We are currently developing an app which uses Spotify API. What we are trying to achieve is a website/app which allows people to create an individual account and link it with their Spotify account. We use consents for currently playing tracks, recently played tracks, playlists, audio analysis and audio features.
Here is a list of data which we want to store in our database:
Tracks (optimalisation purposes)
Audio Features and Analysis for every track (optimalisation purposes)
Playlists for every user who linked his/her Spotify account
Listening history for every user who linked his/her Spotify account
Currently listening track for every user who linked his/her Spotify account
Access/Refresh tokens for every user who linked his/her Spotify account
User then can log in to our website, link the Spotify Account, agree to API consent and to GDPR for data gathering. User can see a history of what they listened to with analytical data about each track and track data, also see what is currently listening to. The most important bit of our application would be creating statistics and diagrams which are constructed using audio features and analysis.
Each user’s data is private, that means nobody else on the portal can view other’s people statistics. No Spotify data is manipulated, and we do not share the data with any other third parties. Users are not allowed to download any content like cover arts etc.
Before we go anywhere further, we wanted to ask if that is not already breaching anything major in terms of Spotify legal rights.