Skip to content

Privacy Policy

Effective date: April 2026 · Last updated: May 28, 2026

piano.org (“we,” “us,” or “the site”) is a piano reference and educational resource. We respect your privacy and are committed to being transparent about the limited data we collect. This policy explains what information is gathered when you visit piano.org, how it is used, and your rights regarding that information.

1. Information We Collect

Analytics Data

We use Google Analytics 4 (GA4) to understand how visitors use the site — which pages are visited, how long sessions last, and which features are used most. GA4 collects anonymized usage data including page views, session duration, approximate geographic region (country or city level), device type, browser type, and referring URLs. This data is aggregated and does not personally identify you.

Contact Form Data

If you use the contact form on piano.org, we store the name, email address, and message you submit, along with the following request metadata for spam prevention:

  • IP address — to detect and block automated abuse
  • User-Agent — browser or client identifier
  • Referrer — the page you navigated from, if any
  • Accept-Language — language preference reported by your browser

This metadata is collected under our legitimate interest in preventing spam and misuse of the contact form. It is never used for advertising or sold to third parties, and is retained only as long as needed to review and respond to your message (see Section 9).

Email Capture (PDF Downloads & Leaderboards)

When you download a chord or scale reference PDF, or post a score to a page leaderboard, we ask for your email address. This email is stored in our database (hosted on Supabase) and used to send a welcome message and occasional piano-related content via Resend (our email delivery provider). A cookie (pno_pdf_user) is set so returning visitors are not prompted again for 7 days. You can unsubscribe from emails at any time using the link in any message we send.

AI Chatbot Conversations

piano.org includes an AI-powered chatbot (the “Chat” widget) that can answer questions about piano chords, scales, and music theory. When you use the chatbot:

  • Your messages and the chatbot’s responses are stored in our database (chat_sessions and chat_messages tables on Supabase) to maintain conversation context and improve the service.
  • Your messages are forwarded to the Anthropic Claude API to generate responses. Anthropic processes these messages under their own privacy policy. We do not send your name, email, or other identifying information to Anthropic — only the message text and conversation history needed to generate a relevant response.
  • Chat sessions are rate-limited (per IP address) to prevent abuse. IP addresses used for rate limiting are not stored permanently.

You can close the chat widget at any time. If you do not use the chatbot, no chat data is collected.

Account Data (Signed-in Users)

piano.org offers an optional account so you can save bookmarks, keep practice history, and get personalized recommendations. Accounts are created with a sign-in link sent to your email, or by signing in with Google. Creating an account is entirely optional — the reference content works without one.

When you are signed in, we store the following in our database (Supabase), each tied to your account:

  • Profile — your email address (from your sign-in method), an optional display name, and your birth year (see “Children’s Privacy” below for why we ask).
  • Bookmarks — the chord, scale, mode, theory, and tool pages you choose to save.
  • Page-visit history — a record of which pages you visit while signed in, used to calculate learning streaks and show your recent activity. We log one entry per page per day; we do not track signed-out visitors this way.
  • Practice data — the aggregated practice metrics described under “MIDI and Microphone Access” below, associated with your account so we can show your progress over time.

We collect this account data under our legitimate interest in providing the account features you signed up for, and (in the EU/EEA) on the basis of the account relationship you create. It is never sold or used for advertising. You can permanently delete your account and all data tied to it at any time from your account page (see Section 7).

Browsing Without Providing Personal Data

You can browse the vast majority of piano.org without providing any personal information. Analytics data (if you accept cookies) is anonymized and does not identify you personally. Personal data is collected only when you voluntarily interact with the contact form, PDF download modal, leaderboard, chatbot, or account features.

2. Cookies

piano.org uses a small number of cookies:

Google Analytics cookies (_ga, _ga_*): These are set only if you accept analytics cookies via our consent banner. They help GA4 distinguish unique visitors and sessions. These cookies expire after 2 years (_ga) or 24 hours (session-scoped).

Consent preference cookie (piano_consent): This cookie records whether you accepted or declined analytics cookies. It expires after 365 days and contains only the value “accepted” or “declined.”

Essential cookies: We may use cookies strictly necessary for the site to function, such as remembering display preferences. These do not track you across sites.

You can manage your cookie preferences at any time by clicking “Manage Cookies” in the site footer.

3. MIDI and Microphone Access

Some interactive features on piano.org may request access to MIDI devices or your microphone — for example, to detect notes played on a connected keyboard. MIDI access is granted only after you accept the browser’s permission prompt, and microphone access is only requested by features that explicitly need it.

No raw audio is ever recorded or transmitted. Microphone input is processed in your browser for pitch detection and discarded; no audio file or audio stream is sent to our servers or any third party.

MIDI data is collected only when you actively start a practice session in features such as the Practice Room, per-page Practice Mode, MIDI Monitor, or the Player Diagnostic Assessment. Outside of an active practice session, MIDI events stay on your device and are not stored. During an active session, we collect:

  • MIDI events: note on/off, velocity, timing offsets, and sustain pedal (CC64) state, used to compute the metrics that drive real-time feedback and your progress dashboard.
  • Aggregated session metrics — not raw MIDI — are stored in our database (Supabase) so we can show your practice history and trends. Examples: chord onset spread, velocity evenness, scale timing consistency, accuracy percentage, focus score, and tempo ceiling per chord type.
  • Derived metrics (the same aggregated numbers, never raw note streams) may be sent to the Anthropic Claude API to generate the personalized natural-language feedback you see at the end of a session. We do not send raw MIDI events, audio, identifying information, or session content beyond the metrics needed for feedback.

If you participate in the public leaderboard on a chord or scale page, the display name you choose and your composite score are stored and shown publicly. Posting a score and unlocking the full AI analysis require an email address; emails are stored alongside PDF download captures and are used to send progress updates and related piano content.

You can stop MIDI collection at any time by ending the practice session, disconnecting your MIDI device, or revoking MIDI permission in your browser settings. A future release will add a self-service option in your dashboard to delete your stored practice data; until then, you can request deletion by contacting us using the information below.

4. How We Use Information

The analytics data we collect is used solely to understand site usage patterns, improve content and features, identify and fix technical issues, and determine which chords, scales, and tools are most popular so we can prioritize development.

5. Data Sharing & Sub-processors

We do not sell, rent, or trade your data to any third party. We do not share data with advertisers or data brokers. The following third-party services process data on our behalf:

  • Google Analytics (GA4) — anonymized site-usage analytics
  • Supabase — database hosting (contact form data, chat sessions, practice metrics, email captures)
  • Vercel — site hosting and serverless functions
  • Anthropic (Claude API) — AI chatbot responses and post-practice feedback generation
  • Resend — transactional email delivery (welcome emails, content updates)

6. Third-Party Services

piano.org may contain links to external websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.

7. Your Rights

For California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to know what personal information is collected, request deletion of your personal information, and opt out of the sale of personal information. We do not sell any data. The personal information we may collect (email addresses from PDF downloads, leaderboard posts, and contact form submissions; chat messages; practice metrics) is described in Section 1 above. If you wish to exercise any rights under the CCPA, please contact us using the information below.

For EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, you have the right to access, rectify, or erase personal data we may hold, restrict or object to processing, data portability, and the right to withdraw consent at any time. Analytics cookies are only loaded after you provide consent via our cookie banner. You can withdraw consent at any time by clicking “Manage Cookies” in the footer. For personal data collected through the contact form, email captures, chatbot, or practice features, you may request access, rectification, or erasure by contacting us below.

Self-Service Account Deletion

If you have an account, you can delete it and all data tied to it (profile, bookmarks, page-visit history, and practice metrics) at any time, without contacting us, from your account page. Deletion is immediate and permanent. Email-list entries created through PDF downloads or leaderboard posts are handled separately via the unsubscribe link in any email we send, or by contacting us.

For All Visitors

You can decline analytics cookies via our consent banner, and your choice will be respected. You can also use your browser settings to block or delete cookies at any time.

8. Children’s Privacy

piano.org is a general-audience educational site. We do not knowingly collect personal information from children under 13.

Accounts are limited to ages 13 and older. Before you can create an account, we ask for your year of birth on a neutral age screen. If you indicate you are under 13, we do not create an account or collect the account data described in Section 1 (profile, bookmarks, page-visit history, practice data). Visitors under 13 can still use the reference content, tools, and interactive features anonymously, without signing in. We store only the birth year you provide — not a full date of birth — and use it solely to apply this age limit.

If you are under 13, please also do not submit your email address through the PDF download modal, leaderboard, contact form, or chatbot. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. Parents or guardians who believe their child has provided personal data may contact us using the information below, and we will delete it.

9. Data Retention

Google Analytics data is retained according to Google’s default retention settings (14 months). The consent preference cookie is retained for 365 days on your device.

Contact form submissions, including spam-prevention metadata (IP address, User-Agent, Referrer, Accept-Language), are retained for up to 12 months and then permanently deleted.

Email addresses from PDF downloads and leaderboard posts are retained until you unsubscribe, at which point they are marked inactive but kept for suppression-list purposes. You may request full deletion by contacting us.

Chatbot conversations are retained indefinitely to improve the service. Practice session metrics are retained indefinitely to power your progress dashboard. You may request deletion of either by contacting us using the information below.

Account data (profile, bookmarks, page-visit history, and practice metrics) is retained for as long as your account is active. When you delete your account from your account page, this data is removed immediately and permanently.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of the site after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions about this privacy policy or your data, please reach out via the Contact page.