Privacy Policy for HarpMaster

Publisher: HarpMaster (harpmaster.net) Last updated: April 23, 2026

This Privacy Policy explains what information HarpMaster collects, how we use it, and your choices. It applies to the HarpMaster mobile app (iOS and Android) and the harpmaster.net website.

Summary

Your microphone audio never leaves your device. Pitch detection runs locally.
We store your practice history, settings, and recordings on your device only.
We do register a device identifier with our server so you can buy premium, and we record pseudonymous usage events (linked to your device identifier, not to personal info like name or email) to understand the paywall funnel.
We do not sell data. We do not track you across other apps.
You can request deletion of your server-side data at any time via email (see Contact).

1. Permissions

Permission	Why
Microphone	Real-time pitch detection from your harmonica. Audio is processed locally and not transmitted.
Internet	Load MIDI files, fetch app configuration, show ads, process purchases, crash reports.
In-App Purchase	Optional one-time purchase to remove ads.

2. Data Stored on Your Device

The following is stored locally only (localStorage / native preferences) and never uploaded:

Your recorded harmonica sessions (when you use the recorder feature)
Practice history and scores
App settings (language, theme, tuning, harmonica key, etc.)
Premium status flag (a copy of your server-side premium state)

Uninstalling the app clears this data.

3. Data Sent to Our Server

Our server runs outside mainland China (overseas hosting).

3.1 Device Registration

On first launch, the app generates a stable hardware identifier (Device.getId() — iOS identifierForVendor / Android ANDROID_ID) and sends it to https://api.harpmaster.net/api/devices/register. The server returns a randomly generated ownerId + deviceSecret used to authenticate subsequent API calls.

Why: Authenticate payment and premium-status requests; distinguish devices without requiring a user account.
Retention: Kept as long as the device is active; deleted on user request (see Section 7).

3.2 Payment Records (China market only)

If you purchase premium via Alipay or WeChat Pay inside the app, our server stores:

Order ID, amount, payment method, payment status, payment provider transaction ID
Your ownerId (to grant premium on this device)

Google Play and Apple IAP purchases are processed by Google / Apple and do not create a record on our server.

Why: Deliver the premium upgrade you paid for; comply with refund / dispute handling.
Retention: 7 years (required for financial record-keeping under applicable accounting rules).

3.3 Usage Events (Pseudonymous Analytics)

We record product-analytics events to understand the paywall funnel and improve the product. Events include: install, first_open, practice_started, remove_ads_button_clicked, payment_initiated, payment_success, payment_cancelled. Each event carries: device identifier, market (google/china), platform (ios/android/web), app version, and occasional small metadata (e.g. which payment method was used). These events are pseudonymous — linked to your device identifier (and, once you register, your ownerId), but not to personal identity such as name, email, or phone number.

Why: Measure conversion, find UX problems, decide what to build next. No personal content (audio, practice recordings, or typed text) is recorded.
Retention: 13 months.

3.4 Crash and Error Reports

When the app crashes or hits a handled error, a report is sent to a third-party crash-reporting provider. Reports include: stack trace, app version, platform, and breadcrumbs of recent user actions. Device identifiers, audio data, and Bearer tokens are removed from the event payload before upload. Your IP address is visible to the provider’s infrastructure at the network transport layer (as with any HTTPS request), but we configure the client so the IP is not written into the stored crash record.

Why: Diagnose and fix bugs.
Retention: 90 days on the provider’s infrastructure.

3.5 Server Access Logs

Nginx access logs record IP address, timestamp, URL path, and HTTP status of each API request. These are standard web-server logs.

Why: Debugging, abuse detection, rate-limit enforcement.
Retention: 30 days; anonymized beyond that if retained.

3.6 Play Integrity Token (Android, Google Play market only)

For fraud prevention on purchase and order creation, the Android Google Play build may request a short-lived integrity token via Google’s Play Integrity API and forward it to our server. The token is decoded by Google, not us; we only see a verdict (trusted / untrusted) without device personal information.

Why: Prevent modified / resigned app binaries from spoofing purchases.
Retention: Not stored — only the verdict is logged.

4. Cross-Border Data Transfer (for users in mainland China)

If you use the China market version, some data (device identifier, payment order metadata, usage events) is transferred to our servers located outside mainland China for processing. By using the app you consent to this transfer. We implement technical and organizational safeguards (TLS transit, access control) to protect the data.

The information transferred is limited to what’s described in Section 3. We do not transfer sensitive personal information (financial credentials, biometric data, location data).

5. Third-Party Services

The following third parties may receive data directly from the app. Each has its own privacy policy.

Service	Purpose	Market
Google AdMob	Ads	International
Pangle (ByteDance)	Ads	China
Google Play Billing / App Store IAP	Purchases	International
Alipay, WeChat Pay	Purchases	China
Google Play Integrity API	Anti-fraud	Android, International
Third-party crash-reporting provider	Crash reports	All

AdMob specifically: For users in the EEA / UK, we use Google’s User Messaging Platform (UMP) to obtain consent for personalized advertising on first launch. You can change your choice anytime in Settings → Ads preferences (coming soon, or request via email).

6. Children’s Privacy

HarpMaster is not directed at children under 13 (or under 16 in the EEA/UK for GDPR purposes). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

7. Your Rights — How to Request Deletion or Access

You can request access to, correction of, or deletion of identifiable data we hold by emailing:

harpmaster72@gmail.com

Include in your email:

Your device’s Support ID (Settings → About → Support ID — a 16-character code we use to locate your device record).

We process requests within 14 days. We delete:

The device registration record (devices).
Any payment records linked to your ownerId (orders).
Usage / funnel events linked to your ownerId (events).
The receipt-replay binding for past Apple/Google purchases (iap_receipts).
Related crash reports (by forwarding a deletion request to the provider on your behalf).

Data we do not delete on request (because it is already stored without any link back to you):

Aggregated ad impressions and click counts (ad_impressions, ad_clicks). These rows are keyed by an ephemeral client identifier that is never joined to your ownerId server-side and that your device discards on uninstall. There is no way for us to identify which rows belong to any individual user, so there is nothing for us to target for deletion.
Pre-registration funnel events (e.g. install, first_open fired before the app completes device registration on first launch). These are stored with the same ephemeral client identifier described above, without any ownerId, and are automatically purged by the standard 13-month retention window.

Local-only data (practice history, recordings, settings) is deleted by uninstalling the app.

8. Changes to This Policy

We will update this policy as the product evolves. Material changes will be announced in-app. The Last updated date at the top reflects the most recent change.

9. Contact

Privacy questions, deletion requests, and concerns: harpmaster72@gmail.com