Privacy Policy

Effective Date: May 27, 2026

This Privacy Policy describes how Chord Runner ("Company," "we," "us," or "our") collects, processes, retains, and discloses personal information in connection with your use of the Chord Runner application and website (collectively, the "Platform"). By accessing or using the Platform, you acknowledge that you have read and understood this Policy.

1. Information We Collect

We collect only the personal information necessary to operate the Platform effectively:

• Account Data: When you register, we collect your email address and a securely hashed password. Passwords are never stored in plain text.
• Support Communications: When you contact us via our support channels or contact forms, we collect your email address, the subject, and the content of your inquiry. These records are retained to ensure consistent and timely responses.
• Affiliate Program Data: If you participate in our Affiliate Program, we associate your user profile with a Stripe Connect Account ID to facilitate commission payouts, and we generate a unique referral code linked to your account.

2. Cookies and Tracking Technologies

We use the following standard web technologies solely to operate and secure the Platform:

• Session Cookies: Used exclusively to maintain your authenticated session across the Platform.
• Referral Cookies: If you arrive via an affiliate link, we store a secure, HTTP-only cookie (named ref) with a validity period of 365 days to accurately attribute referral commissions.
• Analytics Cookies: We use Google Analytics to collect anonymized data about how visitors interact with the Platform (e.g., pages visited, session duration, general geographic region). This data is used exclusively to improve Platform performance and user experience.

We do not use tracking technologies for advertising or behavioral profiling.

3. How We Use Your Information

We use the personal information we collect solely for the following operational purposes:

• To create and manage your account, and to facilitate authentication and password recovery.
• To process payments and grant access to Premium features.
• To track affiliate referrals, calculate commissions, and process payouts.
• To respond to support inquiries and contact form submissions.
• To analyze aggregated, anonymized usage patterns via Google Analytics in order to improve Platform performance and user experience.
• To send transactional emails, including email verification links, password reset instructions, and critical security notifications.

We do not use your personal information for marketing purposes without your explicit consent.

4. Third-Party Service Providers

We do not sell, rent, or trade your personal information. We engage the following trusted subprocessors solely to deliver core Platform functionality:

• Stripe, Inc.: Serves as our payment gateway and facilitates affiliate payouts via Stripe Connect. We do not collect or store payment card data; all payment information is handled directly by Stripe. Stripe also performs identity verification (KYC) where required.
• Cloudflare, Inc. (Turnstile): Protects our platform endpoints from automated abuse without the use of intrusive CAPTCHA challenges.
• Resend: Handles the reliable delivery of transactional emails and processes inbound support messages via webhook infrastructure.
• Google Analytics (Google LLC): Provides anonymized, aggregated analytics on Platform usage. Google Analytics may set cookies and collect data such as pages visited, session duration, and approximate geographic location. No personally identifiable information is shared with Google Analytics. You may opt out of Google Analytics tracking at any time via the Google Analytics Opt-out Browser Add-on.

Each subprocessor is contractually bound to handle your data in accordance with applicable privacy laws.

5. Data Retention, Security, and Deletion

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction.

Authentication codes — including email verification tokens and password reset codes — are permanently deleted from our systems immediately upon use.

Your account and associated data are retained for as long as your account remains active. You have the right to request the permanent deletion of your account and all associated personal data at any time. To submit a deletion request, please contact us at the address provided in Section 7.

6. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be reflected by a revised effective date at the top of this page. We encourage you to review this Policy periodically to remain informed about how we protect your information.

7. Contact

For questions or concerns regarding this Privacy Policy or your personal data, please contact us at:

[email protected]