Start Practising

Start Practising

Start Practising

Privacy Policy

Effective Date: February 10, 2026

This Privacy Policy explains how Triads.app ("Service", "App", "we", "us", "our"), operated by Karlis Krauklis ("Operator", "Data Controller"), collects, uses, and protects your personal information.

We are committed to protecting your privacy. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

In short: We collect only what we need, we don't sell your data, and we take your privacy seriously.

  1. Data Controller

The data controller responsible for your personal data is:

Karlis Krauklis
Email: hello@triads.app

For any privacy-related inquiries, please contact: hello@triads.app

  1. Information We Collect

2.1 Information You Provide Directly

• Email address — collected during account registration, used for account management and communications
• Password — collected during account registration, stored securely encrypted, used for authentication
• Payment information — collected during purchase, processed by Stripe (we never see or store your full card details)
• Feedback messages — collected when you submit feedback through the app, used to improve the Service

2.2 Information Collected Automatically

• Usage data — how you interact with the app (features used, practice sessions), used to improve the Service
• Device information — browser type, operating system, screen size, used for compatibility and debugging
• IP address — collected via server logs, used for security and fraud prevention
• Cookies — stored in your browser, used for authentication and preferences

2.3 Information We Do NOT Collect

We explicitly do not collect:
• Precise geolocation data
• Contact lists or phone data
• Audio recordings of your guitar playing
• Biometric data
• Data from children under 16 (knowingly)
• Sensitive personal data (race, religion, health, etc.)

  1. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Account management — Performance of contract
• Payment processing — Performance of contract
• Service communications — Legitimate interest
• Security and fraud prevention — Legitimate interest
• Analytics (anonymized) — Legitimate interest
• Marketing emails — Consent (opt-in only)
• Legal compliance — Legal obligation

  1. How We Use Your Information

Provide the Service:
• Create and manage your account
• Process payments
• Deliver features you've purchased

Communicate with you:
• Send account-related notifications (password resets, payment confirmations)
• Respond to support and feedback requests
• Send service updates and important notices

Improve the Service:
• Analyze usage patterns to improve features
• Fix bugs and technical issues
• Develop new features based on feedback

Protect the Service:
• Prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations

  1. What We Do NOT Do With Your Data

We commit to never:
• Sell your personal data to third parties
• Rent or lease your data
• Use your data for targeted advertising
• Share your practice data with other users
• Profile you for purposes unrelated to the Service
• Make automated decisions that significantly affect you

  1. Data Sharing and Third Parties

We only share data with third parties when necessary to provide the Service:

• Stripe, Inc. — Payment processing. Data shared: email, payment details. Location: USA (EU-US Data Privacy Framework)
• Google — OAuth authentication (optional). Data shared: email, name. Location: USA (EU-US Data Privacy Framework)
• Supabase — Database and authentication. Data shared: account data. Location: EU/USA
• Vercel — Hosting. Data shared: technical logs. Location: Global (EU data processed in EU)

All third-party providers are bound by data processing agreements and required to protect your data.

6.1 Other Disclosures

We may disclose your information if required by law, or if we believe in good faith that disclosure is necessary to:
• Comply with legal process or government request
• Protect our rights or property
• Prevent fraud or security issues
• Protect the safety of users or the public

  1. Data Retention

We retain your data only as long as necessary:

• Account data — Until account deletion + 30 days
• Payment records — 7 years (legal requirement)
• Usage logs — 12 months (then anonymized)
• Feedback submissions — 3 years
• Server logs — 90 days

After retention periods expire, data is securely deleted or irreversibly anonymized.

  1. Your Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or similar jurisdiction, you have the following rights:

• Right of Access — You can request a copy of all personal data we hold about you.
• Right to Rectification — You can request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten") — You can request deletion of your personal data, subject to legal retention requirements.
• Right to Restriction — You can request that we limit how we use your data.
• Right to Data Portability — You can request your data in a structured, machine-readable format.
• Right to Object — You can object to processing based on legitimate interests.
• Right to Withdraw Consent — Where processing is based on consent, you can withdraw it at any time.
• Right to Lodge a Complaint — You have the right to complain to a supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD): https://www.aepd.es/

How to Exercise Your Rights

Email: hello@triads.app

We will respond within 30 days. We may need to verify your identity before processing requests. These rights are provided free of charge, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

  1. Cookies

9.1 What Cookies We Use

• Essential cookies — Authentication and security (session duration)
• Functional cookies — User preferences and settings (up to 1 year)
• Analytics cookies — Anonymized usage statistics (up to 1 year)

9.2 What We Don't Use
• No advertising cookies
• No third-party tracking cookies
• No cross-site tracking
• No social media tracking pixels

9.3 Managing Cookies
You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features.

9.4 Do Not Track
We respect Do Not Track (DNT) browser signals. When enabled, we limit analytics collection.

  1. Data Security

We implement appropriate technical and organizational measures to protect your data:

Technical measures:
• TLS/HTTPS encryption for all data in transit
• Encryption at rest for sensitive data
• Secure password hashing
• Regular security updates and patches
• Access controls and authentication

Organizational measures:
• Limited access to personal data (need-to-know basis)
• Regular security reviews
• Incident response procedures

While we take reasonable precautions, no system is 100% secure and we cannot guarantee absolute security. In the event of a data breach, we will notify affected users and relevant authorities as required by law.

  1. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including countries outside the EEA.

When we transfer data outside the EEA, we ensure appropriate safeguards:
• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Transfers to countries with adequate protection (per EU adequacy decisions)
• EU-US Data Privacy Framework where applicable

  1. Children's Privacy

Triads.app is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@triads.app. We will delete such information promptly.

  1. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how we use it
• Right to delete your personal information
• Right to opt-out of the sale of personal information (note: we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact: hello@triads.app

  1. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:
• We will update the "Effective Date" at the top
• For material changes, we will notify you via email or prominent notice in the Service
• We will obtain consent where required by law

Your continued use of the Service after changes indicates acceptance of the updated policy.

  1. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: hello@triads.app

Data Controller:
Karlis Krauklis

We aim to respond to all inquiries within 30 days.

Last updated: February 10, 2026