to children under 13 (or under 16 where applicable), and we do not knowingly collect data from them.
Changes to this policy
If we make material changes, we'll update the "Last updated" date above and, where appropriate, notify you in the app.
Contact
Questions or requests about your privacy: privacy@spinbound.app.