1. Who We Are
pianissimo ("the App," "we," "us," "our") is an iOS application developed and operated by Andy Albrecht, an individual developer based in the USA.
For users in the European Economic Area (EEA) or United Kingdom, Andy Albrecht acts as the data controller under the General Data Protection Regulation (GDPR) and UK GDPR.
Privacy questions and data requests: privacy@pianissimoapp.com
2. Information We Collect
2a. Information You Provide Directly
- Account credentials: Your email address and a hashed password, used to create and authenticate your account via Supabase.
- Practice session data: Instrument, duration, pieces practiced, goals, notes, ratings, and any other content you enter into the App.
- Recorded audio: If you choose to record practice audio the App requests microphone permission. Recorded audio files are stored locally and are uploaded to your account storage only if you explicitly save or sync them. Audio is not recorded without your consent.
- Shared content: When you use the iOS share sheet to share a session summary or audio, that content is transmitted directly by iOS to the destination you select. We do not receive or retain a copy of what you share unless you explicitly save or upload it.
- Support communications: Emails you send us for help or feedback.
2b. Information Collected Automatically
- Anonymous usage analytics (PostHog): We record anonymous interactions such as which features are used and how you navigate the App. Each device is assigned a random identifier stored locally and, where applicable, in Keychain; this identifier cannot be used to identify you. IP addresses are discarded before storage. No name, email, device identifiers (IDFA/IDFV), or other personal identifiers are collected.
- Crash reports and diagnostics (Sentry): When the App crashes or encounters an error, we record the error message, stack trace, app version, device model, OS version, and a sequence of anonymous technical events leading up to the error. Network request query parameters are stripped. Crash reports are linked only to the anonymous analytics identifier for correlation and cannot be used to identify you.
- Purchase metadata (RevenueCat): RevenueCat records product identifiers, purchase dates, transaction values, and an anonymous app user identifier. We do not share PII with RevenueCat from the client.
2c. Information We Do NOT Collect
- Location data of any kind.
- Camera data — the App does not request camera permissions.
- Any personally identifiable information through analytics or crash reporting; these systems are configured to be anonymous by design.
Notifications & Live Activities
The App requests iOS notification permissions (including Live Activities where supported) to provide timer alerts and related sounds. Notifications are local; sounds bundled with the App may play if you grant permission. You can disable notifications in iOS settings at any time.
Analytics & Crash Data Deletion
PostHog analytics and Sentry crash reports are intentionally anonymized and stored without records that can be tied to a specific person; as a result, these datasets cannot be deleted on a per-device basis. If you object to legitimate-interest processing (analytics/crash reporting), contact us at privacy@pianissimoapp.com and we will evaluate options.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide account authentication and sync | Email, hashed password | Contract performance — Art. 6(1)(b) |
| Store and retrieve practice sessions (including saved audio) | Practice session data, saved audio files | Contract performance — Art. 6(1)(b) |
| Process and manage in-app purchases | RevenueCat purchase metadata | Contract performance — Art. 6(1)(b) |
| Fix bugs and maintain app stability | Sentry anonymous crash reports | Legitimate interests — Art. 6(1)(f) |
| Understand feature usage and improve the App | PostHog anonymous analytics | Legitimate interests — Art. 6(1)(f) |
| Respond to support requests | Email correspondence | Legitimate interests — Art. 6(1)(f) |
| Comply with legal obligations | As required by law | Legal obligation — Art. 6(1)(c) |
4. Third-Party Services and Data Processors
Supabase — Authentication and Data Storage
We use Supabase to manage user accounts and store practice session data (including audio you save). Supabase stores your email, hashed password, and your saved practice data on secured servers. Supabase acts as a data processor on our behalf under a Data Processing Agreement. See Supabase's Privacy Policy.
PostHog — Anonymous Usage Analytics
We use PostHog to collect anonymous usage data. PostHog is configured to discard IP addresses before storage and to never create person profiles. Because no personal data is collected, GDPR data subject rights (access, erasure, portability) do not apply to analytics datasets in practice. See PostHog's Privacy Policy.
Sentry — Crash Reporting and Error Monitoring
We use Sentry to identify and fix bugs. Sentry is configured to strip IP addresses and personal identifiers before storage; events are associated only with an anonymous analytics identifier for correlation. We do not send PII to Sentry. See Sentry's Privacy Policy.
RevenueCat — In-App Purchases
We use RevenueCat to process and manage in-app purchases. RevenueCat collects an anonymous app user identifier, product identifiers, purchase dates, and transaction values. The mapping between RevenueCat anonymous IDs and Supabase user IDs is managed server-side via protected Edge Functions and the rc_identity_map table; the client does not write PII to RevenueCat. For details see RevenueCat's Privacy Policy.
Apple Inc.
The App is distributed through Apple's App Store. Apple processes certain technical and transactional data per their Privacy Policy. All payment processing for in-app purchases is handled by Apple.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We do not share data with advertisers. Beyond processors listed in Section 4, we disclose data only when:
- You choose to share: Content you share via the iOS share sheet is sent directly to the chosen destination; we are not a party to that transfer unless you explicitly upload or save the content.
- Required by law: When compelled by court order, subpoena, or applicable law.
- Business transfer: If the App is sold or transferred, user data may be included; you will be notified of material changes.
6. Your Rights
GDPR Rights (EEA and UK Users)
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal exceptions.
- Restriction: Request that we limit how we process your data.
- Portability: Receive your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interests.
- Withdraw Consent: Where consent is the legal basis, withdraw it at any time without affecting prior processing.
- Lodge a Complaint: Contact your local supervisory authority. In the UK: ICO.
Note: Because PostHog analytics and Sentry crash data are anonymized, those datasets cannot be deleted on a per-user basis.
CCPA Rights (California Users)
- Right to know what personal information we collect, use, or disclose.
- Right to request deletion of personal information we hold.
- Right to opt out of the sale of personal information. We do not sell personal information.
- Right to non-discrimination for exercising these rights.
To exercise any right, email privacy@pianissimoapp.com. We will respond within 30 days or sooner as required by law.
7. Data Retention
Your account and saved practice data (including saved audio you uploaded) are retained while your account is active or as needed to provide the service.
You can delete your account directly from the App via Profile → Technical → Delete Account. Deleting your account through the App initiates a verified deletion flow: we will delete or anonymize your personal data and trigger deletion of associated Supabase and RevenueCat data within 30 days where technically possible, subject to legal requirements. Deletion initiated via the App uses the same server-side erasure processes described elsewhere in this Policy.
PostHog and Sentry datasets are anonymized and cannot be deleted per individual because they contain no record linked to you.
8. Data Storage and Security
Your account and saved practice data are stored on Supabase's secured servers in the United States, encrypted in transit (TLS) and at rest. We implement reasonable technical and organizational safeguards but cannot guarantee absolute security.
9. Children's Privacy
pianissimo is suitable for all ages. We take the following steps to support younger users and comply with children's privacy laws:
- Parental consent: At signup, all users must check a box confirming they are the account holder or have parental/guardian permission. For users under 13, we recommend using a parent or guardian's email address. We record the timestamp of consent acknowledgment in our database for audit purposes.
- Minimal data collection: We collect only email, hashed password, and practice session data (metronome settings, practice notes, recorded audio, repertoire items) directly entered by the user. We do not collect age, location, or personal descriptors.
- Anonymous analytics: Our analytics (PostHog) and crash reporting (Sentry) are fully anonymized and do not collect personal identifiers, device IDs, IP addresses, or any data that could identify a specific child. These datasets comply with GDPR Article 8 and COPPA requirements.
- In-app purchases: Tip jar/premium features are processed by Apple's in-app purchase system and subject to Apple's Family Sharing and parental controls. We do not store payment information or process transactions ourselves.
- No third-party tracking: We do not share data with advertisers, social networks, or data brokers. We do not use cookies or fingerprinting.
- Account deletion: If a parent/guardian wishes to delete their child's account, contact us at privacy@pianissimoapp.com and we will delete all account data within 30 days.
10. International Data Transfers
pianissimo is operated from the United States. Supabase, PostHog, Sentry, and RevenueCat store data in the United States. If you access the App from the EEA or UK, your data may be transferred to and processed in the USA; we rely on DPA/SCCs with processors to ensure compliance.
11. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated through the App or email. The "Last Updated" date reflects the most recent revision. Continued use after changes constitutes acceptance.