Privacy Policy
This Privacy Policy explains how ApproachNote ("ApproachNote," "we," "us," or "our") collects, uses, and shares information when you use our iOS and macOS applications and the website and API at approachnote.com and api.approachnote.com (collectively, the "Service").
ApproachNote is operated as a sole proprietorship based in Massachusetts, United States. We can be reached at support@approachnote.com.
1. Information we collect
Information you provide directly
When you create an account or use the Service, you may provide:
- Account information. Your email address and password (stored as a salted hash) when you sign up with email and password. If you sign in with Apple or Google, we receive a unique account identifier and the email address those services share with us.
- Profile information. An optional display name.
- Repertoires and favorites. The lists of jazz standards, recordings, performers, and notes you save to your library, and any flags you set on those items (e.g., whether a repertoire is shared).
- Contributions and corrections. Any data you submit through the share extension, song-research workflow, or admin/contribution tools.
- Communications. The content of messages you send to us at support@approachnote.com or through any in-app feedback channel.
Information collected automatically
- Device and usage data. When you use the apps or API, our servers automatically receive standard log data such as IP address, request timestamps, requested URLs, HTTP status codes, app version, device model, and operating system version. We use this for security, rate limiting, and debugging.
- Authentication tokens. When you sign in, we issue a JSON Web Token (JWT) that the app stores in the device keychain to keep you signed in.
- Diagnostic data. If the app or API encounters errors, we may log non-personal diagnostic context to help us fix bugs.
Information from third parties
When you sign in with Apple or Google, we receive limited profile information from those providers as described above. We do not receive your password or your full account contents from those services.
2. How we use information
We use the information we collect to:
- Provide, maintain, and operate the Service, including syncing your repertoires across devices.
- Authenticate you and keep your account secure.
- Send you transactional emails such as password-reset messages and important account notices.
- Diagnose problems, prevent abuse, enforce rate limits, and otherwise protect the Service.
- Match recordings in our database with metadata, streaming links, and cover art from third-party sources to enrich what you see in the app.
- Comply with legal obligations and respond to lawful requests.
We do not sell your personal information, and we do not use it for behavioral advertising.
3. How we share information
We share personal information only in these limited situations:
- Service providers. We use vendors that process data on our behalf (described in the next section). They are contractually limited to using the data only to provide their services to us.
- Compliance and safety. We may disclose information when we believe in good faith that doing so is required by law, necessary to enforce our Terms of Service, or necessary to protect the rights, property, or safety of ApproachNote, its users, or the public.
- Business transfers. If ApproachNote is acquired or its assets are transferred, your information may be transferred as part of that transaction. You will be notified by email and/or a prominent notice in the Service before any such transfer.
- With your direction. We share information you explicitly choose to make public — for example, the contents of a repertoire you mark as shared (see Section 5).
4. Third-party services
The Service relies on the following third parties. Their handling of your data is governed by their own privacy policies, which we encourage you to review.
| Provider | Purpose | What they receive |
|---|---|---|
| Apple (Sign in with Apple) | Optional account creation and authentication | Authentication request; your email if you choose to share it |
| Google (Google Sign-In) | Optional account creation and authentication | Authentication request; your Google profile email and ID |
| SendGrid (Twilio) | Sending transactional email such as password resets | Your email address and the contents of the message |
| Spotify, Apple Music | Track metadata, album art, and streaming links | No personal information; we query their public catalogs server-side |
| YouTube (via the YouTube API Services, operated by Google) | Video metadata and links to YouTube videos | No personal information sent by us. When you play or open a YouTube video, Google may collect data about your interaction in accordance with its Privacy Policy. |
| MusicBrainz, Cover Art Archive, Wikipedia | Authoritative recording, work, performer, and artwork metadata | No personal information; we query public catalogs server-side |
| Hosting and database providers | Running the API server and storing application data | All data necessary to operate the Service, under contractual confidentiality |
When you tap a Spotify, Apple Music, or YouTube link inside the app, you leave the Service and connect to that provider's app or website. Your interaction there — including any data those providers collect about you, such as IP address, viewing history, or account activity — is governed by their terms and privacy policies, not ours.
YouTube API Services and Google
The Service uses the YouTube API Services to retrieve information about videos. We do not share any personal information about you with YouTube or Google when we make these requests. When you click through to play or open a YouTube video, however, Google may collect information about your interaction. Your use of YouTube content surfaced through the Service is also subject to the YouTube Terms of Service and to Google's Privacy Policy.
5. Public content you create
Some features of the Service let you make content visible to other users — for example, marking a repertoire as shared so it can be discovered or accessed by others. When you choose to make content public, the contents of that repertoire (such as the song list and any notes you've added) and the display name on your account may be visible to other users of the Service.
You can change a shared repertoire back to private, or delete it, at any time through the app. Once content has been viewed or saved by other users, however, we cannot recall copies they may have already taken.
6. Data retention
We keep your account information and repertoires for as long as your account is active. If you delete your account, we delete or anonymize your personal information within a reasonable period, except where we need to retain it to comply with legal obligations, resolve disputes, prevent fraud or abuse, or enforce our agreements. Backup copies may persist for a limited additional period before being overwritten in the normal course of operations. Server logs are typically retained for up to 90 days.
7. Your choices and rights
- Access and correction. You can review and edit most of your account information directly in the app. For anything you can't change yourself, email support@approachnote.com.
- Account deletion. You can request deletion of your account by emailing support@approachnote.com from the email associated with your account, or by using the in-app account deletion option where available. We honor App Store account-deletion requirements.
- Email preferences. Transactional messages (such as password resets) are required to operate the Service and cannot be opted out of while you have an account. We do not currently send marketing emails.
- Device permissions. Where the apps request system permissions (for example, the share extension's access to inbound URLs), you can review and revoke those permissions in your device's Settings.
8. Security
We use commercially reasonable safeguards to protect your information, including encryption of data in transit (HTTPS), salted password hashing, scoped authentication tokens, and access controls on our backend systems. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you as required by applicable law.
9. Children
The Service is intended for users 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact support@approachnote.com and we will take steps to delete it. The Service is not directed to children under 13 within the meaning of the U.S. Children's Online Privacy Protection Act (COPPA).
10. International users
The Service is operated from the United States. If you access it from outside the United States, you understand that your information will be transferred to, processed in, and stored in the United States, where data-protection laws may differ from those in your jurisdiction. By using the Service you consent to that transfer.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we'll change the "Last updated" date at the top of the page. If the changes are material, we'll provide additional notice — for example, by email or an in-app notice — before they take effect. Your continued use of the Service after the effective date of an updated policy means you accept the changes.
12. Contact us
If you have questions about this Privacy Policy or how we handle your information, contact us at:
ApproachNote
support@approachnote.com