Privacy Policy

Practice Data: The items, routines, chord charts, and practice events you create while using GPRA. This is your data. You own it, I just store it for you. The 'why' here is pretty self-explanatory.

Account information: Your email address, username, and (if you signed up with Google or Tidal) your encrypted OAuth ID from those services. (Btw, if you sign up / login with Tidal, I don't get your email address, because they don't send it by default, and I don't request it, because I don't have a newsletter, I don't spam people with annoying upsell attempts, nor do I sell email addresses to spammers.) Why: Your email address is needed for you to reset your password. Google includes your email address in case you have multiple gmail/workspace accounts, so you know which one you're logging in with. For Google and Tidal logins, I have to keep the OAuth ID in order to be able to log you back in to the correct account. (Side note for Tidal users: If someone pays for the app for three months in a row without logging in at all, I'll send an email saying something along the lines of "Hey, you haven't been using the app, do you really mean to keep paying for it?" so, you'll need to add your email address on the Account/Settings page if you'd like to get those emails.)

Subscription data: If you're on a paid tier, I store your Stripe customer ID, subscription tier, and payment history. (Stripe handles all the actual payment processing, I never see your credit card number.) Why: I have to store your Stripe customer ID in order to connect your payments to the correct account. I store your payment history to enable my ability to keep your data for you for 90 days in case you miss a month, or purposefully pause your subscription for a couple of months. Payment history also helps me keep an eye out for people who are trying to abuse the system to get free or discounted use.

Account activity: I use PostHog for traffic analytics, feature flags, tracking my usage of the Anthropic API, error tracking, and to provide some of the features of the app. PostHog tracks activity on the site. I'm not using it to "spy" on people, I'm using it to understand how the app is being used, where people are running into difficulty, and how I can make changes to improve the app to make it easier to use. (Full disclosure: I work for PostHog, but GPRA is my own project, unrelated to PostHog beyond my use of PostHog as a customer.)

Optional stuff: If you add your own Anthropic API key (the "byoClaude" feature), I encrypt it and store it for you. You can remove it anytime. Why: So you can use the autocreate feature with the Basic tier plan.

I use your data to provide GPRA's functionality, and to understand how people use the app so I can improve it. That's it. I'm not in the business of selling your information (email addresses, usage info, etc.), and I never will be. I didn't build this app to "get rich", I'm just hoping I'll make enough to pay for the cost of hosting it, to break even. (Don't get me wrong, it'd be really cool if it makes a profit, but that seems quite unlikely with the low fees and the fact that it's kinda niche.) More specifically:

• Process payments via Stripe (they're PCI compliant, so your payment info is kept secure)
• Send password reset emails (via Mailgun) if you forget your password and need to reset it.
• Show you ads on the free tier, via Google AdSense (so I can keep the free tier free.)
• Improve the app with PostHog's platform (you can opt out of PostHog cookies in Account/Settings.)
• Send you an email if you pay for 3 months without using the app (a reminder to stop paying if you've stopped using it.)
• Send you an email reminder 7 days before your data is deleted, if you haven't downloaded it yet.

• Your data will never be sold to, shared with, or otherwise divulged to third parties. Ever. Period.
• Send you a 'newsletter' or 'app updates'
• Send you marketing noise to try to get you to spend more money
• Save any files you upload to autocreate chord charts (they're not saved at all, they're just shown to Claude so he can create the chord charts, and then they vanish into the ether.)
• Steal something you wrote (I don't have the time or the interest to be poking around in your routines or chord charts. Also, I don't write music, I just play covers myself, so I don't want any part of your mediocre break up songs. 😉)

You have complete control over your data via the Account/Settings page (gear icon in the upper-right):

• Download your data: Export your items, routines, and chord charts
• Opt out of analytics: Deletes PostHog cookies, prevents them from being reloaded
• Delete your account: Remove all your data permanently. You can schedule deletion for your next renewal date, or delete immediately (no refunds though.) See Account Settings.
• Update your information: Change your email*, username, or API key anytime
  *Unless you signed up with Google, their OAuth system doesn't work that way. Reach out if you need your data moved from one login to another.

I use these services to make GPRA work. Each has their own privacy policy. I've linked to their privacy policies below, so you don't have to go find them yourself if you want to read them...

Practice Items, Routines, Chord Charts, Notes: If you stop paying for your account, I keep your practice history for 120 days* (in case you want to resubscribe after a couple of months) then it's automatically deleted. You'll get a reminder 7 days before deletion if you haven't downloaded your data.
*I say '90 days' elsewhere on the site, but it's actually 120 days to give an extra month of buffer so people don't lose data they meant to keep.

Deleted Accounts: When you delete your account (either scheduled or immediate), I permanently erase all your data. There's no way to recover it, after deletion it's gone for good.

I use a few types of cookies to make GPRA work:

• Session Cookies: Required for login, keeping you logged in, keeping your account settings, etc. These are "functional cookies" and so they don't require consent.
• PostHog Cookies: Tracks how you use GPRA to help me improve it. You can opt out via the Account/Settings page.
• Dark Mode Preference: Stored in your browser's localStorage so the app will remember if you're one of those weirdos who prefers light mode. (Yes, my fellow nerds, it's not technically a cookie, but not worthy of its own section in this document either.)