You choose sign-in
The app opens Discord OAuth with openid, identify, and sdk.social_layer_presence scopes.
Privacy mirror for ArchiveTune
ArchiveTune Privacy Notice
This page mirrors the project privacy notice for the Android ArchiveTune app and adds a focused Discord Privacy section based on the current source code. It explains what stays on your device, what can leave your device when you choose optional integrations, and what controls are available.
Scope
This notice covers the Android ArchiveTune app. It explains what the app stores on your device, what it can send to external services when you use specific features, and what Android permissions it requests.
This notice is based on the current source code and build configuration. It does not replace the privacy terms of YouTube or YouTube Music, Last.fm, ListenBrainz, Discord, GitHub, lyrics providers, the ArchiveTune canvas service, or any Together server you choose to use.
Privacy Summary
- Most core app data is stored locally on your device.
- ArchiveTune does not secretly harvest, sell, or broker your personal data.
- ArchiveTune does not silently send your data to unrelated third-party services.
- Optional network features send only the data needed to provide those features.
- If data leaves your device, it is because you used a specific online feature or integration that requires that transfer.
- Android backup and device-transfer features may copy part of the app's local data unless excluded by backup rules.
- The app includes a user-triggered backup export feature.
- The current Android build configuration does not show mobile advertising SDKs, third-party analytics SDKs, or automatic crash-reporting SDKs.
- The current Android manifest does not request location, contacts, camera, calendar, SMS, or call log permissions.
Data the App May Store on Your Device
ArchiveTune stores data locally to provide playback, library, search, lyrics, sync, and customization features.
| Category | Examples visible in the codebase | Why it is stored |
|---|---|---|
| Library and playback data | Song, artist, album, playlist, like state, download state, total play time, audio format metadata | Library management, playback, downloads, and statistics |
| Search and lyrics data | Search queries and cached lyrics | Search history and lyrics features |
| Listening history data | Playback event records with song ID, timestamp, and play time | Listening stats and history-related features |
| App settings | Language, country, UI settings, audio settings, proxy settings, cache settings, history pause toggles, Together settings | Personalization and feature configuration |
| Optional account and session data | YouTube account name, email, channel handle, visitor data, data sync ID, cookie, PO token values | Signed-in YouTube and YouTube Music functionality |
| Optional third-party integration data | Last.fm session and username, ListenBrainz token, Discord OAuth access and refresh tokens plus related profile fields, Together display name, Together client ID, last join link | External integrations you choose to enable |
| Cached files | Streaming cache, download cache, and other app-managed files | Faster playback, offline use, and feature performance |
Data the App May Send Off Your Device
ArchiveTune does not silently forward your data to unrelated services. It contacts external services when you use online features, and the exact payload depends on the feature you use and how you configure it.
| Service or feature | Data that may be sent | When it happens |
|---|---|---|
| YouTube or YouTube Music | Search terms, media playback requests, library or playlist requests, and signed-in session values such as visitor data, sync identifiers, cookies, or token values | When you browse, stream, sync, or sign in |
| Lyrics providers | Song title, artist name, album identifiers, or similar lookup data needed to fetch lyrics | When lyrics features are enabled or lyrics are requested |
| ArchiveTune canvas service | Song and artist names, album ID, or album URL, plus a bearer token if configured in the app build | When canvas or artwork lookup features are used |
| Last.fm | Now playing and scrobble metadata, plus your Last.fm session information | When Last.fm scrobbling is enabled |
| ListenBrainz | Playback history or scrobble metadata and your ListenBrainz token | When ListenBrainz sync is enabled |
| Discord Rich Presence | Current track, artist, album, images, configured URLs or labels for presence cards, and Discord OAuth tokens required by the official Social SDK | When Discord Rich Presence is enabled |
| GitHub releases | Update-check requests and cached release metadata used to show new versions | When the app checks for updates |
| Together | Display name, client ID, session code or keys, playback state, queue metadata, and room actions | When you host or join a Together session |
Discord Privacy
Discord integration is optional. The current codebase uses Discord OAuth and the Discord Social SDK to show Rich Presence when you sign in and enable the feature. The app does not need Discord for core music playback.
Plain-language behavior: ArchiveTune stores Discord login tokens locally so it can refresh your session, stores basic account display fields so the settings screen can show the connected account, and sends the selected Rich Presence activity details to Discord while the integration is active.
Discord returns tokens
The authorization code is exchanged for access and refresh tokens, then stored in app preferences.
Account info is fetched
The app requests Discord's current-user endpoint to show username, display name, and avatar in settings.
Presence is updated
When enabled, current playback metadata and selected card options are sent through the Discord Social SDK.
What ArchiveTune stores locally for Discord
| Data | Where it appears in the codebase | Purpose |
|---|---|---|
| Discord access token | DiscordTokenKey |
Authenticate Discord Social SDK requests and fetch account details. |
| Discord refresh token | DiscordRefreshTokenKey |
Refresh the access token when it is near expiry. |
| Token expiry timestamp | DiscordTokenExpiresAtKey |
Decide whether the app should reuse or refresh the current access token. |
| Username, display name, and avatar URL | DiscordUsernameKey, DiscordNameKey, DiscordAvatarUrlKey |
Show the connected Discord account in the ArchiveTune settings UI. |
| Rich Presence settings | Activity name, details, state, image, button, status, platform, interval, and paused-state preference keys | Remember how you want Discord Rich Presence to look and when it should update. |
| Artwork URLs resolved for a song | DiscordImageResolver and artwork storage helpers |
Reuse thumbnail or artist artwork URLs for Discord presence images without resolving them repeatedly. |
What may be sent to Discord
Authentication
OAuth state, authorization code, code verifier, access token, refresh token, client ID, redirect URI, and requested OAuth scopes are used for Discord sign-in and token refresh.
Account lookup
The access token is sent to Discord's current-user endpoint. The response can include user ID, username, global name or display name, avatar hash, picture URL, and discriminator values.
Activity text
Presence name, details, and state may include the app name, song title, artist name, album name, or translated versions of those fields, depending on your settings.
Images and links
Large and small image URLs, image hover text, YouTube Music song or artist or album URLs, and custom URLs may be attached to the presence card.
Playback status
Activity type, online status, supported platform, pause state, start timestamp, and end timestamp may be sent so Discord can render progress and status.
Buttons
Up to two button labels and URLs can be sent, such as "Listen on YouTube Music", "Go to ArchiveTune", or your custom labels and links.
What ArchiveTune does not collect for Discord based on the reviewed code
- The code reviewed does not show ArchiveTune collecting Discord messages, servers, channels, friend lists, contacts, or guild membership for Rich Presence.
- The Discord user ID is used to build an avatar URL or account object, but the reviewed storage code stores username, display name, avatar URL, tokens, and expiry rather than a dedicated Discord user ID preference.
- Discord Rich Presence is not required for app playback; it is controlled by the Discord integration setting and the presence manager stops when the feature is disabled or no token is available.
User controls for Discord
- You can choose not to sign in to Discord.
- You can disable Discord Rich Presence.
- You can customize which fields, artwork source, buttons, status, platform, timestamps, and pause behavior are shown.
- You can log out from the Discord settings screen. The logout path clears stored Discord access token, refresh token, expiry, username, display name, and avatar URL from app preferences.
- You may also need to revoke ArchiveTune access from Discord itself if you want Discord-side authorization removed.
Important Discord limits
Discord receives and processes the data needed to authenticate the integration and display Rich Presence. Discord's own privacy practices, logs, token handling, account controls, and retention rules are controlled by Discord, not by this website or the Android app.
Android Permissions
The app declares the following Android permissions in the current manifest. If you deny a permission, the related feature may stop working or provide reduced functionality.
| Permission | Why the app requests it |
|---|---|
INTERNET |
Connect to YouTube, lyrics services, update endpoints, canvas services, Together, and other network-backed features. |
POST_NOTIFICATIONS |
Show playback and download notifications. |
ACCESS_NETWORK_STATE |
Detect connectivity and adapt network behavior. |
READ_MEDIA_AUDIO |
Read local audio files on supported Android versions. |
READ_EXTERNAL_STORAGE on Android 12 and below |
Support local audio access on older Android versions. |
RECORD_AUDIO |
Support music-recognition features. |
BLUETOOTH_CONNECT |
Integrate with Bluetooth audio devices and playback controls. |
RECEIVE_BOOT_COMPLETED |
Restore playback-related behavior after a device restart when supported by the app. |
WAKE_LOCK |
Keep playback-related work running when needed. |
FOREGROUND_SERVICE, FOREGROUND_SERVICE_MEDIA_PLAYBACK, FOREGROUND_SERVICE_DATA_SYNC |
Support background playback, downloads, and related foreground work. |
Backups, Device Transfer, and Local Retention
ArchiveTune currently enables Android backup support. The backup and data-transfer rules exclude some cache and download paths, including the ExoPlayer cache, the download directory, and exoplayer_internal.db. Other app data, including local database content and app preferences, may still be included in Android cloud backup or device transfer depending on your Android settings and device behavior.
The app also provides a manual backup feature that creates a ZIP archive containing app settings and database files. This is a user-triggered export action.
Local data can remain until one of these happens
- You clear app data.
- You uninstall the app.
- You remove or overwrite it through app actions.
- Android backup or device-transfer systems copy it to another device or restore it.
For Together and other third-party services, remote retention depends on the service you use. This notice focuses on the Android app behavior in this repository.
User Controls and Choices
- You can use many core features without enabling optional third-party integrations.
- You can choose whether to sign in to YouTube or YouTube Music.
- You can enable or disable Last.fm scrobbling, ListenBrainz sync, Discord Rich Presence, lyrics providers, and Together features.
- You can grant or deny Android runtime permissions such as media access, notifications, and microphone access.
- You can configure or disable proxy-related settings.
- The codebase includes settings to pause search history and listening history.
- You can create a local backup export.
- You can clear app data or uninstall the app to remove local app storage from your device.
- If you connected external services, you may also need to revoke access or rotate tokens with those external providers.
Security Notes and Limitations
- The current Android manifest allows cleartext traffic. That means some connections may use HTTP instead of HTTPS if a feature or configured endpoint uses it.
- The current Android manifest also enables Android audio playback capture. Under Android platform rules, compatible system features or authorized apps may be able to capture app audio playback.
- This repository does not clearly document encryption at rest for the app database, preferences, or cache files, so this notice does not promise local encryption.
- This notice is limited to what can be supported from the current repository contents. Third-party services and self-hosted or official Together servers may have their own logging, retention, and security practices.
- If future code changes add new integrations, SDKs, or data flows, this notice should be updated with them.
Changes and Project Contact
This notice should be reviewed whenever ArchiveTune changes its permissions, storage model, external integrations, backup behavior, or network architecture.
For questions or corrections, use the project repository and issue tracker.
Technical Appendix
This appendix maps the main statements above to concrete implementation surfaces in the codebase.
| Topic | What the code shows | Main files |
|---|---|---|
| Permissions and backup behavior | The manifest declares network, media, microphone, Bluetooth, notification, boot, wake-lock, and foreground-service permissions. It also enables backup, cleartext traffic, and audio playback capture. Separate XML files exclude selected caches and internal playback database files from Android backup and device transfer. | app/src/main/AndroidManifest.xml, app/src/main/res/xml/data_extraction_rules.xml, app/src/main/res/xml/backup_rules.xml |
| Local database contents | The Room schema includes songs, artists, albums, playlists, search history, lyrics, audio format metadata, and playback event records. | app/schemas/moe.koiverse.archivetune.db.InternalDatabase/9.json |
| Settings and tokens stored locally | DataStore preference keys include UI settings, proxy settings, history toggles, Together values, YouTube session values, account name or email fields, Last.fm session values, ListenBrainz token values, Discord values, and update-cache keys. | app/src/main/kotlin/moe/koiverse/archivetune/constants/PreferenceKeys.kt |
| YouTube signed-in state | The Innertube layer exposes visitor data, data sync ID, cookie, PO token values, proxy state, and login-for-browse behavior as part of the current playback auth state. | innertube/src/main/kotlin/moe/koiverse/archivetune/innertube/YouTube.kt |
| Manual backup export | The backup view model writes app settings plus database files into a ZIP archive chosen by the user. | app/src/main/kotlin/moe/koiverse/archivetune/viewmodels/BackupRestoreViewModel.kt |
| External network integrations | Build configuration defines keys for Last.fm, Together, and canvas services. The updater fetches release information and caches related metadata in app preferences. | app/build.gradle.kts, app/src/main/kotlin/moe/koiverse/archivetune/utils/Updater.kt |
| Discord OAuth and Rich Presence | Discord OAuth requests sign-in scopes, exchanges authorization codes for tokens, stores token/profile fields, refreshes tokens, resolves Rich Presence text/images/buttons/timestamps, and sends activity data through the Discord Social SDK native bridge. | DiscordOAuthRepository.kt, DiscordRPC.kt, DiscordPresenceManager.kt, discord_social_bridge.cpp |
| Canvas service requests | The canvas module sends song and artist names, album IDs, or album URLs to https://artwork-archivetune.koiiverse.cloud/ and can attach a bearer token. |
canvas/src/main/kotlin/moe/koiverse/archivetune/canvas/ArchiveTuneCanvas.kt |
| Public feature claims | The repository README and store metadata describe privacy, YouTube integration, lyrics, music recognition, Last.fm, ListenBrainz, Discord Rich Presence, and other network-backed features that must stay aligned with this notice. | README.md, fastlane/metadata/android/en-US/full_description.txt |
| Current dependency posture | The current Android dependency declarations show Compose, Room, Hilt, Ktor, Media3, Coil, Timber, and related libraries. They do not currently show Firebase, Crashlytics, Sentry, mobile ad SDKs, or mobile analytics SDKs in the Android app dependency definitions reviewed for this notice. | app/build.gradle.kts, gradle/libs.versions.toml |
Open Documentation Boundaries
- Whether any self-hosted or official Together deployment logs IP addresses, user agents, or participant history outside the Android app itself.
- Whether all network endpoints used by optional features are always HTTPS in real deployments, since the Android manifest allows cleartext traffic.
- Whether local app storage is encrypted at rest on all supported devices and configurations.
- Whether canvas, lyrics, Discord, or future service providers apply their own independent retention or profiling practices.