ChordMe · Legal
ChordMe is developed and operated by Dreambuff. Our backend API is hosted at api.dreambuff.com. If you have any questions about this policy, see the Contact section at the bottom.
We collect only what is necessary to operate the app.
| Data | Where it's stored | Purpose |
|---|---|---|
| Username | Our server (api.dreambuff.com) | Identify your account; display in challenge results |
| Email address optional | Our server | Account recovery only — not used for marketing |
| Password | Our server, bcrypt-hashed | Authentication — never stored in plaintext |
| Session token | Your device Keychain | Keep you signed in between sessions |
| Practice stats (streak, accuracy, level) | Your device only (UserDefaults) | Show your progress on the home screen |
| Challenge data | Your device only | Chord progressions you build or receive via link |
ChordMe does not collect your location, contacts, photos, browsing history, or any device identifiers (IDFA, IDFV). No microphone or camera access is requested.
All chord audio is generated in real time on your device using Apple's AVAudioEngine framework (sine-wave synthesis + ADSR envelope + reverb). No audio is recorded, transmitted, or stored anywhere. ChordMe never requests microphone permission.
Creating an account is optional. Solo Practice works without signing in. An account is only required if you want to create and share challenges with friends.
When you register, your username and hashed password are stored on our server. Your email address is optional and is not shared with any third party.
You can request account deletion at any time by contacting us (see below). We will delete your username, email, and all associated data from our server within 30 days.
When you share a challenge, a link is generated in the format:
https://dreambuff.com/chordapp/challenge/{id}
This link encodes a short challenge ID. Anyone with ChordMe installed who taps this link will see the same chord progression you created. The link expires after 48 hours. No personal data is embedded in the link.
ChordMe registers the URL scheme chordme:// on your device to handle these deep links. This is a local registration only — no data is sent to any server when the app opens via a link.
We do not sell, rent, or trade your personal data. We do not share your data with advertisers or analytics companies.
We may share data only in the following limited circumstances:
ChordMe does not integrate third-party analytics (e.g., Firebase, Mixpanel, Amplitude), advertising networks, or social login providers.
The app uses Apple system frameworks only (SwiftUI, AVAudioEngine, Keychain). Apple's own privacy practices apply to the iOS operating system layer; see apple.com/privacy for details.
ChordMe is rated 4+ on the App Store and is suitable for all ages. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
Depending on your location, you may have the right to:
To exercise any of these rights, contact us at the email address below. We will respond within 30 days.
Passwords are hashed with bcrypt before storage. Session tokens are stored in the iOS Keychain, which uses hardware-backed encryption. All network communication with our API uses HTTPS/TLS.
No system is completely secure. If you discover a security issue, please report it to us privately before disclosing it publicly.
If we make material changes to this policy, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of ChordMe after changes are posted constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or want to request account deletion:
Email: lenye01@gmail.com
We aim to respond to all privacy-related inquiries within 5 business days.