Skip to main content

Privacy Policy

Last updated: June 3, 2026

1. Information We Collect

When you create an account, we collect your email address and account profile details. If you subscribe on the web, payment information is processed securely by Stripe, we never see your full card number.

When you use the app, we collect:

  • Training data: practice history, comfort ratings, accuracy scores, and progression
  • User content: saved songwriting drafts, repertoire songs, setlists, notes, reflections, uploaded PDFs, and saved practice artifacts you choose to create
  • Audio data: real-time pitch and rhythm analysis is performed on your device. If you choose to record or save a practice take in recording features, that recording may be stored locally or uploaded to your account so you can play it back later.
  • Usage analytics: page views, session starts/completions, feature usage, and campaign/referral attribution. Signed-in analytics may be linked to your account ID.
  • Device info: browser type and operating system (for compatibility)
  • Diagnostics: crash reports, error reports, and performance data when diagnostics are enabled

2. How We Use Your Information

  • To provide and personalize your music training experience
  • To sync your progress across devices (Pro feature)
  • To process payments and manage subscriptions
  • To send transactional emails (welcome, payment confirmations, password reset)
  • To send educational emails (if you opted in, you can unsubscribe anytime)
  • To improve the app through usage analytics and diagnostics

3. Data Storage & Security

Your data is stored in Google Firebase (Firestore) with encryption at rest and in transit. Authentication is handled by Firebase Auth. Payment processing is handled by Stripe, a PCI-DSS Level 1 certified processor.

We use industry-standard security practices including HTTPS-only connections, Firestore security rules that restrict data access to authenticated users, and server-side verification of subscription status.

4. Your Rights (GDPR & CCPA)

You have the right to:

  • Access your personal data (available in your Account page)
  • Correct inaccurate data
  • Delete your account and all associated data (Account > Delete My Data)
  • Export your data in a portable format
  • Opt out of marketing emails at any time

To exercise any of these rights, use the controls in your Account page or contact us at support@mainact.app.

5. Cookies & Local Storage

We use browser storage to cache training data, remember settings, and support offline or fast-loading workflows. We do not use third-party advertising tracking cookies. Our analytics system uses session-based identifiers and, when you are signed in, may include your account ID so we can understand product usage and fix account-specific issues.

6. Third-Party Services

  • Firebase (Google): authentication and data storage
  • Stripe: payment processing
  • Resend: transactional and marketing emails
  • Sentry: error reporting and diagnostics

Each service has its own privacy policy. We do not sell your data to any third party.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, personal account data is removed according to our deletion workflow. Aggregated or de-identified analytics may be retained for product reporting, and backup copies may persist for a limited period before being purged.

8. Children's Privacy

Main Act is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us.

9. Changes to This Policy

We may update this policy from time to time. We'll notify you of material changes via email or an in-app notice. Continued use of the app after changes constitutes acceptance.

10. Contact

For privacy-related questions: support@mainact.app