Back to home

Legal

Privacy Policy

Last updated: May 2026

Neo Soul Guitar (“we”, “us”, or “our”) operates neosoulguitar.com. This Privacy Policy explains what personal data we collect, why we collect it, and how we handle it. We keep this policy short and plain-language on purpose — if something is unclear, email us at hello@neosoulguitar.com.

1.What data we collect

We collect only what is necessary to run the service.

  • Account data. Your email address, and — if you sign up with email and password — a bcrypt password hash stored by Supabase (we never see your plaintext password). If you sign in with Google OAuth, we receive your name and email from Google; no password is stored.
  • Practice progress. Drills you have completed, difficulty ratings, session timestamps, and your selected skill level. This data powers the adaptive practice loop and is stored in our Supabase Postgres database.
  • Payment data. If you subscribe, Stripe collects your card details directly on their servers. We store only the Stripe customer ID, subscription status, and plan type — never raw card numbers.
  • Usage logs. Vercel (our hosting provider) retains standard server access logs (IP address, user agent, request path, timestamp) for approximately 30 days for security and debugging purposes. We do not use these for profiling or advertising.

2.How we use your data

  • Provide the service. Log you in, build your personalised daily practice session, and save your progress across devices.
  • Process payments. Create and manage your Stripe subscription, and grant or revoke access to paid features accordingly.
  • Send essential emails. Auth emails (magic links, password resets, email confirmation) are sent by Supabase. We may send you service-critical notices (billing issues, policy changes). We do not send marketing emails without explicit opt-in.
  • Improve the product. Aggregated, non-identifying usage patterns (e.g. which drill categories are skipped most) inform content decisions. No individual profiling.

3.Third-party services

We use the following sub-processors. Each handles data only to the extent required to provide their service to us.

Supabase

Auth, database, file storage

Privacy policy ↗

Stripe

Payment processing

Privacy policy ↗

Google

OAuth sign-in (if you choose it)

Privacy policy ↗

Vercel

Hosting and CDN

Privacy policy ↗

We do not sell, rent, or share your personal data with any other third party for advertising or marketing purposes.

4.Cookies

We use only essential cookies required for authentication. There are no tracking, advertising, or analytics cookies at this time.

CookiePurposeDuration
sb-*Supabase auth sessionSession / 1 week

If we add analytics (PostHog) in a future release, we will update this policy and give you an opt-out mechanism before enabling it.

5.Data retention

  • Active accounts. Data is retained for as long as your account is active.
  • Deleted accounts. When you delete your account, your practice data and profile are permanently deleted within 30 days. Auth records held by Supabase are deleted immediately.
  • Payment records. Stripe retains transaction records for their own legal and compliance obligations (typically 7 years). This is outside our control and required by financial regulations.
  • Server logs. Vercel access logs are retained for approximately 30 days.

6.Your rights

Regardless of where you are located, you have the following rights over your personal data:

  • Access. Request a copy of the personal data we hold about you.
  • Correction. Ask us to correct inaccurate data.
  • Deletion. Delete your account at any time from Settings. We will permanently delete your data within 30 days.
  • Export. Request an export of your practice history in a machine-readable format (JSON).
  • Portability & restriction. If you are in the EU/EEA or UK, you may also request data portability or restriction of processing under GDPR. Email us to exercise these rights.

To exercise any right, email hello@neosoulguitar.com from the address associated with your account. We respond within 14 days.

7.Children

Neo Soul Guitar is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, please contact us at hello@neosoulguitar.com and we will delete the account promptly.

8.Updates to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or via an in-app notice. Continued use of the service after the effective date constitutes acceptance of the updated policy.

9.Contact

For any privacy-related questions or requests:

Neo Soul Guitar

neosoulguitar.com

hello@neosoulguitar.com

© 2026 Neo Soul Guitar. All rights reserved.