Privacy Policy
This Privacy Policy explains how Guitartopia (“Guitartopia”, “we”, “us”, or “our”) collects, uses, shares, and protects personal information when you use the Guitartopia website, applications, and related services (the “Service”). It applies to information we process as a controller of your personal data.
1. Information we collect
We collect the following categories of information:
- Account information. When you create an account directly, we collect your email address, your chosen display name, and a securely hashed version of your password.
- Information from Google Sign-In. If you choose to sign in with Google, Google shares with us only the information you authorise: your Google account email address, your basic profile information (your name as it appears on your Google account), your Google account ID, and, where available, the public profile picture associated with your Google account. We do not request access to your Gmail, Drive, Calendar, Contacts, or any other Google service. We use this information solely to create or sign you in to your Guitartopia account.
- Subscription and billing information. If you purchase a paid plan, our third-party payment processor collects your payment details on our behalf. We receive only a customer reference, the plan you selected, and your subscription status. We do not store full card numbers on our servers.
- Content you submit. Files, recordings, comments, and other content that you upload or post through the Service.
- Usage and device data. Information about your interactions with the Service, such as pages and features accessed, timestamps, approximate location derived from IP address, IP address, browser type, operating system, and device identifiers. We use this information to operate the Service, prevent abuse, and improve reliability.
- Cookies and similar technologies. We use a small number of cookies and local storage entries to keep you signed in, remember your preferences, and protect against cross-site request forgery. We do not use third-party advertising cookies.
- Communications. When you contact us by email or a support form, we keep the message and our reply.
2. How we use information
We use personal information to:
- Create and operate your account, authenticate you, and keep your session secure.
- Provide, maintain, and support the features of the Service.
- Process payments, manage subscriptions, and send transactional billing notices.
- Respond to your support requests and other communications.
- Detect, prevent, and respond to fraud, abuse, security incidents, and other unlawful activity.
- Comply with legal obligations, including tax, accounting, and law-enforcement requests.
- Measure aggregate usage and improve the reliability and quality of the Service.
We do not sell personal information, and we do not use your content or your Google profile data to train third-party machine-learning models or for advertising.
3. Legal bases (where applicable)
Where the General Data Protection Regulation or similar laws apply, we rely on the following legal bases: performance of our contract with you (to provide the Service and process billing); our legitimate interests (in operating, securing, and improving the Service); your consent (where we ask for it, for example for non-essential cookies in regions that require it); and compliance with legal obligations.
4. How we share information
We share personal information only in the following circumstances:
- Service providers. We use vetted third-party providers to host infrastructure, deliver email, process payments, and provide identity sign-in (such as Google). These providers process information under written contracts and only as necessary to perform services for us.
- Compliance and protection. We may disclose information when we reasonably believe disclosure is required by law, legal process, or to protect the rights, property, or safety of Guitartopia, our users, or the public.
- Business transfers. If Guitartopia is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.
- With your consent. Any other sharing only with your direction or consent.
5. Google API services and limited use
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google account information that you authorise, and only to authenticate you and create or maintain your Guitartopia account. We do not transfer Google user data to third parties except as needed to provide the Service, comply with applicable law, or as part of a merger, acquisition, or sale of assets (in which case we will require continued protection of the data). We do not use Google user data for advertising and we do not allow humans to read it, except (a) with your affirmative consent, (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymised.
6. Data retention
We retain personal information while your account is active and for a reasonable period afterwards to comply with our legal obligations, resolve disputes, and enforce our agreements. You can request deletion of your account at any time. After deletion, residual copies may remain in routine backup media for a limited period before being overwritten in the ordinary course of business.
7. Your choices and rights
Depending on where you live, you may have the right to access, correct, export, restrict, or delete your personal information, to object to certain processing, and to withdraw consent where processing is based on consent. You can exercise these rights by emailing [email protected]. We may need to verify your identity before responding. You can also disconnect Google Sign-In at any time from your Google account permissions page at myaccount.google.com/permissions.
8. Security
We use industry-standard technical and organisational measures to protect personal information, including encrypted transport (HTTPS), encrypted password storage, access controls, and ongoing monitoring. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security but we work to protect your information.
9. International transfers
We may process personal information in countries other than the one in which you reside. Where required, we use appropriate transfer mechanisms (such as Standard Contractual Clauses) to protect your information.
10. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has given us personal information, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. The “Effective date” at the top of this page indicates when the latest version took effect.
12. Contact
For questions about this Privacy Policy or our handling of your information, contact us at [email protected].