Legal

Privacy Policy

Last updated: March 2026 — plain language, no legalese.

Short version: we collect the minimum needed to run the service. Your songs are yours. We don't sell your data. You can export or delete everything at any time.

What data we collect

We collect only what's needed to make GigFrame work:

Your email address and name — to create your account
Your songs — chord charts, lyrics, tab grids, metadata (title, artist, BPM)
Your setlists — ordered collections of songs with optional BPM overrides
Your band information — band name, tier, member roles
Your preferences — instrument role, display settings
Session tokens — to keep you logged in between visits
Hashed IP addresses — for rate limiting feedback submissions only (SHA-256 hash, not raw IP)

We do not collect payment information (no payments yet). We do not read the content of your songs except to serve them back to you.

How we store it

All data is stored on Cloudflare infrastructure:

Cloudflare D1 — structured data (accounts, songs metadata, bands, setlists)
Cloudflare R2 — song files (.gfr format, PDFs, ChordPro files)
Cloudflare KV — live performance state (temporary, in-memory during a session)

Cloudflare's infrastructure is distributed globally. Data is encrypted at rest and in transit. See Cloudflare's privacy policy for their data handling details.

Who can access it

You — always, via the app or via our export API
Your band members — can see songs and setlists shared within your band
Band admins — can manage band settings and membership
GigFrame team — can access data for support and debugging, but we don't read your songs unless you ask us to help with a problem

We do not sell, rent, or share your data with third parties for advertising or any other commercial purpose.

No tracking cookies

We use Cloudflare Web Analytics for basic traffic statistics. It is cookieless by design — no tracking pixels, no fingerprinting, no cross-site tracking. We do not use Google Analytics or any other tracking service.

Session cookies are used only to keep you logged in. They are not tracking cookies and are not shared with third parties.

Third-party services

Cloudflare — infrastructure, hosting, analytics, DDoS protection
Google OAuth — optional sign-in method (only if you choose "Sign in with Google")
Resend — transactional email (email verification, password reset). We send your email address to Resend for this purpose only.
Stripe — payment processing. Card data is handled directly by Stripe and never passes through GigFrame servers (see section below).
Google Play Billing — in-app purchase receipt verification via the Google Play Developer API for Android subscribers (see section below).
OpenRouter — cloud AI vision processing for AI Smart Import (see section below).

AI Smart Import Processing

When you import a photo or PDF of a chord chart via AI Smart Import, the file is sent to OpenRouter, which routes the request to a vision-capable language model. OpenRouter receives the image bytes plus a short extraction prompt; it returns a structured JSON document that we convert into a GigFrame song file.

Our Data Processing Agreement (DPA) with OpenRouter was signed [DATE] in accordance with GDPR Article 28.

Before each upload:

PDF metadata is stripped — title, author, creation date, keywords, producer, and creator fields are removed before the file is sent to OpenRouter, so embedded identity hints do not leak.
Original files stay on Cloudflare R2 — only the metadata-stripped copy is sent outbound; the original remains in our authenticated storage for replay/debugging.
No songs, lyrics, or chart text are persisted by OpenRouter beyond the short call lifetime (per their DPA).

Local-only opt-out: Bands can disable cloud routing entirely and use our private GPU server instead via Studio Settings → AI Imports → Local-only mode. With this toggle enabled, your imports never leave GigFrame infrastructure.

Stripe Payment Processing

When you subscribe to a paid plan via the web, your payment is handled by Stripe. Card data is submitted directly to Stripe's servers via Stripe Elements — it never passes through GigFrame's servers, and GigFrame never stores or sees your card number.

GigFrame receives only a Stripe customer ID and your current subscription status. Stripe is the data controller for your card data; see Stripe's privacy policy for details on how they handle payment information.

Data Stripe receives on our behalf:

Email address — used for billing receipts and invoices
Subscription tier choice — Solo, Band, or Pro

Card numbers and payment credentials are handled client-side by Stripe.js and are not accessible to GigFrame at any point.

Our Data Processing Agreement (DPA) with Stripe was signed [DPA-DATE-PENDING] in accordance with GDPR Article 28.

Google Play Billing

If you subscribe via Google Play on Android, GigFrame's server verifies your purchase receipt with the Google Play Developer API v3. This verification only applies to Android subscribers who choose Google Play as their payment method.

During verification, GigFrame sends your Android purchase token (a reference issued by Google Play itself) to the Google Play Developer API to confirm the purchase is valid. GigFrame does not store raw purchase tokens beyond the verification call; subscription status is stored as a tier flag (e.g. "band") in GigFrame's own database.

Google Play Billing is governed by the Google Play Developer Distribution Agreement and Google's own privacy policy. No separate DPA is required for the Google Play Developer API under those terms.

User-uploaded audio

By uploading audio, you confirm you have rights to the content. GigFrame does not provide license to copyrighted material.

GigFrame processes user-uploaded audio files solely to provide the requested import service; we do not claim ownership of your content.

Your GDPR rights

You have the following rights under GDPR:

Access — export all your data as JSON via GET /api/users/me/export (requires login)
Deletion — delete your account and all data via account settings. This is irreversible.
Correction — edit your profile name and email via profile settings
Portability — the export endpoint returns standard JSON you can take anywhere
Objection — contact us at [email protected] to object to any processing

We respond to GDPR requests within 30 days.

Data retention

We keep your data until you delete your account. When you delete your account, we delete all associated data: your profile, songs, setlists, band memberships (and any bands you are the sole member of), and session tokens.

Backups may retain data for up to 30 days after deletion due to backup rotation schedules.

Children

GigFrame is not directed at children under 16. If you are under 16, please do not create an account. If we become aware that a user is under 16, we will delete their account.

Changes to this policy

We may update this privacy policy as GigFrame evolves. When we make significant changes, we will update the "Last updated" date at the top of this page. Continued use of GigFrame after changes constitutes acceptance of the new policy.

Contact

Questions about your data or this policy? Email us at [email protected].

GigFrame is operated by an independent developer based in Belgium.