Baton

Privacy Policy

Last updated: December 13, 2025

1. Introduction

This Privacy Policy explains how Baton ("Baton," "we," "us," or "our"), operated by Kairat Sadyrbekov as an individual, collects, uses, and shares information about you when you use our websites, apps, and related services (collectively, the "Service" or "Services").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Policy, please do not use the Service.

2. Scope

This Privacy Policy applies to information we collect through:

  • The Baton web application and any related pages or interfaces;
  • Your interactions with Baton through connected third-party music services (such as Spotify, Apple Music, YouTube Music, or other platforms);
  • Any other online services that link to this Privacy Policy.

This Privacy Policy does not apply to third-party websites, apps, or services that you connect to Baton. Those services are governed by their own privacy policies and terms.

3. Information We Collect

The information we collect depends on how you use Baton. We may collect the following types of information:

3.1 Information You Provide

  • Account information. When you sign in or create an account, we may receive information such as your name, email address, and profile photo from your identity provider (for example, Google).
  • Connected music services. When you connect a third-party music service (for example, Spotify, Apple Music, YouTube Music), we may receive identifiers and profile information associated with that account, such as your display name or service-specific user ID.
  • Support and communications. If you contact us directly (for example, by email), we may receive your name, contact information, and the contents of your message.

3.2 Information from Connected Services

When you authorize Baton to access a third-party music account, we may access and process information such as:

  • Playlist names, descriptions, and cover images;
  • Playlist contents, including track titles, artists, albums, and other metadata allowed by the relevant API;
  • Information needed to create or update playlists on your behalf (such as track IDs or playlist IDs);
  • Access tokens or similar credentials provided by the third-party service so we can perform actions you request (for example, creating a playlist on another platform).

Baton does not control the data that third-party services choose to share with us; this is governed by your settings and their APIs and policies.

3.3 Automatically Collected Information

When you use the Service, we may automatically collect certain information, such as:

  • Usage data. Information about how you use the Service, including pages viewed, buttons clicked, and the time, date, and duration of your sessions.
  • Device and log information. IP address, browser type and version, operating system, referrer URL, and other standard technical data provided by your browser.
  • Cookies and similar technologies. Small data files stored on your device to maintain your session, remember preferences, and support basic analytics.

4. How We Use Your Information

We use the information we collect for purposes such as:

  • Providing and maintaining the Service. To operate Baton, connect to third-party music services, transfer playlists, maintain your account, and deliver core functionality.
  • Improving the Service. To understand how users interact with Baton, troubleshoot issues, and develop new features or enhancements.
  • Security and abuse prevention. To protect the Service and our users, including detecting, preventing, and responding to fraud, abuse, and security incidents.
  • Communication. To respond to your inquiries, send you important notices about changes to the Service or this Policy, and provide support.
  • Legal compliance. To comply with applicable laws, regulations, legal processes, and enforce our Terms of Service.

5. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data only when we have a valid legal basis. These bases may include:

  • Contract. Processing that is necessary to provide the Service you requested, such as transferring playlists between platforms at your direction.
  • Legitimate interests. Processing necessary for our legitimate interests, such as improving the Service, safeguarding security, or preventing misuse, provided these interests are not overridden by your rights and interests.
  • Legal obligations. Processing necessary to comply with laws and regulations.
  • Consent. In some situations, we may ask for your consent (for example, for certain optional cookies or future features). You can withdraw your consent at any time where applicable.

6. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

6.1 Service Providers

We may share information with third-party service providers that perform services on our behalf, such as hosting, storage, logging, analytics, or email delivery. These providers are authorized to use your information only as necessary to provide services to us and are typically bound by contractual confidentiality and data protection obligations.

6.2 Connected Third-Party Services

When you use Baton to transfer or manage playlists, we share information with the third-party music services you connect, as necessary to perform the actions you request (for example, creating a playlist on another platform or adding tracks to a playlist). These services use your data in accordance with their own privacy policies.

6.3 Legal and Safety

We may disclose information if we believe in good faith that such disclosure is reasonably necessary to:

  • Comply with any applicable law, regulation, or legal process;
  • Protect the rights, property, or safety of Baton, our users, or the public;
  • Detect, prevent, or address fraud, security, or technical issues.

6.4 Business Changes

If Baton (or substantially all of its assets) is acquired, merged, or reorganized in the future, your information may be transferred as part of that transaction, subject to the same or similar privacy commitments.

7. Cookies and Similar Technologies

We may use cookies and similar technologies to operate and improve the Service. These may include:

  • Strictly necessary cookies to keep you signed in and maintain session state.
  • Preference cookies to remember certain settings, such as your theme preferences (light/dark mode).
  • Basic analytics to understand aggregate usage of the Service (for example, which pages are visited most).

Depending on your location and applicable law, you may have the ability to control or opt out of certain cookies through your browser settings or in-app controls if provided.

8. Data Retention

We retain personal information for as long as reasonably necessary to:

  • Provide and maintain the Service;
  • Comply with our legal obligations;
  • Resolve disputes and enforce our agreements;
  • Protect our legitimate interests as described in this Policy.

If you request that we delete your account, we will take reasonable steps to delete or anonymize your personal information, subject to any legal obligations to retain certain data for a longer period (for example, for legal, accounting, or security purposes).

9. Data Security

We use reasonable technical and organizational measures designed to protect your information and secure the Service. These measures are intended to reduce the risk of loss, misuse, unauthorized access, disclosure, or alteration of your information.

However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot and do not guarantee absolute security of your data. You are responsible for maintaining the security of your login credentials and for all activity under your account.

If we become aware of a security incident that affects your personal data, we will investigate and, where required by applicable law, notify you and/or relevant authorities and take reasonable steps to mitigate the impact.

10. International Data Transfers

Baton is operated from the United States. If you access or use the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries, which may have data protection laws that are different from those in your country of residence.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy, subject to any rights you may have under applicable law.

11. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information, which can include:

  • Access. Request access to the personal information we hold about you.
  • Correction. Request that we correct inaccurate or incomplete personal information.
  • Deletion. Request that we delete your personal information, subject to legal or legitimate retention obligations.
  • Restriction. Request that we restrict certain processing of your data.
  • Portability. Request a copy of your personal information in a structured, commonly used, and machine-readable format where technically feasible.
  • Objection. Object to certain processing, including processing based on legitimate interests, in some circumstances.
  • Withdraw consent. Where processing is based on your consent, you may withdraw that consent at any time.

To exercise any of these rights (where available), please contact us at sadyrbekov.kairat@gmail.com. We may need to verify your identity before fulfilling your request. Your rights may be limited in some cases, for example where fulfilling your request would conflict with legal obligations or the rights of others.

12. Children's Privacy

The Service is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at sadyrbekov.kairat@gmail.com so we can take appropriate action. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We may also provide additional notice (for example, by email or in-app notification) if the changes are significant.

Your continued use of the Service after the updated Privacy Policy becomes effective means that you acknowledge the changes and agree to the updated Policy. If you do not agree with the updated Policy, you should stop using the Service.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or how we handle your information, you can contact us at:

  • Email: sadyrbekov.kairat@gmail.com
  • Name: Kairat Sadyrbekov