Skip to main content
Back to home

Privacy Policy

Last updated: February 2026

Our Approach

SoundTime is self-hosted software. When you run SoundTime on your own server, you control all the data. We (CICCADA) do not collect, store, or have access to any data on your instance. This privacy policy covers the soundtime.app website only.

What This Website Collects

This marketing website is a fully static site with no analytics, no cookies, no tracking scripts, and no server-side processing. We do not collect any personal information through this website.

Self-Hosted Instances

When you self-host SoundTime, all data (user accounts, music files, metadata, listening history) is stored on your own infrastructure. SoundTime includes:

  • Argon2id password hashing (OWASP recommended)
  • JWT authentication with short-lived tokens (15-minute access, 7-day refresh)
  • GDPR-compliant account deletion
  • Private mode option to require authentication for all access
  • End-to-end encrypted P2P connections via QUIC

P2P Network

Peer-to-peer sharing is opt-in and disabled by default. When enabled, your instance connects directly to other SoundTime instances. Only the metadata you choose to share (track titles, artists, albums) is visible to connected peers. Music files are transferred directly between instances with no intermediary.

Third-Party Services

This website loads fonts from Google Fonts. No other third-party services are used. Self-hosted SoundTime instances make no external requests unless you explicitly configure an AI provider for playlist generation.

Contact

For privacy questions, reach us on Discord or open an issue on GitHub.