Privacy Policy
Zumy is an iOS app for rating music and sharing those ratings with people you follow. It is built and operated by an independent developer based in France. This page describes what data Zumy collects, why it collects it, and how you can have it removed.
What we collect
When you sign in, Zumy stores your email address and an authentication identifier issued by Apple (Sign in with Apple), Google (Google Sign-In), or Firebase Authentication, whichever you used. These identifiers exist so the same account is recognised across sessions and devices.
Inside the app, you provide a profile name, a username, and optionally a profile picture. You also create reviews (free-text and a 0-to-10 rating), comments on other people’s reviews, and custom lists. All of this is user content that you choose to publish.
If you allow push notifications, Zumy stores the Apple Push Notification (APNs) / Firebase Cloud Messaging token for your device. The token is used solely to deliver notifications you have opted into.
Zumy also records anonymous product analytics via Firebase Analytics, with events such as “review submitted”, “user followed”, or “achievement unlocked”. These events do not include the content of your reviews or the names of artists; they include your Firebase user identifier so duplicates can be deduplicated, but nothing more identifying than that.
Your in-app search history is kept locally on your device (in iOS UserDefaults) and is not sent to our servers.
How we use it
We use the data above to (a) sign you in, (b) sync your reviews, lists, follows, and comments across devices, (c) deliver push notifications you opted into, and (d) measure broad product usage so we know which features are worth improving. We do not sell your data. We do not run advertising. We do not build profiles for marketing or for any third party.
Who we share it with
Zumy’s backend is Google Firebase: Firestore (database), Cloud Storage (your profile picture), Cloud Functions (server logic), Cloud Messaging (push delivery), and Firebase Analytics. Google acts as a subprocessor under our instructions. We do not share your data with any other third party.
Apple Music
Zumy displays album artwork and 30-second previews from Apple Music. We do this by calling the public Apple Music Catalog API server-side, using a developer token. Zumy does not request access to your Apple Music account, your library, your playlists, your listening history, or your subscription status. Nothing about what you actually listen to on Apple Music is visible to Zumy.
Account deletion
You can delete your Zumy account at any time, directly inside the iOS app: open Settings →
Account Info → Delete Account. This triggers a server-side function (deleteUserAccount)
that removes all of your data: your reviews, comments, lists, profile, profile picture, and
your Firebase Authentication record. There is no retention period. Deletion is immediate
and irreversible.
If you cannot reach the in-app flow for any reason, email tryzumy@gmail.com and we will delete your account on request.
Your rights (GDPR, CCPA, and similar laws)
If you live in the EU, the UK, California, or another jurisdiction that grants you formal rights over your personal data, you have the right to access, correct, delete, and port your data, and to object to or restrict certain kinds of processing. In practice, the simplest way to exercise any of these is the in-app deletion flow described above; for anything else, email tryzumy@gmail.com and we will respond within 30 days.
Children
Zumy is intended for people aged 13 or older. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has created a Zumy account, please email tryzumy@gmail.com and we will delete the account.
Changes to this policy
If we make material changes to this policy, we will update the Last updated date at the top of this page and, where appropriate, notify you inside the app.
Contact
For any question about this policy, including data access or deletion requests: tryzumy@gmail.com.