Chord

Privacy Policy

Company: Chord Social | Website: chordsocial.com | Last updated: 30 May 2026 | Contact: legal@chordsocial.com

This Privacy Policy explains how Chord Social ("we", "us", "our") collects, uses, stores, and protects your personal data when you use chordsocial.com and the Chord application (together, "the Service"). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Chord Social is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, contact us at legal@chordsocial.com.

2. What Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Your name and display name
  • Your email address (via Google OAuth or direct registration)
  • Your username and profile bio
  • Your profile avatar (initials-based unless you upload an image)
  • Your Google account ID (if you sign in with Google)

2.2 Content Data

We store content you create on the Service, including:

  • Notes (posts) you write
  • Replies you post
  • Amplifications (Chords) you make
  • Accounts you follow

2.3 Usage Data

We collect limited usage data to enforce our 100-minute daily limit:

  • Daily minutes used on the platform
  • Last active date

2.4 Payment Data

Payments are processed by Stripe. We do not store your card details. We store only:

  • Your Stripe customer ID
  • Your subscription status and type
  • The date your subscription was activated

2.5 Technical Data

We collect standard technical data necessary to operate the Service:

  • Session cookies (httpOnly, required for authentication)
  • Server logs (IP address, request timestamps) — retained for 30 days

3. How We Use Your Data

We use your data only for the following purposes:

  • To provide and maintain the Service (lawful basis: contract)
  • To process your subscription payment (lawful basis: contract)
  • To enforce our community rules and daily usage limits (lawful basis: legitimate interests)
  • To respond to support requests and legal inquiries (lawful basis: legitimate interests)
  • To comply with legal obligations (lawful basis: legal obligation)

We do not use your data for advertising. We do not sell your data to third parties. We do not use your data to train AI models.

4. Third-Party Processors

We share data with the following third-party processors only to the extent necessary to provide the Service:

  • Supabase (database and authentication) — servers in the EU
  • Stripe (payment processing) — operates globally under standard contractual clauses
  • Google (OAuth sign-in) — only if you choose to sign in with Google
  • Vercel (hosting and infrastructure) — servers in the EU/UK

All processors are bound by data processing agreements and appropriate safeguards.

5. Data Retention

  • Your account data is retained for as long as your account is active.
  • If you delete your account, your personal data is deleted within 30 days. Content may be anonymised rather than deleted where required for referential integrity.
  • Server logs are retained for 30 days.
  • Payment records are retained for 7 years as required by UK tax law.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — ask us to delete your data (subject to legal retention requirements)
  • Right to restrict processing — ask us to limit how we use your data
  • Right to data portability — request your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests

To exercise any of these rights, email legal@chordsocial.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies

We use only essential cookies required to operate the Service:

  • Session cookie — keeps you logged in. HttpOnly, Secure. Expires on sign-out.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

8. Children

The Service is not intended for anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has created an account, contact us at legal@chordsocial.com and we will delete the account promptly.

9. Security

We take appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), server-side session management, row-level database security, and restricted access to production systems. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by posting a notice in the app and updating the "Last updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions: legal@chordsocial.com
For general support: hello@chordsocial.com