Nostaliga

Privacy Policy

Last updated April 24, 2026

Nostaliga is built by Dinakar Tumu (contact: dinakar@pageloop.ai). This policy describes what Nostaliga does and does not do with your data. It applies to the Nostaliga iOS, iPadOS, macOS, and visionOS apps and to this website.

The short version

Token-swap endpoint

Spotify and Strava require apps to hold a client secret to exchange OAuth codes for access tokens. Shipping that secret inside the iOS binary would expose it to anyone. Instead, Nostaliga runs a thin, stateless HTTPS endpoint at nostaliga.app/api/spotify/* and nostaliga.app/api/strava/* that does exactly one thing: it takes a one-time code (or a refresh_token) from your device, attaches the client secret server-side, forwards the request to Spotify or Strava, and returns the response to your device.

What that endpoint does not do:

The endpoint runs on Vercel. Vercel keeps request logs (IP address, request path, status code) as part of standard infrastructure operation; those logs are governed by Vercel's privacy policy. The full source of the endpoint is public at github.com/dinakartumu/nostaliga-web.

What Nostaliga accesses on your device

Third-party services you can connect

Nostaliga can read history from the following services if you choose to connect them. Each connection uses that service's official OAuth flow. The token is stored only on your device. Requests are made directly from your device to that service; Nostaliga has no intermediary server.

Service What we read Their privacy policy
Spotify Playback history, saved tracks spotify.com
Last.fm Scrobbles last.fm
Trakt Watch history trakt.tv
Swarm / Foursquare Check-ins, venue metadata foursquare.com
Strava Activities, routes strava.com
Adobe Lightroom Catalog, asset metadata adobe.com

Nostaliga never shares data it has read from one service with any other service. Data from each integration is used only to build your personal timeline inside the app.

What we do not do

Your control

Children

Nostaliga is not directed to children under 13 and does not knowingly collect any information from children.

Changes to this policy

We will post the updated policy on this page and revise the "Last updated" date above. Material changes will be surfaced inside the app on your next launch.

Contact

Questions about this policy or about your data: dinakar@pageloop.ai.