Otozakura uses Spotify's API to read: your top tracks and artists (by time range), your recently played tracks, and optionally your current playback state. We do not read your library, playlists, or profile data beyond what is needed to display your name and avatar when connected.

We use a temporary server-side cache (in memory) to reduce repeated API calls to Spotify. This is not permanent storage: cache entries expire after 24 hours and are lost on server restart. We do not store your listening history in a database.

Your session (Spotify access token) is stored in a secure, httpOnly cookie and is used only to call Spotify's API on your behalf. You can disconnect at any time by logging out.

Use "Log out" in the sidebar or on the Account Settings page. This clears your session cookie. To revoke Otozakura's access in Spotify, visit your Spotify account apps and remove Otozakura.