Main Act

Privacy Policy

Last updated: March 16, 2026

1. Information We Collect

When you create an account, we collect your email address and, if you subscribe, your payment information (processed securely by Stripe — we never see your full card number).

When you use the app, we collect:

  • Training data: practice history, comfort ratings, accuracy scores, and progression
  • Audio data: audio analysis is performed entirely in your browser. We do not record, store, or transmit your audio.
  • Usage analytics: page views, session starts/completions, and feature usage (anonymized)
  • Device info: browser type and operating system (for compatibility)

2. How We Use Your Information

  • To provide and personalize your music training experience
  • To sync your progress across devices (Pro feature)
  • To process payments and manage subscriptions
  • To send transactional emails (welcome, payment confirmations, password reset)
  • To send educational emails (if you opted in — you can unsubscribe anytime)
  • To improve the app through anonymized usage analytics

3. Data Storage & Security

Your data is stored in Google Firebase (Firestore) with encryption at rest and in transit. Authentication is handled by Firebase Auth. Payment processing is handled by Stripe, a PCI-DSS Level 1 certified processor.

We use industry-standard security practices including HTTPS-only connections, Firestore security rules that restrict data access to authenticated users, and server-side verification of subscription status.

4. Your Rights (GDPR & CCPA)

You have the right to:

  • Access your personal data (available in your Account page)
  • Correct inaccurate data
  • Delete your account and all associated data (Account > Delete My Data)
  • Export your data in a portable format
  • Opt out of marketing emails at any time

To exercise any of these rights, use the controls in your Account page or contact us at support@mainact.app.

5. Cookies & Local Storage

We use browser localStorage to cache your training data for offline access and fast loading. We do not use third-party tracking cookies. Our analytics system uses session-based identifiers that do not persist across browser sessions.

6. Third-Party Services

  • Firebase (Google) — authentication and data storage
  • Stripe — payment processing
  • SendGrid — transactional and marketing emails

Each service has its own privacy policy. We do not sell your data to any third party.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days. Anonymized analytics data may be retained indefinitely.

8. Children's Privacy

Main Act is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us.

9. Changes to This Policy

We may update this policy from time to time. We'll notify you of material changes via email or an in-app notice. Continued use of the app after changes constitutes acceptance.

10. Contact

For privacy-related questions: support@mainact.app