Privacy Policy

1. Introduction

Welcome to TradChords ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains how we handle data when you use TradChords, a community-driven platform for traditional music chord arrangements.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

• Email address - Used for authentication and account recovery
• Display name - Shown publicly on your contributions
• Account creation date - For record-keeping purposes

2.2 User-Generated Content

When you contribute to TradChords, we store:

• Chord arrangements - Your musical contributions
• Comments - Your feedback on arrangements
• Votes - Your upvotes and downvotes on content
• Tune requests - Your requests for specific chord arrangements

2.3 Usage Analytics

We use Google Analytics 4 (GA4) to understand how users interact with our platform:

• Page views - Which pages you visit
• Session duration - How long you use the site
• Device information - Browser type, operating system, screen size
• Geographic location - Country and city (approximate)

Note: Analytics tracking requires your consent via our cookie banner. You can withdraw consent at any time using the Cookie Settings link in the footer.

2.4 Technical Data

We automatically collect:

• IP address - For security and fraud prevention
• Browser cookies - For authentication and preferences
• Local storage data - For offline functionality and caching

2.5 Payment & Subscription Data

If you subscribe to a premium plan, we collect:

• Subscription details - Plan type, start date, renewal date, status
• Payment information - Processed by Stripe (we do NOT store card details)
• Billing history - Transaction records for your account
• Stripe Customer ID - Unique identifier linking your account to payment processor

Important: We use Stripe to process payments. Your card details go directly to Stripe and are never stored on our servers. See Stripe's Privacy Policy: stripe.com/privacy

3. How We Use Your Data

3.1 Service Provision

• Creating and maintaining your account
• Processing subscription payments and managing billing
• Providing premium features to subscribed users
• Displaying your contributions (arrangements, comments, votes)
• Notifying you when requested chord arrangements are available
• Providing offline access to cached content

3.2 Platform Improvement

• Understanding user behaviour through analytics
• Identifying popular features and content
• Fixing bugs and technical issues
• Developing new features based on usage patterns

3.3 Community Management

• Moderating content for quality and appropriateness
• Preventing spam and abuse
• Enforcing our Terms & Conditions

4. Data Sharing

4.1 Third-Party Services

We use the following third-party services that may process your data:

• Stripe - Payment processing for subscriptions
  • Processes card payments and stores payment methods
  • Privacy Policy: stripe.com/privacy
• Firebase (Google) - Authentication and database hosting
  • Privacy Policy: firebase.google.com/support/privacy
• Google Analytics 4 - Usage analytics (requires consent)
  • Privacy Policy: policies.google.com/privacy
• TheSession.org - Tune database (we use data from TheSession.org)
  • No personal data shared

4.2 Public Content

The following content is publicly visible to all users:

• Your display name
• Your chord arrangements
• Your comments on arrangements
• Your vote counts (aggregated)

Note: Your email address is NEVER made public.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request.

5. Data Security

We take security seriously and implement industry-standard measures:

• Encryption - All data transmitted via HTTPS
• Authentication - Secure Firebase Authentication system
• Access Control - Database rules restrict unauthorised access
• Regular Updates - Security patches applied promptly

However, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Your Rights (UK GDPR)

Under UK data protection law, you have the following rights:

6.1 Right to Access

You can request a copy of all personal data we hold about you.

6.2 Right to Rectification

You can update your display name and other profile information at any time via your account settings.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your account and all associated data. Note that public contributions (arrangements, comments) may be retained in anonymised form to preserve community content integrity.

6.4 Right to Withdraw Consent

You can withdraw consent for analytics tracking at any time using the Cookie Settings link in the footer.

6.5 Right to Object

You can object to processing of your data for marketing purposes (though we don't currently send marketing emails).

6.6 Right to Data Portability

You can request export of your data in a machine-readable format.

To exercise these rights, contact us at: adamfrancis2894@gmail.com

7. Cookies & Tracking

7.1 Essential Cookies

These cookies are necessary for the site to function:

• Authentication cookies - Keep you logged in
• Preference cookies - Remember your settings (key, tempo, etc.)

Essential cookies do not require consent under UK law.

7.2 Analytics Cookies

Google Analytics 4 cookies track usage patterns. These cookies:

• Require your consent via our cookie banner
• Can be disabled at any time via Cookie Settings
• Are blocked by default until you accept

7.3 No Advertising Cookies

We do NOT use advertising or tracking cookies for marketing purposes.

8. Data Retention

• Account data - Retained until you delete your account
• Public contributions - Retained indefinitely (may be anonymised if you delete your account)
• Analytics data - Retained for 26 months (Google's default)
• Backup data - Retained for 30 days, then permanently deleted

9. Children's Privacy

TradChords is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your data may be processed in countries outside the UK (primarily the USA, where Firebase/Google servers are located). We ensure appropriate safeguards are in place through:

• Google's UK GDPR compliance measures
• Standard Contractual Clauses (SCCs)

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email or site banner.

12. Contact Us

For privacy-related questions or to exercise your rights, contact:

Email: adamfrancis2894@gmail.com
Website: tradchords.org

13. Supervisory Authority

If you have concerns about how we handle your data, you have the right to lodge a complaint with the UK's data protection authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113