Privacy Policy

1. Overview

Steady Strum (“we”, “us”, or “our”) is committed to protecting your privacy. This policy explains what information we collect, how we use it, and the choices you have. We keep this simple — we are a small, focused tool, not an ad platform.

2. Information We Collect

Account Information

When you sign up, we collect your email address and a securely hashed password (managed by Supabase Auth). We do not collect your name, phone number, or payment information.

Practice Data

To power spaced repetition scheduling and progress tracking, we store:

• Card review results (card ID, quality rating 0–5, timestamp)
• SRS state per card (repetition count, ease factor, next review date)
• Fretboard drill accuracy and weak-note tracking
• Practice looper bookmarks (YouTube video IDs, loop points, speed settings, tags)
• Session statistics (streak counts, cards reviewed, accuracy over time)

This data is tied to your account and stored in our database. It is used solely to provide the Service — we do not sell it or use it for advertising.

Usage & Analytics Data

We use PostHog, a product analytics tool, to collect behavioral data about how you use the app. This includes page views, feature interactions, and key events such as completing a study session or starting a subscription. This data is linked to your account to help us understand what is and isn't working, and to improve the product. You can opt out at any time using the cookie consent banner or by contacting us.

We also collect standard server logs (IP address, browser type, pages visited) for security monitoring and error tracking via Sentry.

3. YouTube API Data

The practice looper embeds YouTube videos using the YouTube IFrame API. When you use this feature:

• YouTube (Google) may collect data about your video playback, as described in Google's Privacy Policy
• We store only the YouTube video IDs you save as bookmarks — not watch history or viewing behavior
• We do not transmit any of your personal data to YouTube or Google

4. How We Use Your Information

We use your data to:

• Authenticate you and keep your session secure
• Calculate and serve your spaced repetition review schedule
• Display your progress stats (streak, accuracy, mastery counts)
• Save and restore your practice looper bookmarks and queue
• Improve the Service through aggregate, anonymized usage analysis
• Send transactional emails (e.g. password reset) — we do not send marketing emails without your explicit consent

5. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only in these limited circumstances:

• Supabase — authentication and database storage. SOC 2 Type II certified. Privacy Policy.
• PostHog — product analytics. Receives behavioral event data (page views, feature usage, session events) linked to your account. You can opt out via the cookie consent banner. Privacy Policy.
• Sentry — error monitoring and performance tracking. May receive technical data (stack traces, browser info) when an error occurs. No personally identifiable practice data is sent. Privacy Policy.
• Vercel — hosting and anonymous aggregate traffic analytics. No personal data is shared. Privacy Policy.
• Stripe — payment processing for Pro subscriptions. We never see or store your full payment card details. Stripe handles all billing data under their own privacy policy. Privacy Policy.
• Legal obligations — if required by law, court order, or to protect the safety of our users or the public.

6. Cookies & Local Storage

We use cookies and browser local storage for the following purposes:

• Authentication — session cookies to keep you logged in (Supabase Auth). These are strictly necessary and cannot be opted out of while using the app.
• Analytics — PostHog sets cookies to track behavioral usage across sessions. You can opt out of these via the cookie consent banner shown on your first visit. Your preference is stored in browser local storage under the key cookie_consent.
• UI preferences — the practice looper may cache settings (e.g., metronome tempo, loop points) in local storage for a smoother experience. This data never leaves your browser.

We do not use advertising cookies or sell cookie data to any third party.

7. Data Retention

Your account and practice data are retained for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems within 30 days, except where retention is required by law (e.g., security incident logs).

8. Your Rights

You have the right to:

• Access — request a copy of the data we hold about you
• Correction — ask us to correct inaccurate data
• Deletion — request deletion of your account and all associated data
• Portability — request an export of your practice data in a machine-readable format

To exercise any of these rights, email us at support@steadystrum.com. We will respond within 30 days.

9. Security

We take reasonable technical and organizational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and row-level security in our database. No system is completely secure; we encourage you to use a strong, unique password for your account.

10. Children's Privacy

Steady Strum is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this policy from time to time. We will update the “Last updated” date at the top of this page and, for material changes, notify you via email or an in-app notice.

12. Contact

Questions or concerns about your privacy? Contact us at support@steadystrum.com.