Spotify Account Permissions
Explanation of each Spotify OAuth scope requested by Harmony, and how your data is used.
Spotify Account Permissions
When you sign in with Spotify, Harmony requests a small set of OAuth scopes that allow us to read your listening activity. We request read-only access. Harmony never modifies your library or playback.
Harmony will never post, follow, or modify anything in your Spotify account. All permissions are strictly for reading data necessary for analytics.
Scope Breakdown
| Scope | Why Harmony Needs It | Data Collected | Storage Duration |
|---|---|---|---|
user-read-email | Verifies your Spotify account and links it to a local user record. | Email address | Until you delete your account |
user-top-read | Fetches your top artists and tracks for weekly “Top” charts. | Top 50 artists & tracks (short-, medium-, long-term) | 2 years rolling window |
user-read-recently-played | Populates the Recently Played section | Last 50 played tracks | Never |
How We Use Your Data
- Top-50 Rankings : We calculate weekly positions for your Top 50 artists and tracks to show how your favourites rise or fall over time.
- Recently Played Insights : We display your 50 most recent tracks to highlight what you’ve been listening to lately.
- Deletion on Request : Remove your account in Settings → Danger Zone to wipe all records within 24 hours.
Revoking Access
You may revoke Harmony’s access at any moment:
- Visit https://www.spotify.com/account/apps/
- Locate “Harmony” and click Remove Access
- Sign out of Harmony, the app will stop fetching new data.
Have questions about permissions? Open an issue and we’ll help!