Privacy Policy

1. Introduction

Jamverse ("we", "us", "our") operates the Jamverse desktop application and related online services (collectively, the "Service"). Jamverse is a music creation and jamming platform built for musicians of all levels, featuring a desktop client and cloud-powered backend.

This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service. By accessing or using Jamverse, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

Account Information

• Email address — provided during registration or sign-in
• Google profile data — name and profile picture, obtained via Google OAuth when you choose to sign in with Google

Usage Data

• Session duration — how long each session lasts
• Daily usage tracking — time spent using the app each day, measured in seconds (used to enforce free-tier limits)
• Feature usage — which features and tools you interact with
• Jam mode selections — the modes and configurations you choose during sessions

Audio and Music Data

• Recordings — audio content you record within the app
• MIDI patterns — musical patterns created or edited during sessions
• Generated audio content — any audio produced through your use of the Service

Analytics Data

We use PostHog for product analytics. The following data is collected:

• Feature clicks and interactions
• Session start and end events
• App version and build number
• Operating system information

Payment Data

Device Information

• Device identifier — used for usage tracking and security purposes
• App version, build number, and commit hash — used for debugging and compatibility

Collaboration Data (Future)

As we develop collaborative features, we may collect additional data including band or group membership information, shared content, and messages exchanged between users. This policy will be updated before any such features are launched.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service — deliver the core Jamverse experience, including audio processing, session management, and account features
• Process payments — manage subscriptions, handle billing through Stripe, and verify your plan status (Free, Pro, or Founding Jammer)
• Track usage limits — enforce the free-tier daily usage limit (10 minutes per day) by monitoring session duration in seconds
• Send transactional emails — deliver authentication codes and account-related notifications via our email provider, Resend
• Improve the application — analyze aggregated usage patterns and analytics data to identify bugs, improve features, and guide product development
• Enforce our Terms of Use — detect and prevent misuse, fraud, or violations of our terms
• Communicate about service changes — notify you of updates, new features, policy changes, or other important information related to Jamverse

4. Third-Party Services

We rely on trusted third-party service providers to operate Jamverse. Each provider receives only the data necessary to perform its function. The table below summarizes these services:

Service	Purpose	Data Received
Stripe	Payment processing	Payment information (card details, billing address), email address, transaction amounts. Stripe is PCI-DSS compliant and handles all sensitive payment data directly.
Google	OAuth authentication	Authentication tokens, basic profile information (name, email, profile picture) when you choose to sign in with Google.
PostHog	Analytics and telemetry	Usage events (feature clicks, session data), device information (OS, app version), and anonymized interaction data.
Resend	Email delivery	Your email address, used solely to deliver authentication codes and transactional messages.
Amazon Web Services (AWS)	Hosting and storage	Backend infrastructure hosting, data storage, and file hosting for application downloads. All data processed through Jamverse may be stored on AWS infrastructure.

Each of these providers operates under their own privacy policies. We encourage you to review their respective privacy policies to understand how they handle your data.

5. Data Sharing

Your data is shared only in the following limited circumstances:

• Third-party service providers — as listed in Section 4 above, solely as necessary to provide and operate the Service
• Legal requirements — if required by law, regulation, legal process, or enforceable governmental request (e.g., a valid subpoena or court order)
• Protection of rights — if necessary to protect the rights, property, or safety of Jamverse, our users, or the public

6. Data Retention

We retain your data according to the following schedule:

• Account data — retained while your account is active, plus 30 days following a deletion request, to allow for account recovery and complete data removal
• Usage and session logs — retained for 90 days, after which they are permanently deleted
• Payment and transaction records — retained as required by applicable tax, accounting, and legal obligations
• Audio content — retained only as long as necessary to provide the Service. When you delete audio content or your account, it will be removed in accordance with our standard deletion process

7. Your Rights — GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete personal data
• Right to erasure ("right to be forgotten") — request deletion of your personal data when it is no longer necessary for the purposes for which it was collected
• Right to data portability — receive your personal data in a structured, commonly used, machine-readable format
• Right to restriction of processing — request that we limit how we use your data under certain circumstances
• Right to object — object to our processing of your personal data for certain purposes, including direct marketing
• Right to withdraw consent — where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us using the details in Section 14 below. We will respond to your request within 30 days. If we need additional time, we will notify you of the extension and the reasons for the delay.

8. Your Rights — CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to know — you may request that we disclose what personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it
• Right to delete — you may request the deletion of personal information we have collected from you, subject to certain legal exceptions
• Right to opt-out of sale — you have the right to opt out of the sale of your personal information. However, we do NOT sell your personal data, so this right does not currently apply
• Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing for making such requests

To submit a CCPA request, please contact us using the details in Section 14 below.

9. Children's Privacy

We take the privacy of children seriously and comply with applicable laws regarding the collection of personal data from minors.

United States — COPPA

In accordance with the Children's Online Privacy Protection Act (COPPA), users under the age of 13 in the United States must obtain verifiable parental consent before creating a Jamverse account or using the Service.

European Union / EEA — GDPR Article 8

Under GDPR Article 8, users under the age of 16 in the EU/EEA require parental or guardian consent to use services that process personal data. Some EU member states may set a lower age threshold (but not below 13).

Parental Consent Process

To provide parental consent, a parent or legal guardian must contact us at the email address provided in Section 14 below. We will provide instructions for verifying parental identity and granting consent.

10. Cookies and Tracking Technologies

Jamverse is a desktop application, not a traditional website. As such, our use of cookies and tracking technologies differs from web-based services:

• PostHog analytics — we use PostHog for in-app analytics and telemetry. Consent for analytics data collection is requested on first app launch. You may opt out at any time through the app settings
• No third-party advertising cookies — Jamverse does not use any third-party advertising cookies or tracking pixels. We do not serve ads
• Session tokens — authentication session tokens are stored locally on your device to keep you signed in. These are essential for the Service to function and are not used for tracking purposes

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption in transit — all communications between the Jamverse desktop client and our servers are encrypted using HTTPS/TLS
• Secure authentication — authentication tokens are stored securely on your device and transmitted over encrypted channels
• PCI compliance — all payment card data is handled exclusively by Stripe, which is PCI-DSS Level 1 certified. Jamverse servers never process or store raw payment card information
• Infrastructure security — we conduct regular security reviews of our infrastructure and follow industry best practices for server configuration and access control

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining and improving our security practices.

12. International Data Transfers

Jamverse serves users globally. Your personal data may be processed and stored in the United States and the European Union, depending on the AWS region used and the location of our service providers.

For users in the EU/EEA, any transfer of personal data to countries outside the EU/EEA that have not been deemed to provide an adequate level of data protection will be protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms recognized under applicable data protection law.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:

• The "Effective Date" and version number at the top of this page will be updated
• Material changes will be communicated to you via email or through an in-app notification before they take effect
• Your continued use of Jamverse after being notified of changes constitutes your acceptance of the updated Privacy Policy

We encourage you to review this page periodically to stay informed about how we protect your data.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your information is handled, please contact us: