Fretboard Foundation
Log in
Toggle sidebar
Fretboard Foundation

Privacy

Last updated: May 31, 2026

Fretboard Foundation is owned and operated by Grimes IT, LLC ("Grimes IT", "Fretboard Foundation", "we", or "us"). This policy explains what information we collect when you use fretboardfoundation.com and our related services (collectively, our "Services"), how we use it, and the choices you have.

We've tried to write this in plain language. If anything is unclear, email us at [email protected].

Our approach to privacy

Privacy is built into how Fretboard Foundation is designed, not bolted on afterward. A few principles drive everything below:

  • You can use most of the site anonymously. Reading lessons and articles, tracking your progress, bookmarking, and using our practice tools require no account and no sign-in. We don't ask who you are, and for the most part we don't know.
  • We don't sell or rent your personal information — ever — and we don't allow third-party advertising or cross-site tracking on our site.
  • Your browsing is not tied to your identity. Our usage analytics are anonymous by design: they're kept in a way we cannot connect to your name or email, not merely a way we promise not to.
  • Your on-device data stays on your device. Reading progress, bookmarks, and tool settings live in your own browser, not on our servers — unless you have an account and choose to sync them.
  • We collect personal information only when you choose to give it — for example, when you subscribe to our newsletter or buy a premium membership — and we use it only for what you gave it for.
  • We tailor emails only from actions you deliberately take (like downloading a worksheet), never by watching how you browse.
  • We keep little, and not for long. We minimize what we collect, rely on privacy-respecting and largely self-hosted infrastructure, and delete data we no longer need.

The rest of this policy is the detailed version.

Information we collect

If you simply browse the site (no account)

Most visitors never give us any personal information, and we don't require it. When you browse:

  • On-device data. Your reading progress, bookmarks, and tool settings are saved in your browser's local storage, on your own device. This information is not sent to us and is not associated with you. You can clear it any time in your browser settings, and the site will keep working.
  • Anonymous usage analytics. We run our own lightweight, self-hosted analytics to understand how the site is used — for example, which lessons are popular. The first time you visit, your browser generates a random identifier (stored in local storage as ff26:analytics-vid) that lets us recognize return visits without knowing who you are. It's a random string, not derived from any personal information; we do not link it to your name, email, or account; we do not share it; and we do not use it for advertising. In this system we record events such as page views and lessons marked as read — never your IP address, a device fingerprint, or any identifying detail. You can delete the identifier any time by clearing your browser storage.
  • Server logs and security data. Like virtually every website, our web server and our content-delivery and security provider (Cloudflare) automatically record technical information about each request, including your IP address, browser type, and the pages requested. We use these logs to operate and secure the site, prevent abuse, and diagnose problems, and we generally review them only when something goes wrong. We do not use them to build profiles of you or for advertising, and they're retained only for a limited period. Cloudflare also gives us aggregate, non-identifying traffic statistics.
  • Error and performance monitoring. To keep the site reliable, we use server-side monitoring (Laravel Nightwatch) and may use client-side error monitoring (such as Sentry) to capture technical diagnostic information when something breaks. This can include technical details such as IP address, browser, and what the software was doing at the time. It's used only to find and fix problems.

If you subscribe to our newsletter

Our newsletter is opt-in and open to anyone — no account required. When you subscribe:

  • We collect your email address and a record of your consent (the date, the page or form you used, and your IP address at that moment), which we keep to demonstrate that you opted in.
  • We use double opt-in: we email you a confirmation link, and you're added only once you click it.
  • If you take actions that show interest in particular content — for example, downloading a worksheet or following a lesson for updates — we may attach interest tags (such as "interested in the beginning harmony course") to your subscriber record, so we can send you relevant updates instead of emailing everyone about everything. These tags come only from actions you deliberately take. We do not build them by watching your browsing, and we do not connect your subscriber record to the anonymous analytics described above.
  • You can unsubscribe any time using the link in any email. Unconfirmed sign-ups are deleted automatically after a short period.

Our subscriber list is managed with self-hosted email software on our own server. Messages are delivered through one or more third-party email-delivery providers, which process your email address and the message in order to send it.

If you buy a premium membership

When we offer paid memberships and you purchase one, we create an account and collect your name and email address.

  • We never see or store your payment card details. Payments are handled by Stripe; your card information goes directly to Stripe under their privacy policy. We receive only your subscription status and limited billing details — never your full card number.
  • Optional cloud sync. With a premium account, you can choose to sync your on-device data — reading progress, bookmarks, and tool settings — to our servers so it's available across your devices. Sync is off until you turn it on; until then (and for everyone without an account) this data never leaves your browser. When you enable it, we store this data under your account so you can use it across your devices. We don't sell it, use it for advertising, or connect it to the anonymous usage analytics, and it's deleted when you delete your account.
  • A signed-in account uses a session cookie to keep you logged in.

Apart from paying members, accounts are reserved for staff and testers who need additional access.

Information we derive

We may attach interest tags to newsletter subscribers based on actions you deliberately take, as described above, so we can send relevant emails. We do not infer sensitive characteristics about you, and we do not build behavioral profiles from your browsing.

How we use information

We use the limited information we collect to:

  • Provide, operate, secure, and improve the Services;
  • Send the newsletter and content updates you asked for, and tailor them to interests you've indicated;
  • Create and manage your account and process premium memberships (through Stripe);
  • Send administrative messages such as confirmations and important notices;
  • Respond to your questions and support requests;
  • Understand, in aggregate and anonymously, how the site is used;
  • Detect, prevent, and investigate abuse, security incidents, and technical problems; and
  • Comply with our legal obligations.

We do not sell or rent personal information, use it for third-party advertising, or connect anonymous usage data to your identity.

Cookies and local storage

We use as little client-side storage as we can:

  • Local storage holds your on-device data (progress, bookmarks, settings) and the anonymous analytics identifier. This stays in your browser and is not a cookie.
  • No tracking or advertising cookies. Content pages are designed to be served without cookies to anonymous visitors.
  • Functional cookies are used only where needed: a session cookie if you're signed in to an account, and a single encrypted cookie, scoped to the downloads area, that streamlines repeat downloads for newsletter subscribers.
  • Cloudflare may set cookies necessary for security and performance.

Most browsers let you block or delete cookies and local storage. Doing so won't break the parts of the site that don't require an account.

How information is shared

We do not sell or rent your personal information. We share it only in these limited circumstances:

  • Service providers. We use a small number of trusted providers to run the Services, each handling only what its job requires: Cloudflare (content delivery, security, and aggregate analytics), our cloud server host, our email-delivery providers, Stripe (payment processing), and monitoring providers (Laravel Nightwatch, and Sentry if used). Their privacy policies: Cloudflare, Stripe, Laravel Nightwatch, and Sentry.
  • Legal and safety. We may disclose information if required by law or legal process, or where we believe it necessary to protect the rights, property, or safety of our users, the public, or Fretboard Foundation. Where lawful and feasible, we'll give you notice of legal demands for your information.
  • Business transfers. If Fretboard Foundation is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction.
  • With your consent, or at your direction.
  • Aggregated or de-identified information that cannot reasonably identify you may be shared freely.

Data retention

We keep personal information only as long as we need it:

  • Anonymous analytics events are deleted after about 12 months.
  • Newsletter data is kept while you remain subscribed. Unconfirmed sign-ups are deleted automatically after a short period; if you unsubscribe, we retain only the minimum needed to honor your choice (for example, to keep you off the list).
  • Account data (including any on-device data you've synced) is kept while your account is active; you can ask us to delete it.
  • Server logs and monitoring data are retained for a limited period for security and troubleshooting, then rotated out.

International transfers

Fretboard Foundation is based in the United States, and our service providers may process information in the United States and other countries. Where required, we take steps to ensure your information receives an adequate level of protection when it crosses borders.

Your choices and rights

  • Browse anonymously. You can use most of the site without giving us any personal information at all.
  • Manage on-device data. Clear your reading progress, bookmarks, settings, and the analytics identifier any time through your browser.
  • Unsubscribe. Every newsletter email includes an unsubscribe link.
  • Access, correct, or delete. You can ask us to access, correct, or delete the personal information we hold about you by emailing [email protected]. If you have an account, you can also manage much of this from your account settings.

We won't discriminate against you for exercising your rights.

U.S. state privacy rights (including California)

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. Depending on where you live, you may have the right to know what personal information we collect, to request its deletion or correction, and not to be discriminated against for exercising these rights. To make a request, email [email protected]. We may need to verify your identity before responding.

Europe, the UK, and Switzerland

If you're in the EEA, the UK, or Switzerland, you have rights under the GDPR (and the UK and Swiss equivalents), including the rights to access, correct, delete, restrict, object to, and port your personal data, and to withdraw consent.

We rely on these legal bases:

  • Consent — for sending the newsletter and content updates, and for the interest tags used to tailor them. You can withdraw consent any time by unsubscribing.
  • Contract — to provide a premium membership you've purchased.
  • Legitimate interests — to operate, secure, and improve the Services, including server logs, error monitoring, abuse prevention, and anonymous, non-identifying usage analytics. We balance these interests against your rights.
  • Legal obligation — to keep records we're legally required to keep, such as proof of consent.

To exercise your rights, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.

Children's privacy

Children are welcome to learn from Fretboard Foundation. Our lessons, articles, and learning tools can be used anonymously — with no account and no personal information — so a child can use them freely without giving us anything about themselves. The only features that collect personal information, the newsletter and premium memberships, are not directed to children under 13, and we do not knowingly collect personal information from children under 13 (or the minimum age where they live). If you believe a child has provided us personal information, please contact us and we'll delete it.

Our companion book site

The Fretboard Foundation book is published at book.fretboardfoundation.com, a separate static site hosted on GitHub Pages and served through Cloudflare. It carries no third-party analytics, advertising, or cross-site tracking, and this privacy policy applies to it as well.

Changes to this policy

We may update this policy from time to time. When we do, we'll revise the "Last updated" date above and, for significant changes, provide a more prominent notice. We encourage you to check back periodically.

Contact us

Questions or requests about this policy or your information? Email us at [email protected], and please mention Fretboard Foundation and the nature of your request.

Sign up for the Fretboard Foundation newsletter