Privacy Policy

1. Introduction

Welcome to PitchStar. This Privacy Policy explains how Still Mind Music LLC (“we,” “us,” or “our”) collects, uses, discloses, and protects your information when you use the PitchStar mobile application (the “App”) and our related website at https://pitchstar.app (the “Website”), collectively referred to as the “Service.”

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

PitchStar is an ear training and music education application that uses real-time microphone input to evaluate pitch and rhythm. We are committed to protecting your privacy, especially the privacy of children who may use our Service.

2. Information We Collect

2.1 Information You Provide to Us

When you create an account, we collect:

• Email address
• A display name you choose
• Date of birth (used solely to determine age for legal compliance; see Section 6 regarding children’s privacy)

If you choose to sign in using a third-party authentication provider such as Google or Apple, we receive your name, email address, and a unique account identifier from that provider. We do not receive your password from these providers.

2.2 Information Generated Through Use

As you use the App, we automatically collect and store:

• Lesson completion records and scores
• Practice streaks and progress data
• Onboarding status and app preferences
• Subscription status and entitlement information

2.3 Microphone Data

Important: PitchStar accesses your device’s microphone to evaluate pitch and rhythm in real time during exercises. We do not record, store, or transmit any audio data. All audio processing occurs locally on your device and is discarded immediately after evaluation. No audio ever leaves your device or reaches our servers.

2.4 Information We Do Not Collect

We want to be transparent about what we do not collect:

• We do not collect location or GPS data.
• We do not collect device identifiers or fingerprinting data beyond what is necessary for basic app functionality.
• We do not record, store, or transmit audio from your microphone.
• We do not track you across other apps or websites.

2.5 Social Features and Information Visible to Other Users

PitchStar includes optional social features that allow you to connect with other users. When you use social features, certain information becomes visible to other users of the Service:

• Display name: The username you choose is visible to users who follow you and to users whose content you react to.
• Avatar: Your selected avatar image is visible alongside your display name.
• Friend code: Your unique friend code can be shared with others to allow them to follow you. Friend codes are not publicly discoverable within the App; you must share your code directly with someone for them to find you.
• Achievement activity: When you earn achievements, users who follow you may see that you earned the achievement in their activity feed.
• Reactions: When you react to another user’s achievement with an emoji, the user and their other followers may see your display name, avatar, and the emoji you selected.

Social features are based on a one-way follow model. When someone enters your friend code, they can follow you without requiring your approval. You can block any user at any time, which removes all social connections between you and hides your content from each other.

You can control your social experience by choosing who to follow, blocking users you do not want to interact with, and reporting users who violate our Community Guidelines.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your account
• To provide, maintain, and improve the Service
• To track your learning progress and display it to you within the App
• To sync your progress across multiple devices
• To process subscriptions and manage access to premium content
• To send you transactional communications (such as account verification, password resets, and subscription confirmations) via email
• To send you push notifications, only if you have explicitly opted in
• To comply with legal obligations, including age verification requirements

We do not use your information for advertising purposes. We do not sell your personal information to any third party, and we never will.

4. Third-Party Service Providers

We use a limited number of third-party service providers to operate the Service. These providers only have access to your information as necessary to perform their functions and are obligated to protect it:

• Supabase — Provides our backend infrastructure, database hosting, and authentication services. Your account data and progress information are stored on Supabase’s servers. Supabase’s privacy policy is available at https://supabase.com/privacy.
• RevenueCat — Manages subscription processing and entitlement verification. RevenueCat receives a pseudonymous app user ID and subscription transaction data from Apple. RevenueCat’s privacy policy is available at https://www.revenuecat.com/privacy.
• Apple (App Store) — Processes all in-app purchases and subscriptions. We do not receive or store your payment information; all payment processing is handled directly by Apple. Apple’s privacy policy is available at https://www.apple.com/privacy.
• PostHog — Provides product analytics to help us understand how users interact with the App and identify areas for improvement. PostHog receives anonymized usage events such as lesson completions, feature interactions, and session data. We do not send personal identifiers to PostHog. PostHog’s privacy policy is available at https://posthog.com/privacy.
• Sentry — Provides crash reporting and error monitoring to help us identify and fix technical issues. When an error occurs, Sentry may receive technical information about your device and the error context, but does not receive personal information such as your name or email. Sentry’s privacy policy is available at https://sentry.io/privacy.

5. Data Storage, Security, and Retention

5.1 Data Storage

Your account and progress data are stored on servers provided by Supabase. The App also stores data locally on your device to enable offline functionality. When your device connects to the internet, locally stored progress data is synced with our servers.

5.2 Security

We implement industry-standard security measures to protect your information, including encrypted data transmission (TLS/SSL), secure authentication practices, and access controls on our backend systems. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

5.3 Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service to you. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes. Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

6. Children’s Privacy

PitchStar is designed to be used by people of all ages, including children under the age of 13. We are committed to complying with the Children’s Online Privacy Protection Act (COPPA) and take the following measures to protect children’s privacy:

6.1 Age Verification

During account registration, we collect a date of birth to determine whether the user is under 13 years of age. We do not permanently store the full date of birth; instead, we store only an age classification flag to identify accounts belonging to children.

6.2 Parental Consent

If a user indicates they are under 13, we require verifiable parental consent before collecting any personal information. The parent or legal guardian must provide their email address and confirm consent through a verification link. Until parental consent is obtained, the child’s account functionality is limited, and no personal information beyond what is necessary to facilitate the consent process is collected.

When granting consent, parents are informed that the Service includes social features that allow their child’s display name, avatar, and achievement activity to be visible to other users who follow their child.

6.3 Information Collected from Children

With parental consent, we collect the same categories of information from children as described in Section 2, limited to what is reasonably necessary to provide the Service: an email address (which may be a parent’s email), a display name, and learning progress data. We do not collect more information from children than is reasonably necessary for them to use the App.

6.4 Parental Rights

Parents and legal guardians have the right to:

• Review the personal information we have collected from their child
• Request that we delete their child’s personal information
• Refuse to permit further collection or use of their child’s information
• Request that their child’s information not be shared with third parties
• Request removal of their child’s social connections (follows, reactions, and activity feed entries)

To exercise any of these rights, visit our Parent Portal or contact us at info@stillmindmusic.com. We will respond to verified requests within 30 days.

6.5 No Behavioral Advertising to Children

PitchStar does not serve advertisements to any users, including children. We do not use children’s personal information for behavioral advertising or any form of targeted marketing.

6.6 Children and Social Features

Social features are available to Child Users with parental consent. To protect children’s privacy, the following age-based restrictions apply:

• No user discovery: Child Users cannot be found or followed by other users unless the child shares their friend code directly. There is no in-app search, browse, or user suggestion feature for any user.
• Limited reaction visibility: When a Child User views who has reacted to an achievement, they can only see the names and avatars of users they already follow. Reactions from users they do not follow are shown as an anonymous count (e.g., “3 others reacted”) without names, avatars, or the ability to follow those users.
• No Follow buttons in reaction views: Child Users do not see Follow buttons next to other users’ names in reaction lists, preventing discovery of new users through social interactions.
• Profanity-filtered display names: All display names are checked against a profanity filter at creation and when changed. Names that violate our Community Guidelines are rejected. We may reset a display name at any time if it is found to be inappropriate.
• Blocking and reporting: Child Users can block and report other users. Blocking immediately removes all social connections and hides content between the users. Reports are reviewed by our team.

7. Your Rights and Choices

7.1 Account Deletion

You may delete your account at any time through the App’s settings. Upon deletion, we will remove your personal information from our servers within 30 days. You may also request account deletion by contacting us at the email address below.

7.2 Communication Preferences

You may opt out of push notifications at any time through your device settings or within the App. Transactional emails related to your account (such as password resets and subscription confirmations) cannot be opted out of while your account is active, as they are necessary for the operation of the Service.

7.3 Data Access and Portability

You may request a copy of your personal data by contacting us at info@stillmindmusic.com. We will provide your data in a commonly used, machine-readable format within 30 days of a verified request.

7.4 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at the email address below.

7.5 European Residents (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including the right to access, correct, delete, and port your data, as well as the right to restrict or object to certain processing. Our legal basis for processing your data is your consent (provided at account creation) and legitimate interests in operating the Service. To exercise your rights or file a complaint, contact us at the email address below or contact your local data protection authority.

8. Offline Use and Data Syncing

PitchStar is designed to work offline. All lesson content and microphone-based exercises function without an internet connection. When your device is offline, your progress data is stored locally on your device. When connectivity is restored, your local data is automatically synced with our servers to enable access across multiple devices. No data is transmitted while you are offline.

9. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may disclose your information only in the following limited circumstances:

• To the third-party service providers described in Section 4, solely for the purpose of operating the Service
• If required by law, regulation, legal process, or governmental request
• To protect the rights, property, or safety of our users, ourselves, or others
• In connection with a merger, acquisition, or sale of assets, in which case you would be notified of any change in ownership or use of your personal information

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the “Last Updated” date at the top of this policy and, where appropriate, providing notice through the App or via email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.