Privacy Policy.

1. Who we are
Needl is a multi-format music collection manager for vinyl records, CDs, and cassettes, designed for iPhone and iPad. The app and the needlvinyl.app website are operated by the developer of Needl. Contact information is at the end of this policy.
2. Information we collect
We collect only the information needed to provide and improve the app. We do not collect biometric data, financial account numbers, health data, location history, or contact lists at rest.
2.1 Information you provide directly
Account information.
When you sign in with Sign in with Apple, Apple sends us your name (if you choose to share it on first sign-in) and an email address (which may be a private relay address generated by Apple). Sign in with Apple is the only authentication method offered by Needl. We never see or store your Apple ID password.
Profile information.
Inside the app you may optionally add a username, a phone number, pronouns, a short bio, and a profile photo. All of these fields are optional. You can edit or clear any of them at any time in Settings.
Your collection and wishlist.
The records you add — vinyl, CDs, and cassettes — including any notes, custom album cover photos, vinyl-appearance customizations, ratings, favorites, and listening sessions you choose to log, are stored securely in our backend so they can sync between your devices.
Discogs imports.
If you choose to import your Discogs collection, Needl reads your collection from Discogs, lets you choose which items to add, and stores the resulting records in your Needl collection.
2.2 Permissions you may grant
Needl asks for these permissions only when a feature needs them and only with your consent:
Camera. Used solely to scan vinyl barcodes when you tap Scan Barcode. Camera frames are processed on your device and are not recorded, saved, or transmitted.
Microphone. Used only when you start a Listen session. Audio is processed on-device by Apple's ShazamKit framework. The audio itself never leaves your device and we do not store, transmit, or have access to it.
Apple Music. Used when you connect Apple Music. We use Apple's MusicKit framework to read album metadata and cover art for records you add to your collection. We do not modify your Apple Music library or store your Apple Music streaming history on our servers.
Photo library. Photos used as custom album covers or profile photos are picked through the system photo picker, which means Needl never receives access to your full photo library — only the specific photos you select.
Contacts. Used only when you tap Find Friends. The phone numbers and email addresses from your contacts are sent to our backend solely to look up which of your contacts already have a Needl account, so we can show you potential friends. We do not store the contacts themselves on our servers, and we do not use them to message anyone, build marketing lists, or sell to third parties. Contact data is used only for the lookup and discarded.
Location (When In Use). Used only when you open Find Record Stores Nearby. Your approximate location is used to query for nearby record stores and is not stored on our servers, used for advertising, or shared with third parties.
App Tracking Transparency. If we ever request tracking permission, we will ask through the standard system prompt and respect your choice. We do not currently track you across other companies' apps or websites.
You can revoke any of these permissions at any time in iOS Settings → Needl.
2.3 Information collected automatically
Subscription status. When you subscribe to Needl Pro, Apple processes the transaction through StoreKit. We receive only a confirmation that your subscription is active and which plan it is — we never see your payment card, bank, or Apple ID password.
Anonymous product analytics. Needl uses PostHog to understand which features are used so we can improve the app. Events include things like screen views, feature usage, and crash reports. Events are tied to your Needl user ID so we can debug issues per account, but we do not use this data for advertising, do not share it with advertising networks, and do not use it to track you across other apps. We do not log the contents of your notes, your AI questions, or any messages you write.
Crash and performance data. Diagnostic information about crashes and performance is collected to keep the app stable. This data is used only for app functionality and analytics.
3. How we use your information
We use your information to:
Sign you in and keep your account active.
Display, sync, and back up your collection, wishlist, and preferences across your iPhone and iPad.
Provide market value tracking for the records you own, using Discogs price data.
Power the Listen feature using on-device audio recognition.
Provide grounded, accurate AI answers when you use Ask AI (see Section 5).
Find your contacts who already use Needl, when you tap Find Friends.
Show nearby record stores when you open the record-store finder.
Confirm your Needl Pro subscription status.
Improve the app's stability, performance, and quality through anonymous analytics.
We do not use your information for:
Advertising of any kind.
Selling or sharing data with third-party advertisers or data brokers.
Marketing communications you have not asked for.
Cross-app or cross-site tracking.
Building a profile of you for resale or external use.
4. Where your data is stored
Account, collection, wishlist, and profile data.
Stored in Supabase, our backend infrastructure provider. Supabase hosts our PostgreSQL database, our file storage (for uploaded photos and album covers), and our authentication service. Data is encrypted in transit (HTTPS / TLS) and at rest. Access is restricted to the Needl team via authenticated, audited connections.
Authentication.
Handled by Apple's Sign in with Apple. We never see or store your Apple ID password.
Subscriptions.
Handled by Apple's StoreKit. We never see your payment information.
On your device.
Some data — including your AI questions, audio captured by Listen, and barcode scan camera frames — stays on your device and never reaches our servers.
5. Ask AI and on-device AI processing
Needl's Ask AI feature is designed for privacy:
Your question stays on your device. The text you type into Ask AI is not sent to our backend or to any third-party AI provider.
Editorial facts come from our backend. To ground its answers in accurate information, the app fetches a small bundle of editorial facts about the album you're asking about — things like release year, themes, credits, and summary text that we curate. This is content about the album, not content about you, and it is the same data any user looking at that album would receive.
The AI response is generated on your device. Needl uses Apple's on-device Foundation Models (Apple Intelligence) via the LanguageModelSession API. The model runs entirely on your device. The fact bundle and your question are combined locally to produce the answer.
We do not use OpenAI, Anthropic, Google, or any other third-party AI provider for Ask AI.
We do not store your Ask AI questions, the resulting answers, or any history of your AI usage on our servers. If you submit voluntary feedback on an answer (thumbs up / thumbs down), we record only that signal — not the underlying question.
6. Subscriptions and payments
Needl Pro is an auto-renewing subscription processed by Apple through the App Store. Apple handles all billing, receipts, taxes, refunds, and cancellations. You can manage or cancel your subscription anytime in Settings → Apple ID → Subscriptions on your device.
Needl receives only confirmation that you have an active Needl Pro entitlement. We do not see or store payment cards, bank accounts, billing addresses, or Apple ID credentials.
Needl Pro plans:
Weekly, Monthly, or Yearly (with a 7-day free trial on the Yearly plan).
All plans include Family Sharing — a single subscription can be shared with up to five family members.
7. Third-party services
Needl integrates with the following services. Each service has its own privacy policy that governs the data they receive directly from you.
Apple — Sign in with Apple, MusicKit, ShazamKit, StoreKit, Foundation Models / Apple Intelligence. Apple's privacy policy: apple.com/legal/privacy
Supabase — backend database, storage, and authentication infrastructure. Supabase's privacy policy: supabase.com/privacy
Discogs — used when you choose to import your collection or look up market value data. Discogs' privacy policy: discogs.com/privacy
Spotify (optional) — used only if you connect a Spotify account, to read recent listening history. Spotify's privacy policy: spotify.com/legal/privacy-policy
PostHog — anonymous product analytics for app improvement. PostHog's privacy policy: posthog.com/privacy
We do not share your name, email, phone number, profile, collection contents, notes, photos, or any other personal data with these third parties beyond what is strictly required to deliver the integration you have chosen to enable.
8. Data retention and deletion
Your data is retained for as long as your Needl account is active.
You can delete your account at any time from Settings → Account → Delete Account inside the app. When you delete your account:
Your account is permanently deleted from our authentication system.
Your collection, wishlist, profile, notes, uploaded photos, vinyl customizations, and listening history are permanently deleted from our database and storage.
Local data on your device is cleared.
This deletion is permanent and cannot be undone.
Anonymous, aggregated analytics events used for general app statistics may be retained in aggregate, but they are not linked to you after your account is deleted.
9. Your privacy rights
Regardless of where you live, you have the following rights:
Access. You can view all of your data inside the app at any time.
Correction. You can edit your profile, collection, and preferences inside the app at any time.
Deletion. You can delete your account and all associated data from Settings → Account → Delete Account.
Portability. You can request an export of your data by contacting us.
Withdraw consent. You can revoke any permission at any time in iOS Settings → Needl, or by signing out / deleting your account.
If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR and equivalent laws give you additional rights, including the right to lodge a complaint with your data protection authority. Our legal basis for processing your data is your consent and the performance of our agreement with you (your use of the app).
If you are a California resident, the CCPA / CPRA gives you the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of the sale or sharing of personal information. Needl does not sell or share personal information for cross-context behavioral advertising.
To exercise any of these rights, contact us at the email address in Section 12.
10. Children's privacy
Needl is not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Security
We take security seriously and use industry-standard practices:
Data is encrypted in transit using HTTPS / TLS.
Data is encrypted at rest in our database and storage.
Authentication is handled by Apple via Sign in with Apple.
Access to production systems is limited to authorized personnel and audited.
Sensitive on-device material (audio for Listen, camera frames for barcode scanning, your Ask AI questions) is processed locally and never transmitted.
No internet service is perfectly secure. If we ever experience a breach affecting your personal data, we will notify you and the relevant authorities as required by law.
12. Contact us
If you have questions about this Privacy Policy or about how Needl handles your data, please contact us:
Needl
Email: support@needlvinyl.app
Website: https://needlvinyl.app
We aim to respond to privacy inquiries within 30 days.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in the app, in our practices, or in applicable law. When we do, we will update the "Last updated" date at the top of this page. Material changes will be communicated through the app or by email when appropriate.