Privacy Policy

Welcome to The Chord Companion ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

Key Points:

• We only collect information necessary to provide and improve our Service
• We never sell your personal information to third parties
• You have control over your data and can request deletion at any time
• We use industry-standard security measures to protect your information

We collect several types of information to provide and improve our Service:

2.1 Information You Provide

Account Information:

• Email address (required for account creation)
• Password (encrypted and managed by Clerk authentication service)
• Name (optional)
• OAuth provider information if you sign in with Google or GitHub (email, profile picture, provider ID)

Profile Information:

• Instrument preferences (guitar, ukulele, mandolin)
• Tuning preferences
• Skill level (optional)
• User preferences and settings

User-Generated Content:

• Chord progressions you create
• Saved songs and favorites
• Custom tunings
• Shared progressions (if you choose to make them public)

2.2 Information Collected Automatically

Usage Data:

• Features and pages you access
• Time spent on the Service
• Chords searched and used
• Number of progressions created
• Error logs and performance metrics

Device and Technical Information:

• Browser type and version
• Operating system
• IP address (anonymized in analytics)
• Device type (desktop, mobile, tablet)
• Screen resolution
• Referring website
• Date and time of access

2.3 Payment Information

Payment processing is handled entirely by Stripe, our third-party payment processor. We do NOT store your credit card numbers, CVV codes, or other sensitive payment information on our servers.

We receive from Stripe only:

• Last 4 digits of your card (for display purposes)
• Card brand (Visa, Mastercard, etc.)
• Subscription status
• Payment history (dates and amounts)
• Billing email

2.4 Analytics and Cookies

We use Google Analytics 4 to collect aggregated usage data including:

• Page views and navigation patterns
• User acquisition sources (how users find our Service)
• Demographic information (age range, general location - no precise location)
• Engagement metrics (session duration, bounce rate)

Google Analytics uses cookies to track this information. Your IP address is anonymized before being sent to Google. For more information, see our Cookie Policy.

We use the information we collect for the following purposes:

3.1 Provide and Maintain the Service

• Create and manage your account
• Authenticate your identity and manage sessions
• Store your chord progressions and preferences
• Sync your data across devices
• Enable sharing features when you choose to share

3.2 Process Payments and Subscriptions

• Process subscription payments through Stripe
• Manage subscription status and renewals
• Handle billing issues and refunds
• Send payment receipts and invoices
• Prevent fraud and unauthorized transactions

3.3 Communications

• Send transactional emails (account verification, password resets, payment confirmations)
• Send subscription-related notifications (renewal reminders, payment failures)
• Respond to your support inquiries
• Send important Service updates and security alerts
• Send optional marketing emails (only with your consent - you can opt out anytime)

3.4 Improve and Optimize the Service

• Analyze usage patterns to understand how users interact with the Service
• Identify and fix bugs and technical issues
• Test new features and improvements
• Optimize performance and user experience
• Generate aggregated, anonymized statistics

3.5 Customer Support

• Respond to your questions and support requests
• Troubleshoot technical issues
• Provide guidance on using the Service

3.6 Legal and Security

• Enforce our Terms of Service
• Protect against fraud, abuse, and illegal activity
• Comply with legal obligations and government requests
• Protect the rights, property, and safety of The Chord Companion, our users, and the public

We do not sell, rent, or trade your personal information to third parties.

We only share your information in the limited circumstances described below:

4.1 Service Providers

We share information with trusted third-party service providers who help us operate the Service:

These service providers are contractually obligated to protect your data and use it only for the specific purposes we authorize.

4.2 Public Content

When you choose to make a chord progression "public" or "shared," that content becomes accessible to other users of the Service. Other users can:

• View your shared progressions
• Save copies to their own accounts
• See the username associated with the shared content

You can change the privacy settings of your progressions at any time. Private progressions remain private and are never shared with other users.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests (subpoenas, court orders, warrants)
• Government or regulatory investigations
• Legal proceedings or litigation
• Requests to protect our rights, property, or safety
• Emergency situations involving danger of death or serious physical injury

4.4 Business Transfers

If The Chord Companion is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the successor entity. We will notify you of any such change via email and/or a prominent notice on the Service.

4.5 Aggregated Data

We may share aggregated, anonymized data that does not identify you personally, such as:

• "50% of users prefer guitar over other instruments"
• "Average number of progressions created per user"
• "Most popular chord types"

This data cannot be used to identify you individually.

5.1 Active Accounts

We retain your account information and User Content for as long as your account is active or as needed to provide you with the Service.

5.2 Account Deletion

When you delete your account:

• Your account data will be marked for deletion within 30 days
• Your User Content (progressions, favorites) will be deleted within 30 days
• Some information may be retained in backup systems for up to 90 days
• Anonymized usage data may be retained indefinitely for analytics
• Publicly shared progressions saved by other users may remain accessible

5.3 Legal Retention

We may retain certain information for longer periods if required by law or to comply with legal obligations, resolve disputes, enforce agreements, or protect our legal rights.

5.4 Payment Records

Payment records and transaction history are retained for 7 years to comply with tax and financial regulations, even after account deletion.

You have the following rights regarding your personal information:

6.1 Access Your Data

You can access most of your information by logging into your account. You can also request a copy of all data we have about you by contacting privacy@thechordcompanion.com.

6.2 Correct Your Data

You can update your account information, preferences, and profile details through your account settings. If you notice any inaccuracies, you can correct them yourself or contact us for assistance.

6.3 Delete Your Data

You have the right to request deletion of your account and personal information. You can delete your account through account settings or by contacting us. Upon deletion:

• Your account will be permanently deleted within 30 days
• All personally identifiable information will be removed
• Some anonymized data may be retained for analytics

6.4 Export Your Data

You can export your saved progressions and data through the account settings. This allows you to keep a copy of your content before deleting your account.

6.5 Opt Out of Marketing

You can opt out of marketing communications at any time by:

• Clicking the "Unsubscribe" link in any marketing email
• Updating your email preferences in account settings
• Contacting us at hello@thechordcompanion.com

Note: You will still receive transactional emails (e.g., payment confirmations, security alerts) even if you opt out of marketing.

6.6 Object to Processing

You can object to certain types of data processing, such as analytics tracking, by using browser settings or privacy extensions to block cookies.

6.7 GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under GDPR:

• Right to be Forgotten: Request complete deletion of your data
• Right to Portability: Receive your data in a machine-readable format
• Right to Restrict Processing: Limit how we use your data
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.8 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Know what personal information we collect about you
• Know whether we sell or share your personal information (we don't)
• Opt out of the sale of your information (not applicable - we don't sell data)
• Request deletion of your information
• Non-discrimination for exercising your rights

6.9 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@thechordcompanion.com
• Include your account email and specific request
• We will respond within 30 days

We use cookies and similar tracking technologies to improve your experience and understand how users interact with the Service.

7.1 What Are Cookies?

Cookies are small text files stored on your device that help websites remember information about your visit. They enable features like staying logged in and remembering your preferences.

7.2 Types of Cookies We Use

7.3 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers let you block or delete cookies
• Cookie Preferences: Use our cookie consent banner to customize settings
• Privacy Extensions: Install browser extensions that block tracking cookies
• Do Not Track: We respect Do Not Track browser signals

Note: Blocking essential cookies may prevent certain features from working properly.

7.4 Third-Party Tracking

Some third-party services we use (like Google Analytics) may set their own cookies. We have configured these services to respect user privacy and anonymize data where possible.

For more detailed information, see our Cookie Policy.

We take the security of your personal information seriously and implement industry-standard measures to protect it.

8.1 Security Measures

• Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Password Security: Passwords are hashed and encrypted using industry-standard algorithms via Clerk
• Database Security: Data at rest is stored in secure, access-controlled databases (Supabase)
• Access Controls: Strict access controls limit who can access your data internally
• Regular Updates: We regularly update our systems and dependencies to patch security vulnerabilities
• Monitoring: Continuous monitoring for suspicious activity and security threats

8.2 Your Responsibilities

You can help keep your account secure by:

• Using a strong, unique password
• Enabling two-factor authentication (if available)
• Not sharing your account credentials
• Logging out on shared devices
• Keeping your contact email secure
• Reporting suspicious activity immediately

8.3 Data Breaches

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours
• Explain what information was compromised
• Provide guidance on protective measures
• Notify relevant authorities as required by law

8.4 Limitations

While we use reasonable security measures, no system is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from circumstances beyond our control.

The Chord Companion is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are under 13, please do not use the Service or provide any personal information. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at privacy@thechordcompanion.com and we will delete that information.

Teens (13-18): If you are between 13 and 18 years old, you should have your parent or guardian's permission before using the Service.

10.1 Data Processing Location

The Chord Companion is operated in the United States. Your information will be transferred to, stored, and processed in the United States, which may have different data protection laws than your country.

By using the Service, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

10.2 European Union Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under GDPR:

• We process your data based on your consent or to fulfill our contract with you
• We implement appropriate safeguards for international data transfers
• You have the right to lodge a complaint with your local supervisory authority
• You can withdraw consent at any time (though this may limit Service functionality)

10.3 Data Protection Officer

For privacy inquiries from EU users, contact our privacy team at privacy@thechordcompanion.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

11.1 How We Notify You

When we make material changes to this Privacy Policy, we will notify you by:

• Updating the "Last Modified" date at the top of this page
• Sending an email notification to your registered email address
• Displaying a prominent notice on the Service
• Requiring you to review and accept updated terms (for significant changes)

11.2 Reviewing Changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. The "Last Modified" date indicates when the policy was last updated.

11.3 Acceptance of Changes

Your continued use of the Service after we post changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and may delete your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: