Privacy Policy for HarpMaster

Publisher: HarpMaster Last updated: June 10, 2026

This Privacy Policy explains what information HarpMaster collects, how we use it, and your choices. It applies to the HarpMaster international mobile app (iOS and Android) and our website.

Summary

• Your microphone audio never leaves your device. Pitch detection runs locally.
• We store your practice history, settings, and recordings on your device only.
• We do register a device identifier with our server so you can buy premium, and we record pseudonymous usage events (linked to your device identifier, not to personal info like name or email) to understand the paywall funnel.
• We do not sell data. We do not track you across other apps.
• You can request deletion of your server-side data at any time via email (see Contact).

1. Permissions

2. Data Stored on Your Device

The following is stored locally only (localStorage / native preferences) and never uploaded:

• Your recorded harmonica sessions (when you use the recorder feature)
• Practice history and scores
• App settings (language, theme, tuning, harmonica key, etc.)
• Premium status flag (a copy of your server-side premium state)

Uninstalling the app clears this data.

3. Data Sent to Our Server

Our server is deployed on Singapore infrastructure (Aliyun Singapore region).

3.1 Device Registration

On first launch, the app generates a stable hardware identifier (Device.getId() — iOS identifierForVendor / Android ANDROID_ID) and sends it to our API endpoint (/api/devices/register). The server returns a randomly generated ownerId + deviceSecret used to authenticate subsequent API calls.

• Why: Authenticate purchase / premium-status requests; distinguish devices without requiring a user account.
• Retention: Kept as long as the device is active; deleted on user request (see Section 6).

3.2 In-App Purchases

Premium upgrades on the international app are processed by Apple In-App Purchase (iOS) or Google Play Billing (Android). The transaction itself happens entirely between your device and Apple / Google — our server does not see your payment credentials, card numbers, or Apple/Google account details.

After a successful purchase, the app sends Apple’s / Google’s signed receipt to our server for verification, and we record:

• A receipt-replay binding (so the same receipt can’t be reused on another device)

• Your ownerId (to grant premium on this device)

• Why: Verify that the purchase is legitimate and grant premium; prevent receipt sharing across accounts.

• Retention: Until you request deletion or until the receipt is invalidated by Apple / Google.

3.3 Usage Events (Pseudonymous Analytics)

We record product-analytics events to understand the paywall funnel and improve the product. Events include: install, first_open, practice_started, remove_ads_button_clicked, payment_initiated, payment_success, payment_cancelled. Each event carries: device identifier, platform (ios / android), app version, and occasional small metadata (e.g. which payment method was used). These events are pseudonymous — linked to your device identifier (and, once you register, your ownerId), but not to personal identity such as name, email, or phone number.

• Why: Measure conversion, find UX problems, decide what to build next. No personal content (audio, practice recordings, or typed text) is recorded.
• Retention: 13 months.

3.4 Crash and Error Reports

When the app crashes or hits a handled error, a report is sent to a third-party crash-reporting provider. Reports include: stack trace, app version, platform, and breadcrumbs of recent user actions. Device identifiers, audio data, and Bearer tokens are removed from the event payload before upload. Your IP address is visible to the provider’s infrastructure at the network transport layer (as with any HTTPS request), but we configure the client so the IP is not written into the stored crash record.

• Why: Diagnose and fix bugs.
• Retention: 90 days on the provider’s infrastructure.

3.5 Server Access Logs

Nginx access logs record IP address, timestamp, URL path, and HTTP status of each API request. These are standard web-server logs.

• Why: Debugging, abuse detection, rate-limit enforcement.
• Retention: 30 days; anonymized beyond that if retained.

3.6 Play Integrity Token (Android only)

For fraud prevention on purchase and order creation, the Android build may request a short-lived integrity token via Google’s Play Integrity API and forward it to our server. The token is decoded by Google, not us; we only see a verdict (trusted / untrusted) without device personal information.

• Why: Prevent modified / resigned app binaries from spoofing purchases.
• Retention: Not stored — only the verdict is logged.

3.7 Points and Rewards

The app includes an in-app points system. You can earn points through actions such as daily check-ins, watching rewarded ads, or sharing, and spend them to unlock individual songs or redeem a temporary ad-free pass. We store your points balance and a ledger of points changes, linked to your ownerId.

• Why: Operate the points feature — grant, spend, and display your balance and history; prevent abuse such as duplicate reward claims.
• Retention: Kept while the device is active; deleted on user request (see Section 6).

4. Third-Party Services

The following third parties may receive data directly from the app. Each has its own privacy policy.

AdMob specifically: For users in the EEA / UK, we use Google’s User Messaging Platform (UMP) to obtain consent for personalized advertising on first launch. You can change your choice anytime in Settings → Ads preferences (coming soon, or request via email).

5. Children’s Privacy

HarpMaster is not directed at children under 13 (or under 16 in the EEA/UK for GDPR purposes). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

6. Your Rights — How to Request Deletion or Access

You can request access to, correction of, or deletion of identifiable data we hold by emailing:

harpmaster72@gmail.com

Include in your email:

• Your device’s Support ID (Settings → About → Support ID — a 16-character code we use to locate your device record).

We process requests within 14 days. We delete:

• The device registration record (devices).
• The receipt-replay binding for past Apple / Google purchases (iap_receipts).
• Usage / funnel events linked to your ownerId (events).
• Your points balance and points ledger (points_balance, points_ledger).
• Related crash reports (by forwarding a deletion request to the provider on your behalf).

Data we do not delete on request (because it is already stored without any link back to you):

• Aggregated ad impressions and click counts (ad_impressions, ad_clicks). These rows are keyed by an ephemeral client identifier that is never joined to your ownerId server-side and that your device discards on uninstall. There is no way for us to identify which rows belong to any individual user, so there is nothing for us to target for deletion.
• Pre-registration funnel events (e.g. install, first_open fired before the app completes device registration on first launch). These are stored with the same ephemeral client identifier described above, without any ownerId, and are automatically purged by the standard 13-month retention window.

Local-only data (practice history, recordings, settings) is deleted by uninstalling the app.

7. Changes to This Policy

We will update this policy as the product evolves. Material changes will be announced in-app. The Last updated date at the top reflects the most recent change.

8. Contact

Privacy questions, deletion requests, and concerns: harpmaster72@gmail.com