Privacy Policy

Last updated: March 11, 2026

Erhythm ("we", "us", "our") operates erhythm.org. This Privacy Policy explains how we collect, use, and protect your information when you use our platform.

1. Information We Collect

Account Information

When you register, we collect:

• Name, username, and email address
• Password (hashed, never stored in plain text)
• Profile information you choose to provide (avatar, bio)

Social Login

If you sign in with Google or Facebook, we receive:

• Your name and email address from the provider
• Your profile picture (downloaded and stored locally)
• A unique identifier from the social provider

We do not access your contacts, post on your behalf, or request any permissions beyond basic profile information.

Automatically Collected Information

• IP address and browser user agent (for security and session management)
• Session data (stored securely in our database)
• Last login timestamp

Payment Information

If you make a support donation, payment is processed entirely by PayPal. We receive your payer name, payer email, transaction ID, and donation amount. We do not store credit card or bank account details.

Content You Create

Rhythms, likes, play counts, and any other content you create on the platform.

2. How We Use Your Information

• To create and manage your account
• To provide and improve our rhythm composer platform
• To display your public profile and rhythms (if you choose to be public)
• To process support donations via PayPal
• To send email notifications related to your account (verification, password resets)
• To maintain security and prevent abuse

3. Information Sharing

We do not sell, rent, or trade your personal information. We share data only with:

• PayPal — to process donations (subject to PayPal's Privacy Policy)
• Google / Facebook — only during social login authentication (subject to their respective privacy policies)

4. Public Information

If your profile is set to public, the following may be visible to other users:

• Your name, username, avatar, and bio
• Your published rhythms
• Support donations marked as public

You can set your profile to private at any time from your account settings.

5. Cookies & Sessions

We use essential cookies only:

• Session cookie — to keep you logged in
• CSRF token — to protect against cross-site request forgery
• Remember token — if you choose "remember me" at login

We do not use tracking cookies, analytics cookies, or advertising cookies.

6. Data Security

We take reasonable measures to protect your data, including:

• Passwords are hashed using bcrypt
• All connections are encrypted via HTTPS
• Session data is stored server-side in a database

7. Your Rights

You have the right to:

• Access your personal data via your account settings
• Update your profile information at any time
• Delete your account from account settings (this soft-deletes your account and removes your avatar)
• Toggle visibility — make your profile public or private

8. Data Retention

We retain your account data for as long as your account is active. Deleted accounts are soft-deleted and may be permanently removed after a reasonable period.

9. Children's Privacy

Erhythm is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at hello@erhythm.org.