Privacy Policy
Effective date: April 2026 · Last updated: July 15, 2026
piano.org (“we,” “us,” or “the site”) is a piano reference and educational resource. We respect your privacy and are committed to being transparent about the limited data we collect. This policy explains what information is gathered when you visit piano.org, how it is used, and your rights regarding that information.
1. Information We Collect
Analytics Data
We use Google Analytics 4 (GA4) to understand how visitors use the site — which pages are visited, how long sessions last, and which features are used most. GA4 collects anonymized usage data including page views, session duration, approximate geographic region (country or city level), device type, browser type, and referring URLs. This data is aggregated and does not personally identify you.
We also collect aggregate AI-referral counts: when your browser indicates you arrived from a known AI assistant (such as ChatGPT, Perplexity, or Claude), we record the source name and date (for example: "chatgpt, 2026-07-08"). We store only the source label and a daily count — no user IDs, IP addresses, page paths, or any other identifying data. This tells us, in aggregate, whether our content appears in AI search results. Your browser sends the referring URL as a standard HTTP header on every web request; we classify it and immediately discard it.
Contact Form Data
If you use the contact form on piano.org, we store the name, email address, and message you submit, along with the following request metadata for spam prevention:
- IP address — to detect and block automated abuse
- User-Agent — browser or client identifier
- Referrer — the page you navigated from, if any
- Accept-Language — language preference reported by your browser
- Approximate location — city, region, and country, derived from your IP address by our hosting provider
This metadata is collected under our legitimate interest in preventing spam and misuse of the contact form. It is never used for advertising or sold to third parties, and is retained only as long as needed to review and respond to your message (see Section 9).
Contributor Form Data
If you use the Contribute form (piano.org/contribute) to offer help with the site, we store the name you provide and, if you choose to add them, your email address, website, LinkedIn, a short background, the area you would like to help with, and any message. This information is saved to our database (the contributor_applications table on Supabase) and is used only to evaluate and follow up on your offer to contribute. The form asks you to confirm you are 13 or older, the email field is optional, and none of it is ever used for advertising or sold to third parties.
Email Capture (PDF Downloads & Leaderboards)
When you download a chord or scale reference PDF, or — once leaderboards launch — post a score to a page leaderboard, we ask for your email address. This email is stored in our database (hosted on Supabase) and used to send a welcome message and occasional piano-related content via Resend (our email delivery provider). A cookie (pno_pdf_user) is set so returning visitors are not prompted again for 7 days. You can unsubscribe from emails at any time using the link in any message we send.
Alongside your email we record spam-prevention and attribution metadata: a one-way hashed (irreversible) form of your IP address, your browser’s User-Agent, the page you made the request from, the referring page, and any campaign (UTM) tags in the URL. We never store your raw IP address with your email.
If a search finds no results and you choose “notify me” and provide your email, we store that search term together with your email address so we can let you know when the content exists.
AI Chatbot Conversations
piano.org includes an AI-powered chatbot (the “Chat” widget) that can answer questions about piano chords, scales, and music theory. When you use the chatbot:
- Your messages and the chatbot’s responses are stored in our database (chat_sessions and chat_messages tables on Supabase) to maintain conversation context and improve the service. Before messages are stored, they are automatically scanned and any detected personal information (such as email addresses or phone numbers) is redacted.
- Your messages are forwarded to the Anthropic Claude API to generate responses. Anthropic processes these messages under their own privacy policy. We do not send your name, email, or other identifying information to Anthropic — only the message text and conversation history needed to generate a relevant response.
- Each chat session also records a one-way hashed (irreversible) form of your IP address and your country. We store a salted hash rather than your raw IP so we can enforce rate limits and prevent abuse without keeping the address itself, and we do not store your raw IP, browser details, city, or region. This session metadata is kept with your conversation and is automatically deleted on the retention schedule described in Section 9; you can also request earlier deletion by contacting us.
- If you submit a bug report or feedback through the chat and choose to leave an email address for follow-up (13+ confirmation required), that email is stored with your chat session and deleted with it.
You can close the chat widget at any time. If you do not use the chatbot, no chat data is collected.
Smart Search, Worksheets & Page Feedback
When you type a conversational question into the search box (for example, “how do I build a minor 7th chord?”) or use the worksheet generator, the text you enter is sent to the Anthropic Claude API to generate an inline answer or to configure your worksheet. Anthropic processes this text under their own privacy terms. We do not attach your name, email, or account ID to these requests, and we do not store the question against your identity.
To improve search coverage and result quality, we log three types of anonymous, aggregate search events — none of which carry a user identifier or IP address:
- Zero-result searches. When a query returns no matches we record the query text so we can improve coverage.
- Impressions. When a query returns results, we record the query text and the URLs of the top results shown.
- Clicks. When you select a result, we record the query text, which result you clicked, and its position in the list. This helps us understand which results are most useful.
We group the keystrokes of a single search so that only the query you actually settle on is recorded, rather than every partial word typed on the way to it. That grouping uses a random identifier for the one search, plus a second anonymous identifier that is regenerated every time a page loads. Both are discarded when you leave the page, are never linked to an account, email address, IP address, or device, and cannot be used to recognise you on a later visit or across the site. The effect is that we store less of your typing than before, not more.
One exception: if a search finds no results and you explicitly opt in to “notify me” with your email address, that search term is stored with your email (see “Email Capture” above).
The live “What Am I Playing?” tool works the same way: your playing is processed entirely in your browser and is never recorded. If the tool cannot name a combination of notes you hold, or you flag a shown name as wrong, the anonymous note pattern itself (for example “C D♭ E G”) and, for flags, the name we displayed may be logged — with no user identifier, no account ID, and no IP address stored — solely so missing chords and scales can be added to the recognition engine.
If you leave a note through the page-feedback (“suggest an improvement”) form, we store the page it relates to, a category, your message, and an optional display name you choose to enter. We do not collect your email or IP address through this form; the notes are used only to improve the site.
Account Data (Signed-in Users)
piano.org offers an optional account so you can save bookmarks, keep practice history, and get personalized recommendations. Accounts are created with a sign-in link sent to your email, or by signing in with Google. Creating an account is entirely optional — the reference content works without one.
When you are signed in, we store the following in our database (Supabase), each tied to your account:
- Profile — your email address (from your sign-in method), an optional display name, and your birth year (see “Children’s Privacy” below for why we ask).
- Bookmarks — the chord, scale, mode, theory, and tool pages you choose to save.
- Page-visit history — a record of which pages you visit while signed in, used to calculate learning streaks and show your recent activity. We log one entry per page per day; we do not track signed-out visitors this way.
- Practice data — the aggregated practice metrics described under “MIDI and Microphone Access” below, plus your answers to theory quizzes, drill results, diagnostic assessment responses, and the adaptive skill profile (per-skill mastery estimates) we build from them for every signed-in learner — associated with your account so we can show your progress over time and recommend what to practice next.
- Saved recordings & discoveries — when you use the virtual piano, you can save a recording or a chord/interval you identified. These are stored as note data (which keys you played and the timing) and the names of the chords or intervals — not an audio file. No microphone audio is captured or transmitted. They are tied to your account and removed when you delete it.
We collect this account data under our legitimate interest in providing the account features you signed up for, and (in the EU/EEA) on the basis of the account relationship you create. It is never sold or used for advertising. You can permanently delete your account and all data tied to it at any time from your account page (see Section 7).
Browsing Without Providing Personal Data
You can browse the vast majority of piano.org without providing any personal information. Analytics data (if you accept cookies) is anonymized and does not identify you personally. Personal data is collected only when you voluntarily interact with the contact form, PDF download modal, leaderboard, chatbot, or account features.
2. Cookies
piano.org uses a small number of cookies:
Google Analytics cookies (_ga, _ga_*): These are set only if you accept analytics cookies via our consent banner. They help GA4 distinguish unique visitors and sessions. These cookies expire after 2 years (_ga) or 24 hours (session-scoped).
Consent preference cookie (piano_consent): This cookie records whether you accepted or declined analytics cookies. It expires after 365 days and contains only the value “accepted” or “declined.”
Returning-visitor cookie (pno_pdf_user): Set after you provide your email for a PDF download (or, when available, a leaderboard post), so returning visitors are not prompted again for 7 days (see Section 1).
Browser local storage: Some features remember functional preferences in your browser’s local storage rather than cookies — for example chat-widget open/closed state, drill difficulty and tempo level, the age-screen confirmation, and MIDI latency calibration offsets. These values stay on your device, are not used for tracking, and are not transmitted to us. If you sign in, an authentication token is also kept in your browser and sent with your requests to keep you signed in; it is used only for authentication, not tracking.
Essential cookies: We may use cookies strictly necessary for the site to function, such as remembering display preferences. These do not track you across sites.
You can manage your cookie preferences at any time by clicking “Manage Cookies” in the site footer.
3. MIDI and Microphone Access
Some interactive features on piano.org may request access to MIDI devices or your microphone — for example, to detect notes played on a connected keyboard. MIDI access is granted only after you accept the browser’s permission prompt, and microphone access is only requested by features that explicitly need it.
No raw audio is ever recorded or transmitted. Microphone input is processed in your browser for pitch detection and discarded; no audio file or audio stream is sent to our servers or any third party.
MIDI data is collected only when you actively start a practice session in features such as the Practice Room, per-page Practice Mode, MIDI Monitor, or the Player Diagnostic Assessment. Outside of an active practice session, MIDI events stay on your device and are not stored. During an active session, we collect:
- MIDI events: note on/off, velocity, timing offsets, and sustain pedal (CC64) state, used to compute the metrics that drive real-time feedback and your progress dashboard.
- Aggregated session metrics — not raw MIDI — are stored in our database (Supabase) so we can show your practice history and trends. Examples: chord onset spread, velocity evenness, scale timing consistency, accuracy percentage, focus score, and tempo ceiling per chord type.
- Derived metrics (the same aggregated numbers, never raw note streams) may be sent to the Anthropic Claude API to generate the personalized natural-language feedback you see at the end of a session. We do not send raw MIDI events, audio, identifying information, or session content beyond the metrics needed for feedback.
When public leaderboards launch on chord and scale pages, the display name you choose and your composite score will be stored and shown publicly. Posting a score and unlocking the full AI analysis will require an email address; emails will be stored alongside PDF download captures and used to send progress updates and related piano content. This section will be updated when the feature goes live.
You can stop MIDI collection at any time by ending the practice session, disconnecting your MIDI device, or revoking MIDI permission in your browser settings. A future release will add a self-service option in your dashboard to delete your stored practice data; until then, you can request deletion by contacting us using the information below.
4. How We Use Information
The analytics data we collect is used solely to understand site usage patterns, improve content and features, identify and fix technical issues, and determine which chords, scales, and tools are most popular so we can prioritize development.
5. Data Sharing & Sub-processors
We do not sell, rent, or trade your data to any third party. We do not share data with advertisers or data brokers. The following third-party services process data on our behalf:
- Google Analytics (GA4) — anonymized site-usage analytics
- Supabase — database hosting (contact form data, chat sessions, practice metrics, saved recordings, email captures)
- Vercel — site hosting and serverless functions
- Anthropic (Claude API) — AI chatbot responses, post-practice feedback, conversational search answers, and worksheet configuration
- Resend — transactional email delivery (welcome emails, content updates)
- Content delivery networks (jsDelivr, Cloudflare cdnjs) — serve some script and image files on certain pages; they receive your IP address and browser type when those files load
piano.org does not currently sell any products, and no payment processor receives your data. No checkout is active on the site.
6. Third-Party Services
piano.org may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.
7. Your Rights
For California Residents (CCPA)
Under the California Consumer Privacy Act, you have the right to know what personal information is collected, request deletion of your personal information, and opt out of the sale of personal information. We do not sell any data. The personal information we may collect (email addresses from PDF downloads, leaderboard posts, and contact form submissions; chat messages; practice metrics) is described in Section 1 above. If you have an account, you can download a copy of your data or delete your account directly from your account page. To exercise any other rights under the CCPA, please contact us using the information below.
For EU/EEA Residents (GDPR)
Under the General Data Protection Regulation, you have the right to access, rectify, or erase personal data we may hold, restrict or object to processing, data portability, and the right to withdraw consent at any time. Analytics cookies are only loaded after you provide consent via our cookie banner. You can withdraw consent at any time by clicking “Manage Cookies” in the footer. For personal data collected through the contact form, email captures, chatbot, or practice features, you may request access, rectification, or erasure by contacting us below. If you have an account, you can exercise your rights of access and data portability yourself at any time using “Download my data” on your account page.
Self-Service Account Access & Deletion
If you have an account, you can download a copy of your data and delete your account at any time, without contacting us, from your account page. “Download my data” provides a machine-readable (JSON) copy of the personal data tied to your account (profile, bookmarks, page-visit history, practice metrics, and saved recordings & discoveries) plus any contact-form, chatbot, or PDF-download records matched to your account email. “Delete my account & data” is immediate and permanent. Email-list entries created through PDF downloads or leaderboard posts are handled separately via the unsubscribe link in any email we send, or by contacting us.
For All Visitors
You can decline analytics cookies via our consent banner, and your choice will be respected. You can also use your browser settings to block or delete cookies at any time.
8. Children’s Privacy
piano.org is a general-audience educational site. We do not knowingly collect personal information from children under 13.
Accounts are limited to ages 13 and older. Before you can create an account, we ask for your year of birth on a neutral age screen. If you indicate you are under 13, we do not create an account or collect the account data described in Section 1 (profile, bookmarks, page-visit history, practice data). Visitors under 13 can still use the reference content, tools, and interactive features anonymously, without signing in. We store only the birth year you provide — not a full date of birth — and use it solely to apply this age limit.
Every place that captures an email address — the PDF download modal, the “notify me” search prompt, the contact form, and the chatbot — requires you to confirm you are 13 or older before the email is stored. If you are under 13, please do not submit your email address. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. Parents or guardians who believe their child has provided personal data may contact us using the information below, and we will delete it.
9. Data Retention
Google Analytics data is retained according to Google’s default retention settings (14 months). The consent preference cookie is retained for 365 days on your device.
Contact form submissions, including the request metadata described in Section 1, are retained for as long as needed to respond to your message and keep a record of our correspondence. You can request deletion of your submissions at any time using the contact information below.
Email addresses from PDF downloads (and, when available, leaderboard posts) are retained until you unsubscribe, at which point they are marked inactive but kept for suppression-list purposes. You may request full deletion by contacting us.
Chatbot conversations, including the hashed IP and other session metadata described in Section 1, are retained for approximately 90 days, after which the session and its messages are automatically deleted. Practice session metrics are retained indefinitely to power your progress dashboard. You may request earlier deletion of either by contacting us using the information below.
Account data (profile, bookmarks, page-visit history, practice metrics, and saved recordings) is retained for as long as your account is active. When you delete your account from your account page, this data is removed immediately and permanently.
10. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of the site after changes constitutes acceptance of the revised policy.
11. Contact
If you have questions about this privacy policy or your data, please reach out via the Contact page.
Mailing address:
PIANO NOTE LLC
407 Lincoln Rd, Suite 6H PMB 1855
Miami Beach, FL 33139