Last updated: July 4, 2026
Crowable is a music-sharing community built by people who think you shouldn't have to trade your privacy to share a song with a friend. This policy describes exactly what we collect, why, and the controls you have. It is written to match what the product actually does — nothing more, nothing less.
You sign in with Google, Spotify, or Apple — we never see or store a password. From your sign-in provider we receive your name, email address, and (for Google and Spotify) your profile picture. Apple lets you hide your real email behind a private relay address; that works fine with Crowable.
Posts, comments, reactions, tags, follows, and your profile (username, display name, bio, avatar) are the product — they're stored so they can be shown to the people you share with.
If you connect a music platform for playlist syncing, we store the authorization token that platform gives us. Tokens are encrypted at rest with keys held in a separate key-management service, and they're used only for the syncing you set up. Disconnecting a platform stops its use; deleting your account removes it.
We record events like "a post was viewed," "a feed was loaded," or "a search ran" so we can tell what's working. These analytics are deliberately built to minimize what they know about you:
Turning analytics off (the notice, the Settings toggle, or a GPC/DNT signal) stops this collection for you — enforced in our server code, not just in the browser. A small number of security events (like failed sign-in attempts) are kept regardless, because they protect every account including yours.
Like every website, our servers keep short-lived operational logs, and the app reports script errors back to us so we can fix bugs. These are used for keeping the site running, not for profiling.
The complete list:
| Name | What it does | Lifetime |
|---|---|---|
sessionid | Keeps you signed in | 2 weeks |
csrftoken | Protects forms against cross-site forgery | 1 year |
crowable_analytics_consent | Remembers whether you granted, declined, or just dismissed the analytics notice | 1 year |
apple_oauth_tx | Carries the in-flight transaction during Sign in with Apple | 10 minutes |
Your device also keeps some UI preferences and short-lived UI state in browser storage — your theme choice, dismissed banners, a notification-badge cache, and unsaved draft state for comments and profile edits. These are used locally by the app, aren't analytics identifiers, and never leave your browser.
There are no advertising or cross-site tracking cookies on Crowable.
We don't sell your data. We don't rent it, trade it, or share it with data brokers or ad networks. We don't profile you for anyone else. We don't track you across other websites. If that ever changed, this policy would change first and loudly — but the honest answer is that Crowable's design makes most of those things impossible anyway, because we collect so little.
Being honest about the edges:
Essential cookies and account data are processed because they're necessary to provide the service you signed up for. Usage analytics are processed on the basis of our legitimate interest in understanding and improving a small product — with the protections above (IP truncation, hashing, aging into anonymity), and with your opt-out honored regardless of legal basis. We apply one global policy: everyone gets the same protections and the same controls, wherever they live.
Crowable isn't directed at children under 13, and we don't knowingly collect personal information from them. If you believe a child has created an account, contact us and we'll remove it.
If we change what we collect or how we use it, we'll update this page and the date at the top, and call out material changes visibly. The current version always lives at crowable.com/privacy.
Questions, requests, or concerns: contact@crowable.com.
Choose the account you want to use with Crowable.