Legal
Privacy Policy
1. Introduction
Fretmarks ("we", "us", or "our") is a web application for guitarists to track technical practice exercises, log BPM progress, set goals, and follow progressive difficulty ladders. This Privacy Policy explains what personal data we collect, how we use it, where it is stored, and your rights under applicable law — including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA).
By using Fretmarks, you agree to the collection and use of information described in this policy.
2. Data Controller
The data controller responsible for your personal data is:
If you have questions or concerns about how your data is handled, please contact us at the address above.
3. Data We Collect
We collect only data that is necessary to provide the Fretmarks service.
3.1 Account Data
| Data | Purpose |
|---|---|
| Email address | Authentication, account identification |
| Display name | Personalizing your in-app experience |
| Profile avatar (image) | Displayed in your profile and navigation |
| Account creation timestamp | Account management |
3.2 Practice & Progress Data
| Data | Purpose |
|---|---|
| Practice logs (exercise ID, technique, BPM, timestamp) | Tracking your practice history and progress |
| Daily practice history summaries | Streak calculation and progress statistics |
| Ladder progress (completed steps per exercise) | Tracking progressive difficulty advancement |
| Exercise notes (freeform text) | Personal notes you choose to write per exercise |
3.3 Goals & Preferences
| Data | Purpose |
|---|---|
| Selected goals | Personalizing exercise recommendations and home page |
| Skill level | Tailoring content difficulty |
| Practice schedule preferences | Generating personalized plans |
3.4 Collections
| Data | Purpose |
|---|---|
| User-created exercise collections | Organizing exercises for personal use |
3.5 Data We Do NOT Collect
- We do not collect payment information
- We do not collect location data
- We do not use advertising tracking
- We do not sell or rent your data to third parties
4. Legal Basis for Processing (GDPR)
For users in the EEA, we process your data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account | Contract (Article 6(1)(b) GDPR) — necessary to provide the service |
| Storing practice logs and progress | Contract (Article 6(1)(b) GDPR) — core functionality of the service |
| Personalizing recommendations | Legitimate interests (Article 6(1)(f) GDPR) — improving your experience |
| Retaining records for troubleshooting | Legitimate interests (Article 6(1)(f) GDPR) |
5. How We Use Your Data
We use your data exclusively to:
- Authenticate you and secure your account
- Display your practice history, goals, and progress
- Generate personalized exercise recommendations
- Calculate practice streaks and achievements
- Allow you to organize and track your guitar practice
We do not use your data for:
- Targeted advertising
- Profiling for marketing purposes
- Selling to or sharing with third parties
6. Data Storage and Transfers
Fretmarks uses Google Firebase services. Your data is stored in the following locations:
| Service | Data Stored | Location |
|---|---|---|
| Cloud Firestore | Account data, practice logs, goals, notes, collections, ladder progress | eur3 (Europe) — Belgium/Netherlands |
| Firebase Storage | Profile avatar images | us-central1 (United States) — Iowa |
| Firebase Authentication | Email address, authentication tokens | Managed by Google; processed globally per Google's terms |
International Transfers
Your avatar image is stored in the United States (Google Cloud us-central1). This transfer is covered by Google's Standard Contractual Clauses (SCCs) and their compliance with applicable data transfer mechanisms under GDPR Chapter V. For more information, see Google's Privacy & Security in Firebase.
All other personal data (Firestore) is stored within the European Union (eur3).
7. Data Retention
We retain your data for as long as your account is active. If you delete your account (see Section 9), all of your personal data is permanently deleted, including:
- Your account profile
- All practice logs and history
- Goals and preferences
- Exercise notes and collections
- Ladder progress
- Profile avatar
We do not retain backups of your personal data after account deletion beyond any residual period required by applicable law.
8. Data Security
We take reasonable technical measures to protect your data:
- All data in transit is encrypted via HTTPS/TLS
- Firebase Security Rules enforce per-user data isolation — you can only read and write your own records
- Authentication is handled by Firebase Authentication, which uses industry-standard token-based security
- No passwords are stored by Fretmarks — authentication is delegated entirely to Firebase
9. Your Rights (GDPR)
If you are located in the EEA or the UK, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Right of Access (Art. 15) | Request a copy of all personal data we hold about you |
| Right to Rectification (Art. 16) | Correct inaccurate or incomplete data (via Profile Settings) |
| Right to Erasure (Art. 17) | Delete your account and all associated data (via Profile Settings → Delete Account) |
| Right to Restriction (Art. 18) | Request that we restrict processing of your data |
| Right to Data Portability (Art. 20) | Request your data in a machine-readable format |
| Right to Object (Art. 21) | Object to processing based on legitimate interests |
| Right to Lodge a Complaint | Lodge a complaint with your local supervisory authority |
Exercising Your Rights
Account deletion: You can delete your account and all associated data directly within the app under Profile Settings → Delete Account. This action is immediate and irreversible.
For all other requests (access, portability, restriction, objection), contact us at: support@fretmarks.com.
We will respond to requests within 30 days as required by GDPR.
Supervisory Authority: If you are in the EU/EEA, you have the right to lodge a complaint with your national data protection authority. A list of authorities is available at edpb.europa.eu.
10. Cookies and Local Storage
Fretmarks uses browser local storage and session storage solely for:
- Maintaining your authentication session
- Storing UI preferences (e.g., last viewed exercise)
We do not use third-party tracking cookies or analytics cookies.
11. Third-Party Services
We use the following third parties to operate the service:
| Provider | Service | Privacy Policy |
|---|---|---|
| Google LLC (Firebase) | Authentication, Database, Storage | firebase.google.com/support/privacy |
No other third-party services receive your personal data.
12. Children's Privacy
Fretmarks is not directed at children under the age of 13 (or 16 in certain EU member states). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this document. For material changes, we will notify you via the application or by email. Continued use of Fretmarks after changes are posted constitutes acceptance of the updated policy.
14. Contact
For any privacy-related questions, data subject requests, or complaints: