Menu
Search

Privacy Policy

Last updated: April 24, 2026

This page explains what data is collected, stored, and shared when you read elezea.com, use one of the apps I build (currently Discrobble), or visit related side projects (Listen To More, Last.fm MCP Server, Discogs MCP Server).

The short version: I collect as little as possible, store nothing I don’t need, and never sell or share your data with advertisers.

If you’d like to delete your data or have any questions, get in touch via the contact form.

Discrobble (iOS app)

Discrobble scrobbles your physical-music plays (vinyl, CDs, cassettes, etc.) to Last.fm using metadata from Discogs. To do that it needs to talk to both services on your behalf.

What lives on your iPhone (never sent anywhere)

  • Your Discogs OAuth tokens, stored in the iOS Keychain. These let the app call Discogs to fetch your collection and release details. After version 1.0, these tokens never leave your device — every Discogs API call is made directly from your phone.
  • Your album collection (release ID, title, artist, year, cover image URLs, formats, date added) — fetched from Discogs and cached locally so the app works fast and offline.
  • Your recent scrobbles list — locally cached so you can see what you’ve played.
  • App preferences (sort order, settings).

What’s stored on the Discrobble server

The Discrobble backend runs on Cloudflare Workers and stores the minimum needed to deliver scrobbles to Last.fm:

  • A SHA-256 hash of your Last.fm session key (used as a lookup ID — the hash can’t be reversed).
  • Your Last.fm session key itself, encrypted at rest with AES-256-GCM. The server uses it only to submit scrobbles to Last.fm when you tap the scrobble button.
  • Your Last.fm username and Discogs username (so the app knows whose collection to sync).
  • Timestamps for when your account was created and last active.

That’s it. The server does not store your album collection, your listening history, your Discogs tokens, your real name, your email, your IP address (beyond what Cloudflare’s standard request logs retain for a short period), or any analytics events.

What’s shared with third parties

  • Last.fm receives your scrobbles, which is the entire point of the app. Their privacy policy is at last.fm/legal/privacy.
  • Discogs receives API requests from your phone for collection data and release details. Those requests originate from your device’s IP, not from Discrobble’s server. Their privacy policy is at discogs.com/privacy.

There is no analytics SDK, no advertising network, no third-party tracker, and no crash reporting service shipped in the app.

Account deletion

You can delete your Discrobble account and all associated server-side data at any time by reaching out via the contact form. Deletion removes your row from the database and is immediate and permanent.

You can also disconnect Last.fm or Discogs individually from the app’s Settings screen. Disconnecting removes the stored tokens but doesn’t automatically delete the server record — for that, use the contact form above.

elezea.com (this website)

This is a static blog hosted on Cloudflare Pages. It uses no cookies, no third-party analytics, and no advertising.

If you subscribe to the email newsletter, your email address is stored with the newsletter provider (Buttondown) only for the purpose of sending posts. You can unsubscribe at any time using the link in any email, which permanently removes your address.

Cloudflare retains standard request logs (IP, user agent, response time) for a short period for operational purposes — typical CDN behavior, the same as visiting any Cloudflare-fronted website.

Other side projects

The MCP server marketing pages and Listen To More are static informational sites. They don’t collect personal data, set cookies, or run analytics.

Listen To More allows you to connect a Last.fm account for music recommendations. If you do, your Last.fm session is handled identically to Discrobble (encrypted at rest, deletable on request).

Your rights

Wherever you live, you can:

  • Ask what data of yours I have on file.
  • Ask me to delete it.
  • Ask me to correct it.

There’s no formal request process — just send a note via the contact form and I’ll respond within a few days. As a solo developer in the United States, I’m subject to relevant laws including the GDPR (for visitors from the EU/EEA/UK) and CCPA (for California residents); the practical effect is the same — I’ll honor any reasonable request to access, correct, or delete your data.

Children

None of these apps or sites are designed for or directed at children under 13. If you believe a child has provided personal information, let me know via the contact form and I’ll delete it.

Changes to this policy

I’ll update this page when something material changes — for example, if I add a new app, integrate a new third-party service, or change how data is stored. The “Last updated” date at the top reflects the most recent change. Significant changes that affect existing users will also be announced in a blog post.

Contact

Questions, requests, or concerns: the contact form.