Privacy Policy

Last updated: 2026-05-01

The Jazz Phrase System ("JPS", "we", "us") is operated by Chase Maddox in the United States. This page explains what personal data we collect when you use jazzphrasesystem.com, why we collect it, who we share it with, and your rights — including under the EU General Data Protection Regulation (GDPR) and the UK GDPR for international users.

What we collect

• Account data — your email address and (optionally) your name. We use these to send you sign-in links and (rarely) service emails such as account-related notifications.
• Membership state — your subscription type and status, and the date your access was granted.
• Practice data — which phrases you have viewed, marked Learning, Mastered, Saved, or Hidden, and timestamps for each.
• Onboarding answers — your selected favourite artists, focus areas, skill level, and instrument(s).
• Issue reports — any feedback you submit via the "Report an issue" button on a phrase page.
• Session cookies — a single signed cookie that keeps you logged in for up to 30 days. We do not use third-party advertising cookies.

Why we collect it

• To provide and operate the JPS service (passwordless sign-in, your practice library, your progress tracking).
• To improve the product — your aggregated practice data tells us which phrases land, where members get stuck, and what to build next.
• To respond to issue reports and provide support.

Under the GDPR, the legal basis for processing this data is your consent (you actively chose to register and use the service) and our legitimate interest in operating and improving JPS.

Who we share it with

We use a small number of trusted service providers to run JPS:

• Render — hosts the JPS application and stores the database.
• Cloudflare — provides DNS, DDoS protection, and edge caching for jazzphrasesystem.com.
• Resend — delivers our sign-in emails. Your email address is shared with Resend solely to deliver the email.

We do not sell your data, share it with advertisers, or use it for any purpose other than running JPS. We do not transfer your data outside the providers above.

How long we keep it

We keep your data for as long as your account is active. If you ask us to delete your account, we delete your record and all associated practice data within 30 days. Aggregate, anonymised statistics may be retained for product analytics.

Your rights

You have the right to:

• Access a copy of the personal data we hold about you
• Correct any inaccurate or incomplete data
• Delete your account and all associated data
• Object to or restrict our processing of your data
• Port your data to another service
• Withdraw consent at any time

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are in the EU/EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

Security

We use HTTPS for all traffic, store sign-in tokens with short expiries (30 minutes for self-service, 7 days for admin-issued links), and limit access to the production database to the operator. We do not store passwords because we do not use passwords — sign-in is via emailed one-click link.

Changes

We may update this policy as JPS grows. Material changes will be announced via email and reflected in the "Last updated" date at the top.

Contact

Chase Maddox · [email protected]