🎵 ← Hummo

Privacy Policy

Effective date: 2026-06-18

Hummo (the "Service") is a Chrome browser extension for listening to YouTube Music in real-time sync with friends and teammates. This policy explains the personal data the Service collects, uses, and retains.

1. Personal data we collect

Item	Description
Account email	Login identifier.
Password hash	We never store your plaintext password — only a one-way hash.
Nickname	The name shown in rooms, chat, and friend lists.
Friend / follow relationships	Friend (nickname-based) and one-way follow connections, used to deliver icon badge alerts.
Room / chat messages	Room data, shared queue, and in-room chat used for real-time synced listening. Chat and room state are ephemeral and are deleted when the session or room ends (they are not retained permanently).
Playback state	Current track identifier, playback position, play/pause flag, and sync timestamp — used for drift correction. The audio itself is not included.
UI language setting	Your selection among en / ko / ja.
Room hearts (likes)	Used for sorting and browsing public rooms.
Billing identifiers	For Pro subscriptions, a Stripe Customer ID / Subscription ID. We never store full card numbers.

What we do not collect: audio / music data, browsing history, contacts, location data, or content from other sites.

2. How we use it

• Account authentication and keeping you signed in.
• Real-time synced listening (host control + drift correction), and providing rooms, the shared queue, and chat.
• Browsing public rooms (separated by language: only rooms from users with the same UI language are shown), with sorting by most-loved, most listeners, or newest.
• Showing friend / follow relationships and delivering icon badge alerts.
• Processing Pro subscription payments and granting unlimited-room access (4 or more people).
• Operating and securing the Service and preventing abuse or misuse.

3. Notice on YouTube Music playback and audio

Music playback happens entirely locally on the user's own device and through the user's own YouTube Music account. The Service does not stream or redistribute any audio; the server only exchanges the "playback state" metadata described in section 1 above. Therefore, audio content is never collected, stored, or transmitted in any form. This is a design principle intended to avoid copyright and bandwidth burdens.

4. Retention and deletion

• Account information (email, password hash, nickname, friend/follow relationships, language setting): retained for as long as the account exists.
• Rooms, chat messages, and playback state: ephemeral. Deleted when the room or session ends.
• On account deletion: the account information above, along with linked relationships and heart data, is fully erased. Account data is erased within 30 days of the request, including from backups. Billing-related identifiers may remain with Stripe to the extent of Stripe's statutory retention obligations.
• To delete your account or request access to or correction of your data, contact us at the address in section 9 and we will handle it.

5. Third-party processing and subprocessors

• Stripe — subscription payment processing. The PCI scope of card data is handled directly by Stripe, and the Service does not store full card numbers.
• lavela (lavela.dev) — hosting and deployment infrastructure, and the conduit for the payment integration.

Apart from the services above, we do not sell or share personal data for advertising purposes.

6. Your rights

You may request access to, correction of, deletion of, or suspension of processing of your personal data. Deleting your account is the fastest way to erase your data; for any other request, contact us at the address in section 9.

7. Security

We use HTTPS-only communication, one-way hashing of passwords, and session-token-based authentication. The security scope of payment card data is handled by Stripe.

8. Children

This Service is not directed to users under the age of 16.

9. Contact

For privacy inquiries and data access or deletion requests: hello@hummo.app