Legal

Privacy Policy

Last updated: March 16, 2026

1. Overview

The Spotify MCP Server ("the Software") is a locally-installed developer tool. It operates entirely on your machine. No data is collected, transmitted to, or stored on any server operated by WisetechySolutions or any third party other than Spotify's official API endpoints.

2. No Cookies, No Tracking

This website and the Software use no cookies, no analytics trackers, no fingerprinting, and no third-party scripts that track user behavior. If Cloudflare Web Analytics is enabled in the future, it will operate in privacy-first mode (no cookies, no personal data collection, no cross-site tracking), in compliance with GDPR and CCPA without requiring consent banners.

3. Authentication & Token Storage

When you authenticate with Spotify through the Software, your OAuth tokens are:

The Software uses the PKCE (Proof Key for Code Exchange) OAuth 2.0 flow, which eliminates the need to store or transmit a client secret. Token exchange occurs directly between your machine and Spotify's authorization servers.

4. Spotify Data Handling

The Software interacts with the Spotify Web API to perform the following operations:

No Spotify data is cached, logged, persisted, or transmitted to any third party. API responses are held in process memory only for the duration of the request and then discarded. No listening history, user profile data, or track metadata is retained after each operation completes.

5. AI & Data Processing

Music recommendations generated by Claude come from Claude's own training data. The Software acts as a bridge: Claude instructs the Software to search for and organize tracks, and the Software executes those instructions against the Spotify API. No Spotify data is sent to Anthropic, used for model training, or incorporated into any machine learning pipeline.

6. Data Deletion

To completely remove all data associated with the Software:

  1. Run the disconnect_spotify tool within Claude to delete all locally encrypted tokens
  2. Delete the token storage file from your filesystem
  3. Revoke the application's access in your Spotify Account Settings

After these steps, no data related to your use of the Software will remain on your machine or in Spotify's third-party app authorizations.

7. Children's Privacy

The Software is a developer tool not directed at children under the age of 13. We do not knowingly collect or process data from children.

8. Third-Party Services

The Software interacts with the following third-party services, each governed by their own privacy policies:

9. Open Source Transparency

This project is fully open source under the MIT License. The complete source code is available for audit at github.com/WisetechySolutions/spotify-mcp-server. All privacy and security claims made in this policy can be independently verified by reviewing the codebase.

10. Limitation of Liability

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

WisetechySolutions is not responsible for any actions taken by Spotify or Anthropic with respect to data processed through their respective platforms. Users are encouraged to review the privacy policies of those services independently.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page and committing the updated policy to the project's public repository. Continued use of the Software after changes constitutes acceptance of the revised policy.

12. Contact

For privacy-related questions or concerns, please open an issue on GitHub.