Steady Strum

Legal

Privacy Policy

Last updated: March 17, 2026

1. Overview

Steady Strum (“we”, “us”, or “our”) is committed to protecting your privacy. This policy explains what information we collect, how we use it, and the choices you have. We keep this simple — we are a small, focused tool, not an ad platform.

2. Information We Collect

Account Information

When you sign up, we collect your email address and a securely hashed password (managed by Supabase Auth). We do not collect your name, phone number, or payment information.

Practice Data

To power spaced repetition scheduling and progress tracking, we store:

  • Card review results (card ID, quality rating 0–5, timestamp)
  • SRS state per card (repetition count, ease factor, next review date)
  • Fretboard drill accuracy and weak-note tracking
  • Practice looper bookmarks (YouTube video IDs, loop points, speed settings, tags)
  • Session statistics (streak counts, cards reviewed, accuracy over time)

This data is tied to your account and stored in our database. It is used solely to provide the Service — we do not sell it or use it for advertising.

Usage & Technical Data

We may collect standard server logs including IP address, browser type, and pages visited. This information is used for security monitoring and debugging, and is not linked to your practice activity.

3. YouTube API Data

The practice looper embeds YouTube videos using the YouTube IFrame API. When you use this feature:

  • YouTube (Google) may collect data about your video playback, as described in Google's Privacy Policy
  • We store only the YouTube video IDs you save as bookmarks — not watch history or viewing behaviour
  • We do not transmit any of your personal data to YouTube or Google

4. How We Use Your Information

We use your data to:

  • Authenticate you and keep your session secure
  • Calculate and serve your spaced repetition review schedule
  • Display your progress stats (streak, accuracy, mastery counts)
  • Save and restore your practice looper bookmarks and queue
  • Improve the Service through aggregate, anonymized usage analysis
  • Send transactional emails (e.g. password reset) — we do not send marketing emails without your explicit consent

5. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only in these limited circumstances:

  • Supabase — our infrastructure provider processes your data on our behalf for authentication and database storage. Supabase is SOC 2 Type II certified. See the Supabase Privacy Policy.
  • Legal obligations — if required by law, court order, or to protect the safety of our users or the public.

6. Cookies & Local Storage

We use cookies and browser local storage solely for authentication session management (keeping you logged in). We do not use advertising cookies or third-party tracking cookies.

The practice looper may use browser local storage to cache UI preferences (e.g., metronome settings) for a smoother experience. This data never leaves your browser.

7. Data Retention

Your account and practice data are retained for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems within 30 days, except where retention is required by law (e.g., security incident logs).

8. Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — ask us to correct inaccurate data
  • Deletion — request deletion of your account and all associated data
  • Portability — request an export of your practice data in a machine-readable format

To exercise any of these rights, email us at hello@steadystrum.app. We will respond within 30 days.

9. Security

We take reasonable technical and organizational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and row-level security in our database. No system is completely secure; we encourage you to use a strong, unique password for your account.

10. Children's Privacy

Steady Strum is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this policy from time to time. We will update the “Last updated” date at the top of this page and, for material changes, notify you via email or an in-app notice.

12. Contact

Questions or concerns about your privacy? Contact us at hello@steadystrum.app.

See also our Terms of Service.