🛡️ FretGenius Privacy Policy

1. Introduction

Welcome to FretGenius! This Privacy Policy explains how FretGenius ("we," "us," or "our") handles information when you use our website (`fretgenius.app`), marketing landing pages, web application (`web.fretgenius.app`), mobile applications (iOS and Android), and any related services (collectively, the "Service").

Your privacy is important to us. We aim to be transparent about what we collect, how we use it to operate and improve the Service, and the third parties we rely on for analytics, attribution, and error monitoring.

2. Information We Collect

We collect information that helps us operate, improve, and measure the effectiveness of FretGenius. Depending on how you use the Service, this may include:

• Service and Account Data (Pseudonymous): When you use the mobile app or web application, we create a pseudonymous account record so we can provide core features like saving and syncing your progress. This may include:
  • A randomly generated account/bootstrap identifier (for example, a “bootstrap id”).
  • Device identifiers when provided by the app (for example, Android ID or iOS Identifier for Vendor (IDFV)) to help keep your account consistent across reinstalls.
  • Onboarding questionnaire responses (for example, experience level or preferences) when you choose to answer them.
  • Practice and progress data (for example, practice sessions, note-path attempts, accuracy, and response time metrics).
• Notifications (Practice Reminders): If you enable practice reminders in the mobile app, we request permission to send notifications and schedule reminder notifications on your device based on the settings you choose (for example, days/times). We may also record analytics events when you open a reminder notification.
• Feedback You Submit: If you submit feedback via the Service, we collect the contents of your message and may also collect optional contact details you provide (such as your email address, and in some contexts your name) so we can follow up.
• Advertising and Conversion/Install Attribution (Google Ads, Meta, Reddit, Singular): On our marketing landing pages, we use advertising pixels/tags from Google Ads, Meta (Facebook), and Reddit to measure ad performance and attribute installs. In our mobile app (Android), we may also read the Google Play Install Referrer and send attribution details to our servers to connect an install to a campaign. On iOS, attribution may occur through privacy-preserving frameworks such as Apple’s SKAdNetwork (for example, via our attribution partners). These systems may process:
  • UTM parameters you arrive with (for example, utm_source, utm_campaign, utm_medium, utm_content, utm_term).
  • Network click identifiers when present (for example, gclid, gbraid/wbraid, fbclid, rdt_cid), which we normalize as network_click_id.
  • Install attribution data (for example, an Android install referrer string).
  • Device and browser metadata (for example, user agent, approximate location derived from IP, as provided by the networks).
  • Event information about outbound clicks to the app stores (for example, which button was clicked and where on the page).

  We use this information to understand which campaigns drive traffic and store clicks, and to improve ad effectiveness. We do not provide personal identifiers (such as name, email, or phone) to ad platforms from our landing page.

• Usage Analytics (via PostHog EU Cloud): We use PostHog (posthog.com) to understand how users interact with the Service (for example, which features are used and how often). We use PostHog’s EU-based cloud infrastructure. Depending on the product surface, we configure PostHog with privacy protections such as:
  • Disabling cookie/storage persistence on web.fretgenius.app.
  • Masking captured text and element attributes in our web application.

  PostHog events may include pages/screens viewed and feature interactions. PostHog may also process technical data such as device type, OS, browser, and (depending on configuration) IP address and a pseudonymous device/user identifier (distinct id).

  For details on PostHog's data handling, see PostHog's Privacy Policy.

• Crash Reports, Performance Monitoring, and (Mobile) Session Replay (via Sentry): To help us diagnose and fix bugs, we use a third-party service, Sentry (sentry.io). Depending on the app and configuration, Sentry may collect crash/error reports, performance data (for example, traces and profiling), and on mobile may capture session replays to help reproduce issues. This data typically includes:
  • Device type (e.g., iPhone model, Android device model)
  • Operating system and version (e.g., iOS 17, Android 14)
  • Application version
  • Technical details about the error (e.g., stack traces).
  • Performance diagnostics (for example, timing information)
  • Potentially, the device's IP address (processed by Sentry according to their policy).

  Important: Session replays may capture on-screen content and interactions in the app. We do not intend to collect sensitive information; please avoid entering sensitive information into feedback fields and do not include it in support messages.

  For details, see Sentry's Privacy Policy.

FretGenius does not require creating a username/password account to use core features. If you choose to provide an email address for feedback, we will use it only for follow-up related to your message.

3. How We Use Information

We use the collected information to:

• Provide and operate the Service: Create and maintain your pseudonymous account, save and sync onboarding and practice/progress data, and deliver core app functionality.
• Advertising/Attribution: To measure the effectiveness of our advertising campaigns and understand which sources/campaigns lead to store clicks and installs. This includes recording UTMs and network click IDs when present.
• Analytics: Understand how the Service is used (in aggregate) so we can improve features, usability, and performance.
• Debugging and reliability: Identify, analyze, and fix bugs, crashes, and performance issues.
• Support and feedback: Review and respond to feedback you submit.

4. Cookies, Local Storage, and Similar Technologies

Analytics (Web): On web.fretgenius.app, we configure PostHog to disable persistence (no analytics cookies/local storage). On marketing landing pages, PostHog may use first‑party cookies or local storage to maintain a pseudonymous identifier unless you block cookies/storage.

Advertising Pixels: Our landing pages include advertising and conversion measurement tags from Google Ads, Meta, and Reddit. These third parties may use cookies or similar technologies to attribute conversions and prevent fraud. You can control or block these cookies in your browser settings. We do not set first‑party tracking cookies for these purposes.

Functional storage (Web): We may use browser storage for functional purposes such as remembering an A/B test variant, persisting UTMs for the current session, or storing interface preferences.

Mobile storage: Our mobile app uses on-device storage for functional purposes (such as preferences and ensuring certain one-time tasks run only once).

5. Legal Basis for Processing

Depending on your location and applicable law (including the GDPR in the EU/EEA), we process information as needed to provide the Service (for example, saving and syncing your progress) and for our legitimate interests in operating, improving, and securing FretGenius (for example, analytics, debugging, and measuring marketing effectiveness). Where required, we may rely on your consent for certain tracking/marketing technologies.

6. Data Sharing, Disclosure, and Processors

We do not sell or rent your information. We share limited data only with the following third-party service providers (data processors) who help us operate the Service:

• Google Ads: Advertising conversion measurement. See Google Ads Policies and Ad Center.
• Meta (Facebook) Pixel: Advertising conversion measurement. See Meta Privacy Policy and Ad Preferences.
• Reddit Pixel: Advertising conversion measurement. See Reddit Privacy Policy and Ad Personalization.
• Singular: Mobile attribution and measurement (including SKAdNetwork on iOS where applicable). See Singular's Privacy Policy.
• Sentry: For crash/error reporting and performance monitoring (and, on mobile, session replay where enabled).
• PostHog, Inc.: For usage analytics. We utilize PostHog's EU Cloud platform (servers located within the European Union) to process and store the analytics data described in Section 2. PostHog acts as a data processor on our behalf according to their Data Processing Addendum and Privacy Policy.

We may also disclose information if required by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect our rights or property, prevent wrongdoing, protect user safety, or defend against legal liability.

7. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information we process, including access controls and encryption in transit. We also rely on the security measures implemented by our third-party providers (such as Sentry, PostHog, and Singular) to protect the data they process on our behalf. However, no system is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

• Service Data (account, onboarding, practice/progress): Retained for as long as needed to provide the Service and operate the account, unless you request deletion or we no longer need it for legitimate business purposes.
• Feedback Submissions: Retained as long as needed to address your feedback and improve the Service.
• Attribution Data: Retained as long as needed for campaign measurement and fraud prevention.
• Sentry Data: Retained according to Sentry's standard practices or our configuration, typically for a limited period (e.g., 90 days) sufficient for bug analysis.
• PostHog Data: Analytics data processed on PostHog's EU Cloud is retained according to the retention period configured in our PostHog account settings, typically for a limited duration suitable for analysis purposes, after which it is deleted according to PostHog's processes.

9. Your Data Protection Rights

Depending on your location and applicable data protection laws (such as the GDPR in the EU/EEA or the CCPA in California), you may have certain rights regarding your personal data. These can include the right to access, rectify, erase, restrict processing of, or object to the processing of your data, as well as the right to data portability.

Because some of our data is associated with pseudonymous identifiers (such as an account/bootstrap id or an analytics distinct id), we may need additional information from you to locate and act on your request. The data processed by our third-party providers (such as Sentry, PostHog, and Singular) is also subject to their respective privacy policies and data handling practices.

If you have questions about your data or wish to inquire about exercising potential rights, please contact us at [email protected]. We will address your inquiry to the best of our ability within the constraints of the data we process.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of information infringes applicable data protection laws.

Ads Preferences and Opt-Outs: You can manage how advertising platforms use your data:

• Google Ad Center and Google opt-out tools
• Meta Ad Preferences
• Reddit Ad Personalization
• Browser controls to block third‑party cookies or tracking scripts

10. Children's Privacy

FretGenius is not directed to children under the age defined by applicable laws (for example, 13 in the US, 16 in parts of the EU). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child's information may have been provided to us (for example, via a feedback form), please contact us at [email protected] and we will work to address the issue.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at: [email protected]