Privacy Notice
This Privacy Notice explains how the Mind the Guitar mobile application (the “App”) handles personal data when you use it. It is issued together with our Terms of Use.
The data controller for the App is Michał Gajek, an individual sole developer (acting as a private individual) operating the Mind the Guitar application, with a correspondence address at Aleja Wilanowska 103/49, 02-795 Warszawa, Poland and reachable at contact@mindtheguitar.com (“Developer,” “we,” “us,” or “our”).
1. Local Data Only
Mind the Guitar is designed to operate offline and to keep your data on your device.
We do not maintain user accounts on our servers and, except for the limited security telemetry described in Section 6, we do not receive your personal data. Your profile, progress, settings, and related app data are stored locally on your device only.
2. What the App Stores Locally
The App may store the following information locally on your device:
- your optional display name;
- your avatar image, if you choose to add one;
- your learning progress;
- your exercise statistics and streaks;
- your app preferences and settings;
- local app status flags and backup copies of your profile data.
3. Microphone Access
The App may request access to your microphone only for the tuner feature.
Microphone input is processed locally on your device. We do not record, store, or send your audio to our servers.
4. Photo Library Access
The App may request access to your photo library only if you choose to add or change your avatar.
Any image you choose for your avatar is stored locally on your device. The App does not access the camera, contacts, location, calendar, health data, or any other sensors.
5. Children's Privacy
The App is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
6. Contacting Us
If you contact us by email at contact@mindtheguitar.com, we will receive the information you choose to include in your message and use it only to respond to you and to keep a record of the correspondence as required by applicable law.
7. Legal Bases (GDPR Art. 6)
We process the limited categories of data described above on the following legal bases:
- Performance of a contract (Art. 6(1)(b) GDPR) — to provide the educational features you request when you use the App.
- Legitimate interests (Art. 6(1)(f) GDPR) — to protect the integrity and security of the App through freeRASP (see Section 9).
- Consent (Art. 6(1)(a) GDPR) — granted by you through the operating system permission prompts when you enable microphone or photo library access.
8. No Tracking, No Analytics, No Ads
The App does not use cookies, web tracking, advertising identifiers (IDFA, GAID), third-party analytics SDKs, advertising or attribution SDKs, or any cross-app or cross-site tracking. We do not perform any user profiling, scoring, or automated decision-making within the meaning of Art. 22 GDPR.
9. Third-Party Services — freeRASP (Talsec)
To protect the App against tampering, reverse engineering, debugging, and execution on rooted or jailbroken devices, we use freeRASP, a runtime application self-protection library provided by Talsec (Talsec a.s., based in the Czech Republic, EU). freeRASP runs on your device and may transmit anonymous integrity signals (for example: detection of root/jailbreak, debugger, hooking frameworks, emulator, repackaging, or device-binding issues) to Talsec servers.
freeRASP does not transmit your profile data, learning data, audio, photos, advertising identifiers (IDFA, GAID), or any other content you create in the App. Talsec acts as our processor and processes the data within the European Economic Area. For further information, see Talsec's privacy documentation.
10. Data Retention
Data stored on your device is retained for as long as the App is installed or until you delete it (see Section 12). Anonymous integrity telemetry processed by freeRASP is retained according to Talsec's retention policy and is not linked to your identity.
11. Your Rights (GDPR Art. 15–22)
Because most of your data stays on your device and we have no access to it, you can exercise most of your rights directly through the App:
- Access and portability — your data is visible in the App (Profile, Stats) at any time.
- Rectification — you can edit your display name and avatar in Profile.
- Erasure (“right to be forgotten”) — see Section 12.
- Restriction and objection — you can disable microphone or photo permissions in your device settings, or stop using the App.
- Withdrawal of consent — you can revoke microphone or photo library permissions at any time in your device's system settings, without affecting the lawfulness of processing carried out before withdrawal.
For requests related to security telemetry processed via freeRASP, contact us at contact@mindtheguitar.com.
12. How to Delete Your Data
You can delete your data at any time using one of the following methods:
- In the App, open Profile → Reset Profile → Reset Statistics to clear your exercise statistics and streaks.
- In the App, open Profile → Reset Profile → Reset Entire Profile to clear your entire profile (display name, avatar, progress, statistics, and preferences) and return the App to its initial state.
- Uninstall the App to remove all locally stored data, including any items kept in the platform-provided secure storage.
We have no copy of your profile data on our servers, so no separate request to us is required to have it deleted. See also our step-by-step deletion guide.
13. Right to Lodge a Complaint
If you believe we are processing your personal data in violation of applicable law, you have the right to lodge a complaint with the Polish supervisory authority:
Prezes Urzędu Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
https://uodo.gov.pl
You also have the right to lodge a complaint with the supervisory authority of your country of residence.
14. Security
Sensitive items such as integrity tokens are stored in the platform-provided secure storage (iOS Keychain / Android Keystore via flutter_secure_storage). We rely on the security mechanisms provided by your device's operating system (sandboxed app storage, OS-level encryption at rest). The App uses freeRASP to detect tampering and rooted/jailbroken environments, and disables cleartext HTTP traffic on Android via a network security configuration. No security measure is perfect; you are responsible for keeping your device and operating system up to date.
15. Subscriptions
The App may offer paid features or subscriptions through Apple App Store or Google Play.
Where you make a purchase through one of these platforms, payment processing, billing, renewals, cancellations, and related payment data handling are managed by the relevant platform provider under its own terms and privacy policy.
The App may receive limited information from the platform, such as the status of a purchase or subscription, solely to enable paid features. We do not store your full payment card details.
16. Changes to This Privacy Notice
We may update this Privacy Notice from time to time. If we make material changes, we will update the “Last Updated” date and the version number above and, where appropriate, provide notice in the App.
17. Contact
Michał Gajek — sole developer of the Mind the Guitar application
Aleja Wilanowska 103/49, 02-795 Warszawa, Poland
contact@mindtheguitar.com
© 2026 Mind the Guitar. All rights reserved.