Legal

Privacy Policy

Last updated: June 12, 2026

Record Den, LLC (“Record Den,” “we,” “us,” or “our”) builds Record Den, a music community product that you mostly use by texting our agent, Stevie. This Privacy Policy explains what information we collect, how we use and share it, the choices you have, and the rights you can exercise. We have tried to write it in plain English.

1. Introduction and scope

This Policy applies to information we collect when you interact with the Record Den service, including our website at joinrecordden.com, our mobile-web experience and Progressive Web App, our messaging agent “Stevie,” and our APIs and supporting infrastructure (collectively, the “Service”).

Some defined terms used throughout this Policy:

• Stevie is the conversational agent you message over iMessage, RCS, or SMS to use Record Den.
• Denis a shared social surface where you and the friends you connect with see each other’s music, notes, and plans.
• Crate is your personal collection of saved songs, albums, and other music within Record Den.
• Content means anything you submit to the Service, including messages you send Stevie, voice memos, photos and screenshots, links to songs or shows, notes you leave on tracks, and your profile information.

This Policy does not cover the practices of companies that we do not own or control. In particular, it does not cover Apple, Google, your mobile carrier, Spotify, Apple Music, or any other third-party music service whose content you link to from Record Den. Their handling of your information is governed by their own privacy policies.

2. Information we collect

We collect information in three ways: information you give us, information we collect automatically when you use the Service, and information we receive from third parties.

2.1 Information you give us

• Phone number. Record Den uses your phone number as your account identifier. We store phone numbers in E.164 format (for example, +12025550123). When you text Stevie, we associate that number with your account.
• Profile information. First name, last name, and an avatar image you upload during profile setup. You may add additional profile details, music preferences, favorite artists, or location later.
• Message and voice content. The text, voice memos, images, screenshots, and links you send Stevie, and the messages and content you share inside your Dens.
• Friend and Den connections. The phone numbers or handles of friends you invite or whom you choose to add to a Den, and the shows or events you plan together.
• Reactions, notes, and saved music. The songs, albums, shows, and events you save to your Crate or otherwise interact with, and any notes, tapbacks, or annotations you attach to them.
• Support communications. Anything you send us by email, chat, or social media when you ask for help.
• Payment information (if and when applicable). Record Den is currently free during prelaunch beta. If we later introduce paid features, payments will be processed by a third-party payment processor. We will not store full card numbers ourselves.

2.2 Information we collect automatically

• Device and connection information. Device type, operating system, browser type and version, language, time zone, screen size, and IP address. We use this to render the site correctly, to debug, and to detect abuse.
• Message metadata. When you text Stevie, our carrier-routing partner Linq passes us routing data such as the protocol used (iMessage, RCS, or SMS), the time the message was received, delivery and read receipts (where available), the chat identifier, and the line in our pool that received your message.
• Cookies and similar technologies. See Section 7. We use strictly necessary cookies for session authentication and a small set of cookies or local-storage entries for product analytics.
• Usage information. The pages you visit within Record Den, the features you use, the links you tap, and approximate engagement metrics.
• Diagnostic and security logs. Server logs, error reports, webhook events, and security-relevant signals we use to keep the Service running and to investigate abuse.

2.3 Information we receive from third parties

• Messaging routing data from Linq. We use Linq Partner API V3 as our iMessage, RCS, and SMS messaging provider. Linq tells us which of our lines you texted, the chat identifier they assigned, the protocol your device used, and lifecycle events (sent, delivered, read, failed) for our outbound messages. Linq is a service provider acting on our behalf.
• Public music metadata.When you paste a Spotify, Apple Music, YouTube Music, or similar link, we may call a third-party resolver (for example, Odesli at song.link) to fetch publicly available metadata about the track or album — title, artist, album art, release year, and equivalent links on other platforms. We do not log into your accounts on those services and we do not receive any private information about your listening history from them.
• Information from friends who invite you. If a friend invites you to a Den, we receive your phone number from them, along with the context of the invitation. We use this only to send you the invitation and to connect you with that friend if you join.

3. How we use your information

We use the information we collect to:

• Operate Stevie and the rest of the Service, including receiving your messages, replying to them, and routing replies back to your phone over iMessage, RCS, or SMS.
• Build and maintain your Crate, your Den, and the social surfaces you share with your friends.
• Resolve the music links you share to display the right artist, title, and artwork, and to surface equivalent links on other music services.
• Authenticate you and keep your session secure, including issuing one-time links that you tap from iMessage to complete your profile.
• Detect, investigate, and prevent abuse, fraud, spam, harassment, and violations of our Terms.
• Measure how the Service is performing, debug issues, and improve features.
• Communicate with you about service updates, support requests, and material changes to our Terms or this Policy.
• Comply with legal obligations, respond to lawful requests from government authorities, and enforce our agreements.

4. Messaging disclosures (SMS, iMessage, RCS)

Record Den is messaging-first. You use the Service primarily by texting Stevie, which is why these disclosures matter.

• Consent. By texting Stevie or by entering your phone number on our website and asking us to text you, you consent to receive messages from Record Den at that number. We will only message you for purposes related to the Service.
• Message frequency. Message frequency varies based on how you use the Service. We try to mirror conversational pacing rather than send bursts.
• Rates. Message and data rates may apply, depending on your carrier and plan.
• Opt-out. You can opt out at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, or QUIT in any conversation with Stevie. We will mark your account as opted out and stop sending you messages, other than a single confirmation that we received your opt-out where required by law.
• Opt back in. If you change your mind, reply OPTIN at any time to resume messages from Stevie.
• Help. Reply HELP at any time to receive guidance and a link to our support resources, or email support@joinrecordden.com.
• Carrier and routing. Our messaging is routed through Linq, our carrier-platform partner. Carriers and Apple may receive standard routing information about messages exchanged with Record Den. Neither Record Den nor our carriers are liable for delayed or undelivered messages.

Our messaging program is subject to applicable U.S. messaging regulations, including the Telephone Consumer Protection Act (TCPA), CTIA Messaging Principles and Best Practices, and the A2P 10DLC framework. See our Terms of Service for additional terms governing your use of the messaging features.

5. How we share your information

We share information about you in the following limited circumstances:

• With your friends, at your direction. When you add someone to a Den, share a song to your Den, or invite a friend to plan a show together, the information you choose to share is visible to those people. That is the entire point of a Den.
• With service providers.We share information with vendors who process data on our behalf under contracts that require them to protect it and use it only for the purposes we specify — including our messaging carrier (Linq), our hosting and storage providers, our managed database, our background-job queue, and the music-link resolver Odesli (song.link). For a current list of subprocessors, email legal@joinrecordden.com.
• In a business transfer. If we are acquired, merge, sell substantially all of our assets, or go through bankruptcy or a similar proceeding, your information may be transferred to the acquirer or successor as part of that transaction. We will require the acquirer to honor the commitments in this Policy or notify you of any material changes.
• For legal and safety reasons. We may disclose information when we believe in good faith that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms; to detect or prevent fraud, security, or technical issues; or to protect the rights, property, or safety of Record Den, our users, or the public.
• Aggregated or de-identified information. We may share information that has been aggregated or de-identified so that it cannot reasonably be used to identify you. We will not attempt to re-identify such information, and we will contractually require recipients not to do so.

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not run third-party advertising on the Service, and we do not use third-party advertising trackers.

6. Music and content from third-party services

When you paste a Spotify, Apple Music, YouTube Music, Tidal, Bandcamp, SoundCloud, or similar URL into a message to Stevie, we send that URL to a third-party music-resolution service (currently Odesli, operating at song.link) to retrieve public metadata about the song or album. This includes the title, artist, album, album art, release year, and equivalent links on other platforms.

• We do not connect to your account on any of these services, and we do not request or receive your listening history, playlists, library, or any other private data from them.
• We do not pass your phone number or other identifiers to the resolver.
• Album art and other artwork shown in your Crate or Den may be served from third-party content delivery networks operated by those music services.

7. Cookies, local storage, and tracking

We use a small number of cookies and similar browser-storage technologies, broken into two categories:

• Strictly necessary. A signed, HttpOnly session cookie that authenticates you to the Service after you tap a link from your iMessage thread, plus short-lived cookies used for security (for example, CSRF protection). The Service cannot function without these.
• Functional and analytics. First-party storage we use to remember your preferences and to measure aggregate product usage so we can improve features. We do not currently use third-party advertising cookies and we do not load third-party ad pixels.

You can control cookies through your browser settings. Blocking strictly necessary cookies will prevent you from staying signed in. Many browsers also support a Global Privacy Control (GPC) signal; where required by law, we treat a GPC signal from your browser as an opt-out of any future “sale” or “sharing” of personal information.

8. Data retention

We keep your information for as long as we need it for the purposes described in this Policy. Active accounts are retained while in use. When you delete your account, we delete or de-identify your personal information on a commercially reasonable schedule, and information may remain in encrypted backups for a short additional period until those backups are rotated out. We may keep records longer where law requires it (for example, for tax, accounting, or dispute-resolution purposes).

For our current retention windows or to request deletion, email legal@joinrecordden.com.

9. Your rights and choices

9.1 Everyone

• Access and correction. You can ask us what information we hold about you and ask us to correct anything that is wrong.
• Deletion. You can ask us to delete your account and the information associated with it.
• Opt out of messaging. Reply STOP to any message from Stevie, or email support@joinrecordden.com.
• Profile controls. You can edit or remove your avatar and profile details from your account page once you complete onboarding.

To exercise these choices, email legal@joinrecordden.com from an address you control or text Stevie from your registered phone number. We may need to verify your identity by sending a one-time code to your phone number on file before acting on a request.

9.2 California residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the CCPA, as amended by the CPRA, including:

• The right to know what categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
• The right to correct inaccurate personal information.
• The right to delete personal information we have collected about you, subject to certain exceptions.
• The right to limit the use and disclosure of any sensitive personal information we collect.
• The right to opt out of the sale of personal information and the sharing of personal information for cross-context behavioral advertising. As described in Section 5, we do not sell or share personal information for those purposes.
• The right to non-discrimination for exercising these rights.
• The right to designate an authorized agent to make a request on your behalf.

The categories of personal information we collect map to the following categories under California Civil Code § 1798.140: identifiers (phone number, IP address, account identifiers); customer records information; commercial information (records of features used and music saved); internet or other electronic network activity information; coarse geolocation inferred from IP; audio, electronic, or visual information (voice memos and images you send Stevie); and inferences drawn from the above. To exercise your California rights, email legal@joinrecordden.com. We will verify your request, generally by sending a one-time code to your phone number on file. You may appeal a denial of a request by replying to our response.

9.3 Other U.S. state rights

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana) have rights similar to those described above, including the right to access, correct, delete, and obtain a portable copy of personal information, and the right to opt out of targeted advertising and the sale of personal information. As described in Section 5, we do not engage in either practice. To exercise any of these rights, email legal@joinrecordden.com.

9.4 Outside the United States

The Service is offered to users in the United States. If you are in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with its own comprehensive data-protection regime, email legal@joinrecordden.com before using the Service so we can discuss whether and how we can make it available to you.

10. Security

We take reasonable and appropriate measures to protect the information we hold, including:

• Encryption in transit using TLS for connections to our servers and APIs, and to our messaging provider.
• Encryption at rest for our managed database and object storage, as provided by our cloud vendors.
• iMessage messages between your device and our line are end-to-end encrypted by Apple. RCS and SMS encryption depends on your carrier and the protocol negotiated by your device.
• Server-side handling of all secrets. Secrets are never exposed in client-side code.
• HMAC-SHA256 signature verification on every webhook we receive from Linq, to make sure the request actually came from Linq and has not been tampered with.
• Least-privilege access controls on our infrastructure and a small, vetted set of personnel with production access.

No method of transmission or storage is completely secure. We cannot guarantee the absolute security of your information, and we encourage you to use a strong device passcode and to keep your phone’s operating system up to date.

11. Children’s privacy

Record Den is not directed to children. You must be at least 18 years old to use the Service. We do not knowingly collect personal information from children under 13, which would require verifiable parental consent under the U.S. Children’s Online Privacy Protection Act (COPPA). If we learn that we have collected personal information from a child in violation of this Policy, we will delete that information as quickly as reasonably possible. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at legal@joinrecordden.com.

12. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the “Last updated” date at the top of the page and, if the changes are material, we will give you notice through the Service, by text from Stevie, or by email. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy, subject to any consent we are required to obtain.

13. Contact us

Record Den, LLC is a Californialimited liability company. For privacy questions, requests, or complaints — or to request our mailing address for formal legal notices — email legal@joinrecordden.com. For general support, email support@joinrecordden.com.

Policy version 1.0 · Last updated June 12, 2026