I'm currently toying around with the Spotify api to create a mobile app that "matches" people based on their top artists, tracks, and genres.
For this, I need to save the user data (top 50 tracks and artists, from the Personalization API) and fetch them back as needed.
So basically if User A signed in the app with its Spotify account, its data is saved in my DB.
After that, if User B wants to see if he is a match with User A the server will provide information about both User A and User B, for instance, what artist they both like.
There is this point in the TOS about user data:
"Spotify user data can be cached only for operating your SDA. If a Spotify user logs out of your SDA or becomes inactive, you will delete any Spotify Content related to that user stored on your servers. To be clear, you are not permitted to store Spotify Content related to a Spotify user or otherwise request user data if a Spotify user is not using your SDA"
As far as I understand, it's ok to save the user data in an external server/DB as long as I delete that data as soon as the user logs out from my app, is that right?
I'm asking because at the same time there is this restriction stated in the TOS:
"Do not transfer Spotify Content to unauthorized third parties, including (i) directly or indirectly transferring any data (including aggregate, anonymous or derivative data) received from Spotify to, or use such data in connection with, any ad network, ad exchange, data broker, or other advertising or monetization-related toolset, even if a user consents to such transfer or use; or (ii) to another music service that competes with Spotify or the Spotify Service."