Privacy Policy
Spotify Top Tracks — TRMNL Plugin
What we store
When you install this plugin, we store:
- Your TRMNL user ID, name, email, and timezone (provided by TRMNL during installation)
- Spotify OAuth tokens (access token and refresh token) to fetch your listening data
- A TRMNL access token that identifies your plugin installation
How we use it
Your Spotify tokens are used solely to fetch your top tracks from the Spotify API and render them for display on your TRMNL device. We request the narrowest possible scope (user-top-read) which only allows reading your listening history. We cannot play music, modify playlists, or access your Spotify account settings.
Where it lives
Your data is stored in a Turso database (US East region). Spotify tokens are encrypted at rest using AES-256-GCM. We do not share your data with any third parties beyond what is required for the plugin to function (TRMNL platform and Spotify API).
Your controls
- Disconnect Spotify — from the plugin management page, you can disconnect your Spotify account. This immediately deletes your Spotify tokens from our database.
- Delete all data — from the plugin management page, you can delete your entire installation record including all stored data.
- Revoke from Spotify — you can also revoke this plugin's access directly from your Spotify app permissions page.
- Uninstall from TRMNL — uninstalling the plugin from TRMNL triggers automatic deletion of your data from our server.
Data retention
Your data persists as long as the plugin is installed. When you uninstall (via TRMNL or the management page), all data is deleted immediately. We do not retain backups of deleted installation data.
Automatic cleanup
If your plugin installation has not been active for 90 days, we automatically clear your Spotify tokens as a safety measure. Your TRMNL installation remains intact — you can reconnect Spotify by reinstalling the plugin.
Contact
For questions or data deletion requests, contact the plugin developer.
Last updated: February 2026