OpenFret Logo
Sign in

Privacy

OpenFret Privacy Policy

OpenFret is operated by OpenFret, based in Michigan, United States. This page explains what information we collect, how we use it, when we share it, and how we protect it when you use the OpenFret website, OpenFret RPG game, and related services.

Last updated: March 7, 2026

View Terms of ServiceGo to Sign InReturn to OpenFret Home

Introduction

OpenFret ("we," "us," or "our") is operated by OpenFret, based in Michigan, United States. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the OpenFret website, OpenFret RPG game, and related services (collectively, the "Service").

By using the Service, you acknowledge the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • email address when using magic link authentication;
  • Google account information when using Google Sign-In, including your email address, name, profile image, and unique Google account identifier;
  • Discord account information when using Discord OAuth, including your user ID, username, avatar, and email when provided by Discord;
  • if Sign in with Apple is offered and you choose to use it, your unique Apple account identifier, email address, and name if Apple shares that information with us;
  • profile information you choose to add, such as display name and profile image;
  • guitar inventory data and specifications you enter;
  • audio files, music, and images you upload;
  • comments, session contributions, and other content you create;
  • referral codes you use or generate;
  • support, contact, copyright, DMCA, and issue-report submissions you send to us;
  • song search queries and related metadata requests you submit through the Service; and
  • limited payment-related details such as transaction status, amount, customer identifiers, and billing contact details provided through Stripe.

1.2 Information Collected Automatically

When you use the Service, we automatically collect certain information, including your IP address, device information and browser type, pages visited, features used, auth and security logs, game progress, usage patterns, timestamps, session duration, referral source information, and analytics or error events associated with your browser session.

1.3 Device Permissions and Local Processing

Certain features, such as the tuner, pitch-detection game modes, and audio recording tools, request access to your microphone through your browser. Live pitch detection and tuning analysis generally happen locally in your browser. We do not receive raw microphone audio unless you choose to record and upload audio content or submit audio to a feature that explicitly sends it to our servers or storage provider.

1.4 Payment Information

Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your full credit card number, bank account details, or other sensitive payment information. We receive limited payment and order details such as whether a payment was successful, the amount, the product purchased, customer identifiers, and related transaction status.

2. How We Use Your Information

We use the information we collect to:

  • provide, maintain, and improve the Service;
  • authenticate your account and provide sign-in functionality;
  • create and maintain your OpenFret account profile;
  • process transactions and send related information;
  • send technical notices and support messages;
  • respond to support, contact, and copyright complaints;
  • respond to your comments, questions, and requests;
  • host and display community content and public profiles;
  • analyze usage patterns and diagnose errors;
  • detect, investigate, and prevent fraudulent or unauthorized activity;
  • moderate content using automated tools;
  • send internal operational, payment, or security notifications to our staff or administrators; and
  • comply with legal obligations and enforce our Terms.

3. Cookies, Analytics, and Automated Processing

We use a mix of essential cookies, analytics tools, and automated systems to run and protect the Service.

3.1 Cookies and Analytics

We use essential cookies and similar technologies to support login sessions, security, and core site behavior. We also use PostHog analytics to understand feature usage, performance, and errors. You can disable analytics from the footer using Privacy Choices, and we configure analytics to respect browser Do Not Track signals.

3.2 Automated Moderation and Anti-Abuse

We use automated systems to scan certain uploaded images, comments, and submissions for harmful, abusive, or otherwise prohibited content. We also use captcha and other anti-abuse tools to prevent spam, brute-force activity, and other misuse.

3.3 Google and Apple Sign-In Data Limits

Google account data obtained through Google Sign-In and data obtained through Sign in with Apple are used only for authentication, account maintenance, security, and related support functions. We do not sell that sign-in data, and we do not use Google or Apple sign-in data to train generalized AI or machine learning models.

4. Authentication and Third-Party Services

Some providers may serve different roles within OpenFret. For example, Google may act as a sign-in provider if you choose Google Sign-In, while other providers may separately handle analytics, email, payments, storage, or moderation. Those functions are distinct.

4.1 Google Sign-In

When you sign in with Google, OpenFret may collect your Google account email address, name, profile image, and unique Google account identifier. We use this information only to authenticate your account, create or maintain your OpenFret account, and provide sign-in functionality.

We do not sell Google user data. We may store Google sign-in data securely with your account records and share it only with service providers needed to operate the Service or when required by law. We apply reasonable administrative, technical, and organizational safeguards to protect that data. Our use of Google sign-in data is intended to remain consistent with the Google API Services User Data Policy.

4.2 Discord Sign-In

When you sign in with Discord, OpenFret may collect your Discord user ID, username, avatar, and email address if Discord provides it. We use this information only to authenticate your account, create or maintain your OpenFret account, and provide sign-in functionality.

4.3 Email Magic Links

If you sign in by email, we use your email address to send a one-time sign-in link and to manage your account-related communications.

4.4 Sign in with Apple

If OpenFret offers Sign in with Apple and you choose to use it, OpenFret may collect your Apple-provided email address, name if Apple shares it, and unique Apple account identifier. We use this information only to authenticate your account, create or maintain your OpenFret account, and provide sign-in functionality.

We do not sell Apple sign-in data. We may store Apple sign-in data securely with your account records and share it only with service providers needed to operate the Service or when required by law. We apply reasonable administrative, technical, and organizational safeguards to protect that data.

4.5 Other Third-Party Services

We use the following third-party services to operate the Service:

  • Stripe for payment processing. Stripe's privacy policy applies to payment information: https://stripe.com/privacy
  • PostHog for analytics and usage statistics.
  • Email delivery providers for magic links and other transactional email.
  • Hosting, database, and object storage providers that store account data and uploaded files.
  • Moderation, workflow, search, and support-processing providers used to review content, handle issue reports, and process song search requests.
  • Discord webhooks and similar messaging tools for internal operational, payment, and security notifications when configured.

Each of these services has its own privacy policy governing the data it collects and processes.

5. Data Storage and Security

Your data is stored using a combination of our own systems and third-party infrastructure providers, including database, storage, email, and payment processors. We implement reasonable administrative, technical, and organizational safeguards to protect your information, but no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Public Content and Support Submissions

Content you upload to collaborative features, community sessions, or public areas of the Service may be visible to and accessible by other users. You upload content at your own risk. We are not responsible for how other users may use or share content you make publicly available.

If you submit a support request, contact message, copyright complaint, or issue report, we process the information you provide to investigate and respond. If you are logged in when you submit a report, we may attach limited account context such as your user ID, email address, timestamps, and payment customer identifier when needed to investigate the issue.

7. Data Sharing

We do not sell your personal information to third parties. We do not sell Google user data or Apple sign-in data.

We may share your information in the following circumstances:

  • with third-party service providers who assist in operating the Service, as described in Section 4, including payment, analytics, hosting, storage, email, moderation, search, workflow, and messaging providers;
  • with other users or the public when you post content to public profiles, public sessions, community areas, or other shared features;
  • to comply with legal obligations, including responding to lawful requests from public authorities;
  • to protect and defend our rights and property;
  • to prevent or investigate possible wrongdoing; or
  • with your consent or at your direction.

We do not use Google Sign-In data or Sign in with Apple data to train generalized AI or machine learning models.

8. Age Requirements

The Service is not intended for children under thirteen (13), and we do not knowingly collect personal information from children under 13. If you are under the age of majority in your jurisdiction but at least 13, you should use the Service only with the involvement of a parent or legal guardian. If we learn that we have collected personal information from a child under 13, we will take steps to delete it.

9. Your Rights and Choices

9.1 Access and Correction

You may access and update much of your account information directly through the Service. For information you cannot access directly, contact us using the information in Section 13. We will honor valid requests required by applicable law.

9.2 Account Deletion

You may request deletion of your account by contacting us. Note that some information may be retained as required by law or for legitimate business purposes, and content you have shared publicly or in collaborative sessions may persist even after account deletion.

9.3 Email Communications

We may send emails related to your account, transactions, support requests, or important changes to the Service. You may opt out of promotional communications but will continue to receive transactional emails related to your account.

9.4 Analytics Choices

You can disable PostHog analytics by using Privacy Choices in the footer. You can also block or clear cookies in your browser settings, although essential sign-in and security cookies may still be required for core features to work.

10. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We may also retain certain information for legitimate business or legal reasons, including payment and accounting records, security logs, abuse-prevention records, backups, dispute resolution, and enforcement of our agreements. Public or collaborative content may remain visible until removed from the applicable feature or archived from backups.

11. International Data Transfers

The Service is operated from the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of the Service after any changes constitutes acceptance of the new Privacy Policy.

13. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

OpenFret

[email protected]

Website: https://openfret.com