Hello,

I'm reaching out regarding an issue with my app, which recently received a Spotify quota extension. The app involves a computationally expensive API task that users need to perform when they access the app or website for the first time.

To prevent abuse, I'm considering a solution involving the storage of user names and timestamps. The idea is to limit the processing of this task within a one week timeframe. However, I've encountered a challenge due to Spotify's developer terms, which state that no information should be stored once users log out of the app.

("you agree to delete and no longer request or process any of that user’s Spotify Personal Data.")

This poses a problem as, upon logging in again, I have no information about whether a user processed the task two minutes ago or is currently processing it in another instance.
I also thought about saving the timestamp in local browser storage, but the user can just clear that.

I'm seeking recommendations or best practices from the community on how to address this issue within the constraints of the Spotify developer terms and policy.

Thanks in advance!