Privacy Policy
In one sentence: CoverDrift is a client-only app with no server of its own: it does not collect, transmit to us, sell, or share your personal data; there are no ads and no analytics/tracking. Your credentials and music stay on your device and with your own cloud provider.
1 · Who we are
This policy explains how the CoverDrift app for Android TV / Google TV (the “App”) handles data. The controller responsible under the Swiss Federal Act on Data Protection (FADP/revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR) is Markus Heiniger (aibrain71), Switzerland.
2 · What data the App handles, and where it goes
The App has no backend. Data is processed on your device or sent directly from your device to the third parties you connect to.
| Data | Purpose | Stored where | Sent to |
|---|---|---|---|
| OAuth access & refresh tokens for your cloud account | Keep you signed in; read your music | Encrypted on the device (Android Keystore / EncryptedSharedPreferences). Never sent to us. | Microsoft (to obtain/refresh the token) |
| Your display name | Show who is signed in | On device | Microsoft (source) |
| Your music files & cover images | Playback & display | Temporary cache only | Read from your OneDrive at your request |
| Album / artist name strings | Fetch missing cover art, year, genre | Cached on device | Public catalogs (Deezer, Apple/iTunes) — search terms only, no account data |
| App settings (language, theme, favourites, trial/purchase status) | App functionality | On device only | — |
The App requests read-only access to your files (Files.Read). It cannot modify or
delete your cloud content.
3 · What we do NOT do
- We do not operate a server that receives your data.
- We do not collect analytics or use tracking/advertising SDKs.
- We do not sell or share your personal data.
- We do not create an account with us — you sign in to your existing Microsoft account.
4 · Legal bases (GDPR, where applicable)
Processing is necessary to perform the contract with you and provide the App's core function (Art. 6(1)(b) GDPR). Under the Swiss FADP, processing is limited to what is necessary to provide the service you request.
5 · Third-party services
The App interacts directly with Microsoft (OneDrive / Microsoft Graph) for sign-in and your files, and with Deezer and Apple for cover/metadata lookup. These parties process data under their own privacy policies, which we do not control:
6 · Retention and deletion
Tokens and caches are stored only on your device. Remove them any time by signing out in the App (clears the tokens) or uninstalling the App (removes all App data). You can also revoke the App's access from your Microsoft account security settings. Because we hold no data on a server, there is nothing for us to delete on our side.
7 · Security
OAuth tokens are stored encrypted at rest using Android Keystore-backed EncryptedSharedPreferences. All network communication uses HTTPS/TLS. No system is perfectly secure, but the App minimizes risk by keeping data on the device and running no server.
8 · Children
The App is intended for a general audience and is not directed at children. We do not knowingly process children's data.
9 · International users
The App is offered internationally (including the USA, Europe, Asia, and Switzerland). Because processing happens on your device and directly with the services you choose, your data is handled by those services in the regions they operate. The controller is established in Switzerland.
10 · Your rights
Subject to applicable law (FADP / GDPR / your local law), you have rights to access, rectification, erasure, restriction, objection, and data portability. As we store no personal data on our own systems, these rights mainly concern data held by the third-party services above; for questions about the App, contact us at aibrain71@gmail.com. You may also lodge a complaint with your competent data-protection authority (in Switzerland: the FDPIC).
11 · Changes
We may update this policy. Material changes will be posted at this URL with a new effective date.
12 · Contact
Markus Heiniger (aibrain71) · Hauptstrasse 1, 5603 Staufen, Switzerland · aibrain71@gmail.com