Privacy Policy

Last updated: April 12, 2026

πŸ”’ Our core promise: We never sell your personal data to anyone β€” ever.

Your information is used only to operate and improve NoteFest. That's it.

1. Who We Are

NoteFest ("we," "us," or "our") operates the NoteFest music education platform at notefest.com. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

2. Information We Collect

Saving your progress to the cloud is a paid feature (NoteFest Pro). We only create an account and store personal information when an adult sets up a Pro subscription. For a Pro account we store:

  • Email address β€” for sign-in, account recovery, and payment receipts
  • A chosen nickname β€” a display name (please don't use a child's real full name). We do not store a real name.
  • Profile preferences: instrument choice, avatar
  • Feedback and contact messages you send us

Information collected automatically:

  • Learning progress: lessons completed, quiz scores, XP earned, time spent
  • Device and usage data: browser type, operating system, pages visited
  • Session data: activity within the app to improve lesson recommendations

Guest users:

If you use NoteFest without signing in, we store a temporary anonymous session ID in your browser's local storage to track your progress locally. No personally identifiable information is collected from guest users.

3. How We Use Your Information

We use the information we collect to:

  • Operate and maintain the Service
  • Track and display your learning progress
  • Personalize your learning experience
  • Process subscription payments securely via Stripe
  • Send you important service-related communications
  • Respond to your support requests and feedback
  • Improve our content, features, and lesson quality
  • Detect and prevent fraud or abuse

4. We Never Sell Your Data

NoteFest does not sell, trade, rent, or otherwise transfer your personal information to third parties for their marketing or commercial purposes. Period.

We do not run third-party advertising on NoteFest. We do not use your data to build advertising profiles.

5. Third-Party Services

We work with a small set of trusted service providers who process data on our behalf:

  • Google OAuth β€” for account sign-in (governed by Google's Privacy Policy)
  • Stripe β€” for payment processing (they receive billing info only, not learning data)
  • MongoDB Atlas β€” for secure cloud database storage of your progress
  • Vercel β€” for hosting and infrastructure

Each of these providers has their own privacy policy and is bound by data processing agreements with us. None of them are authorized to use your data for their own purposes.

6. Data Retention

We retain your account and progress data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it longer. Anonymized, aggregated data (e.g., aggregate quiz statistics) may be retained indefinitely.

7. Children's Privacy

NoteFest welcomes learners of all ages, and children can play for free without an account or any personal information. We only store a child's personal information through a NoteFest Pro account, which must be set up by a parent, guardian, or adult (18+) who provides their consent at checkout β€” we treat this as verifiable parental consent. We do not otherwise knowingly collect personal information from children under 13. If you are a parent and believe your child created a Pro account without your consent, please contact us or use the β€œDelete Account & Data” option on the Profile page, and we will delete it promptly.

8. Cookies and Local Storage

We use browser local storage and session storage to:

  • Remember your preferences (mute settings, language)
  • Track your in-progress lessons between sessions
  • Store guest session data locally on your device

We use minimal cookies required for authentication (session cookies). We do not use tracking or advertising cookies.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Correction: Request that we correct inaccurate data
  • Deletion: Request that we delete your account and data
  • Portability: Request your data in a machine-readable format
  • Opt-out: Opt out of non-essential communications at any time

To exercise any of these rights, please contact us.

10. Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure authentication, and access controls. However, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password for your account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date and, where appropriate, by email. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

Questions about this Privacy Policy or your data? Contact us here or email us at hello@notefest.com.