Privacy Policy

Effective date: 6 July 2026

1. Introduction

Forte is a music practice app. This Privacy Policy explains how SaxApp Pty Ltd (“we”, “us”, or “our”) collects, uses, stores, shares, and protects (“processes”) your personal information when you:

  • download and use the Forte iOS app (the “App”), including its widgets;
  • visit our website at https://getforte.app, including public profile-link pages at getforte.app/u/<username> (the “Website”); or
  • contact us, including through in-app feedback or by email.

This is a single, combined privacy policy: it expressly covers both the App and the Website (together, the “Services”). If you do not agree with this Policy, please do not use the Services.

2. Who We Are

The Services are owned and operated by SaxApp Pty Ltd, a company based in Australia. For the purposes of laws such as the EU and UK General Data Protection Regulation, SaxApp Pty Ltd is the data controller of the personal information described in this Policy.

  • Company: SaxApp Pty Ltd
  • ABN: 50 671 855 333
  • Postal address: 125 Grays Point Road, Grays Point, NSW, Australia
  • Website: https://getforte.app
  • Privacy contact: privacy@getforte.app
  • Telephone: +61 449 828 938

3. Summary of Key Points

  • You can use Forte without creating an account, including the tuner, basic metronome, keyboard, practice timer, and selected training exercises. Some tools and advanced features require Forte Pro. Without an account, your practice information stays on your device.
  • If you choose to create an account, we collect your email address, password, username, display name, and account privacy choice, and your practice history is saved to your account and synced to our servers.
  • Accounts are private by default. You control whether other users can see your practice statistics and session history.
  • The tuner analyses microphone audio on your device in real time. Microphone audio is never recorded, stored, or uploaded.
  • We do not show ads, do not use advertising or cross-app tracking, and do not sell your personal information.
  • Subscriptions are processed by Apple and managed with RevenueCat. We never receive your full payment card details.
  • The Website does not use analytics scripts, tracking pixels, or non-essential cookies.
  • You can delete your account and associated data directly in the App, and you can separately delete the Forte data stored on your device.

4. Information We Collect

We collect information in four ways: information you provide to us, information collected automatically when you use online features, information generated by other users’ actions that involve you, and information our service providers (such as Apple) make available to us. Much of Forte’s data is also processed only on your device and never reaches us, as described in section 4.3.

4.1 Information you provide to us

  • Account details. When you create an account we collect your email address, a password (stored by our authentication provider in protected, hashed form — we cannot read it), a username, a display name, and your chosen account privacy setting (private or public; private is the default). When you pick a username, the name you type is sent to our servers to check availability.
  • Date of birth. When you create an account we ask for your date of birth to confirm you meet our minimum age requirement and to apply age-based protections (see section 13). If you enter a date of birth that makes you too young for an account, we do not create an account and your date of birth is not sent to or stored on our servers. If an account is created, we store your date of birth against your account while the account exists.
  • Age-range signal from Apple. In regions where age assurance is required, Apple may provide us with an age range for the Apple Account signed in on your device (for example, 16–17 or 18 and over) when you create an account. Apple provides only this range, not your date of birth. We use it, together with the date of birth you enter, to confirm eligibility and apply age-based protections; we do not store the range itself, only whether an age-based restriction applies to your account. Apple handles the underlying age information as an independent controller under its own privacy policy.
  • Profile details. Your preferred instrument and recently used instruments (which can include custom instrument names you type), and your choices about which practice statistics are hidden from other users.
  • Practice data. The practice sessions you record in the App, including session start and end times and the instruments played during each part of a session. When you are signed in, this practice data is synced to your account on our servers. Practice sessions recorded before you create an account are stored only on your device; if you then create an account, those sessions are attached to your new profile and synced, so your existing practice history appears under your account.
  • Feedback and support. If you use Help & Feedback in the App, we collect the category you select, your message, and (optionally) a contact email address, together with the App version and build number and a support identifier so we can act on your report. If you email us, we collect the information you include in your message.
  • Sharing actions. If you share your profile invite link or QR code, the link contains your username. What happens after you share it depends on the destination you choose in the iOS share sheet.

4.2 Information collected automatically

When you use features that connect to our servers or our service providers, we collect:

  • Account and service identifiers. A unique account ID, a subscription app-user ID used by our subscription provider (an anonymous identifier if you have not signed in), and notification installation identifiers for your device.
  • App download transaction identifier. If you sign in to a Forte account, we store the identifier Apple assigns to your App Store download of Forte (the “appTransactionID”) together with your account. Where a US state app-store law applies, Apple uses this identifier to tell us when a parent or guardian withdraws consent for a minor’s use of Forte, and we use it only to act on that withdrawal (for example, signing the account out), to comply with those laws, and for related safety and record-keeping purposes.
  • Device and notification data. If you enable social push notifications, a push notification device token issued by Apple, the platform (iOS), and related installation credentials used to deliver notifications to your device and to remove stale registrations.
  • Purchase and subscription data. Your subscription and entitlement status (for example whether a Forte Pro subscription is active), purchase and restore events, and related product interaction needed to operate the paywall and subscriptions. Payments are processed by Apple; we never receive your full payment card number or banking credentials.
  • Search queries. If you search for other users in the App, your search query is processed to return results. Our anti-abuse logs do not store your raw search text; they store a one-way coded fingerprint and the query length.
  • Technical and connection data. When your device communicates with our servers, we process your IP address, request timestamps, and related request metadata for delivery, security, rate limiting, and abuse prevention. Where feasible, our security logs store one-way coded fingerprints instead of raw identifiers.
  • App analytics, crash, and performance reports via Apple. For users who have opted in (in iOS settings) to share data with developers, we receive aggregated App Store analytics and crash and performance diagnostics from Apple. Apple provides these opt-in reports to us in a form that is not personally identifiable to us, and we use them to understand overall usage and to fix crashes and performance problems.
  • App Store sales and subscription reports. Separately from the opt-in reports above, Apple provides App Store acquisition, sales, transaction, and subscription reporting for all purchases as part of operating the App Store, regardless of your analytics opt-in. These reports do not identify individual customers to us; Apple holds the underlying transaction records as an independent controller (section 8.1).
  • Subscription analytics. We use our subscription provider’s reporting (for example active subscription counts and conversion metrics) to understand subscription performance.

4.3 Information processed only on your device

The following information is processed locally on your device and is not transmitted to us:

  • Microphone audio. The tuner uses your microphone (with your permission) to detect the pitch and loudness of your instrument in real time. Audio is analysed on the device and immediately discarded. We never record, store, or upload microphone audio, and the App has no audio recording feature. You can revoke microphone access at any time in iOS Settings.
  • Practice to-do notes. To-do items you write during a practice session stay on your device and are not synced to our servers.
  • Metronome setlists and pieces. Setlist names, piece names, tempos, and related metronome settings stay on your device.
  • Tool settings and training progress. Ear training selections and streaks, dictation and exercise settings, generated sheet music, keyboard and tuner settings, and similar preferences stay on your device.
  • Widgets. Forte’s home screen widgets run on your device and read a locally stored subscription-status value; they do not collect or transmit data.
  • Practice reminders. The optional “Still practicing?” reminder is a local notification scheduled on your device.
  • Metronome flash. The optional flash feature toggles your device’s torch. The camera is not used to capture images or video.

4.4 Statistics we derive from your practice data

From your synced practice sessions we calculate practice statistics, such as total practice time, practice this month, longest and average session, an instrument breakdown, your peak practice day, and practice-time patterns (for example, whether you tend to practise in the morning or at night). These statistics are shown to you, and to other users only in accordance with your visibility settings described in section 7. You can hide individual statistics from other users.

4.5 Information from other users

We process information about you that is generated by other users’ actions — for example, when another user sends you a follow request, follows you, or blocks you. This is necessary to operate the social features described in section 7.

4.6 Website visitors

The Website is an informational site. It does not include analytics scripts, tracking pixels, third-party embeds, or contact forms, and it does not set non-essential cookies. When you visit the Website, our hosting provider (Cloudflare) processes standard web request data — such as your IP address, browser user agent, the pages requested, response status, approximate country or region derived from your IP address, timing, and error details — to deliver the site and to provide security, reliability, and debugging. These operational logs are retained only briefly, as described in section 11.

Public profile-link pages at getforte.app/u/<username> can be opened by anyone who has the link, with or without a Forte account. These pages display only the username that is already contained in the link itself, together with a prompt to open the profile in the App. The Website does not look up, display, or confirm any account information when rendering these pages.

4.7 Information we do not collect

  • We do not access your contacts or address book. The social graph in Forte is built only from follow relationships you and other users create in the App.
  • We do not collect your precise location.
  • We do not record or receive microphone audio.
  • We do not receive your full payment card details; Apple processes payments.
  • We do not collect data for advertising, do not use advertising identifiers, and do not track you across other companies’ apps or websites.

5. How We Use Your Information

We use personal information to:

  • provide and operate the Services, including accounts, practice history sync, profiles, social features, search, notifications, and subscriptions;
  • authenticate you and keep your account secure;
  • deliver push notifications you have enabled (such as follow requests, new followers, and accepted follow requests);
  • respond to your feedback and support requests;
  • protect the Services and our users through security monitoring, rate limiting, anti-abuse and moderation safeguards, and fraud prevention;
  • understand overall usage and improve the Services, using aggregated analytics and crash and performance diagnostics;
  • operate, measure, and improve subscriptions and purchases; and
  • comply with legal obligations and enforce our rights.

We do not use your information for third-party advertising, and we do not send marketing emails. We do not make decisions about you that produce legal or similarly significant effects solely by automated means.

6. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

Where laws such as the EU or UK General Data Protection Regulation apply, we rely on the following legal bases:

  • Performance of a contract. Most processing is necessary to provide the Services you ask for: creating and operating your account, syncing your practice history, providing profiles and social features, delivering subscriptions, and responding to support requests. Providing account details is necessary to use account features; if you prefer not to provide them, you can still use the App’s on-device tools without an account.
  • Legitimate interests. We process limited technical, security, and usage information for our legitimate interests in securing the Services, preventing abuse and fraud, keeping our systems reliable, and improving the Services using aggregated, non-identifying reports. We balance these interests against your rights and apply safeguards such as short retention periods and one-way coded identifiers in security logs.
  • Consent. We rely on consent where required — for example, for the optional contact email you may add to feedback, and for device permissions such as microphone access and notifications, which you grant through iOS and can withdraw at any time in iOS Settings. Withdrawing consent does not affect processing that happened before withdrawal.
  • Legal obligation. We may process information where necessary to comply with applicable law or valid legal process.

7. Social Features and Your Visibility Choices

Forte includes optional social features for signed-in users: profiles, following, a friend activity feed, profile search, and social notifications. You control how visible your information is:

  • Private accounts (default). New accounts are private by default. On a private account, your practice statistics and session history are visible only to you and to followers you approve. Follow requests require your approval.
  • Public accounts. If you switch your account to public, any signed-in user can see your profile, practice statistics, and session summaries, and new followers are approved automatically (including any pending requests at the time you switch).
  • Search. Signed-in Forte users can search for profiles by username or display name. If an account is private, other signed-in users may see a limited profile result, but practice stats and session history are visible only to the account owner and approved followers.
  • Friend activity. Users who follow you (with your approval, if your account is private) can see your recent and in-progress practice activity in their activity feed, including the instrument and practice duration.
  • What others can see. Profile information that may be visible to other users (depending on your settings) includes your username, display name, join date, follower and following counts, practice statistics (except statistics you hide), and summaries of completed practice sessions (start and end times and durations, including instruments). Practice to-dos are currently stored on your device and are not synced or shared by Forte.
  • Blocking. You can block other users. Blocking hides each of you from the other, removes any follow relationships between you in both directions, and removes social notifications between you. You can manage blocked accounts in Settings.
  • Notifications. Social notifications (follow requests, new followers, accepted requests) include the other user’s display name and username and can be delivered to your device as push notifications if you enable them.
  • Profile links. Your profile link (getforte.app/u/<your-username>) contains your username. Anyone who has the link can open the corresponding Website page, which displays that username. Opening your full profile in the App still requires a signed-in user who is allowed to see your content under your privacy settings.

8. When and With Whom We Share Personal Information

We do not sell personal information, and we do not share personal information with data brokers or advertising networks. We share personal information only as described below.

8.1 Service providers

We use a small number of service providers that process personal information on our behalf, under contracts that restrict their use of it, to host, operate, secure, and support the Services:

  • Supabase — backend platform providing our database, account authentication, and server functions. The data described in sections 4.1, 4.2, 4.4, and 4.5 that syncs to our servers is stored on cloud infrastructure located in Sydney, Australia. Supabase privacy notice.
  • RevenueCat — subscription management (purchase validation, entitlement status, and subscription reporting). RevenueCat is based in the United States. RevenueCat privacy policy.
  • Apple — App Store distribution, in-app purchase and payment processing, push notification delivery (Apple Push Notification service), opt-in developer analytics and crash reports, App Store sales and subscription reporting, and, where age assurance is required, an age-range signal used to help verify your age (section 4). For payments, your Apple account, and the age information underlying that signal, Apple acts as an independent controller under its own policy. Apple privacy policy.
  • Cloudflare — Website hosting, content delivery, security, and operational logging for getforte.app. Cloudflare is based in the United States and operates a global network. Cloudflare privacy policy.
  • Upstash — rate-limiting infrastructure used to protect our servers from abuse. Upstash receives only one-way coded rate-limit keys; raw user IDs, IP addresses, usernames, search queries, and device tokens are not sent to Upstash as rate-limit keys. Forte's active Upstash Redis database is configured with its primary region in Sydney, Australia. Upstash privacy policy.
  • Resend — transactional email delivery for account emails (email-address verification codes and password-reset codes). Resend receives the recipient email address, the message content (which contains only the one-time code), and delivery logs. Resend (operated by Plus Five Five, Inc.) is based in the United States, and our sending region is in the United States. Resend privacy policy.

We also use standard business tools (such as email) to handle correspondence you send us.

8.2 Other users and the public

Your profile and practice information is shared with other users only as described in section 7 and as controlled by your visibility settings. Your username appears in profile links you choose to share.

8.3 Legal requirements and safety

We may disclose personal information if we believe in good faith that it is necessary to comply with applicable law or valid legal process (such as a court order), to establish, exercise, or defend legal claims, or to protect the rights, property, or safety of our users, ourselves, or the public. Where lawful requests from public authorities require disclosure, we may be obliged to comply.

8.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganisation, or sale of some or all of our assets, personal information may be transferred as part of that transaction, subject to this Policy or to safeguards that are at least as protective.

8.5 With your consent

We may share personal information for other purposes if you ask us to or give your consent.

9. Cookies and Similar Technologies

The Website does not use analytics, advertising, or tracking cookies, and it does not run analytics scripts, tracking pixels, or similar technologies. We do not set first-party cookies. Our hosting provider, Cloudflare, may set strictly necessary cookies for security purposes (for example, when protecting the site against malicious traffic). Because these are strictly necessary for delivering and securing the site, they do not require consent, and the Website therefore does not show a cookie banner.

The App does not use browser cookies, ad trackers, or third-party analytics or advertising software development kits.

10. International Data Transfers

We are based in Australia, and our service providers process data in other countries. In particular:

  • synced account, profile, practice, social, feedback, and notification data is stored on infrastructure located in Australia (Sydney), managed by Supabase;
  • subscription data is processed by RevenueCat in the United States;
  • Website traffic and operational logs are processed by Cloudflare, headquartered in the United States, on its global network, and rate-limiting keys are processed through an Upstash Redis database configured with its primary region in Australia (Sydney);
  • account verification and password-reset emails are delivered by Resend from infrastructure in the United States; and
  • Apple processes purchases, push notifications, and opt-in analytics on its own global infrastructure — for payments, App Store transactions, and your Apple account, as an independent controller under its own policy (section 8.1).

Some of these countries may not have data protection laws equivalent to those of your country. Where applicable law requires safeguards for these transfers, we rely on the protections in our providers’ data processing agreements, which for a number of our providers incorporate recognised standard contractual clauses, together with the measures described in section 12. Cloudflare additionally maintains active certifications under the EU–U.S. Data Privacy Framework, its UK Extension, and the Swiss–U.S. Data Privacy Framework. Data in transit between the App, the Website, and our servers is encrypted. You can contact us using the details in section 19 for more information about the safeguards that apply to a particular transfer.

11. Data Retention

We keep personal information only as long as needed for the purposes described in this Policy, then delete it. Current retention periods:

  • Account, profile, practice, and social data: kept while your account exists; deleted when you delete your account (section 14).
  • Date of birth and age-based restrictions: your date of birth and any age-based restriction flag are kept while your account exists and are deleted when you delete your account (section 14). A date of birth entered by someone too young for an account is not stored on our servers.
  • App download transaction identifier: kept while your account exists and deleted with it. If Apple tells us a parent or guardian has withdrawn consent for a minor’s use of Forte, we keep a record that the withdrawal was received and acted on; the link between that record and your account is removed when the account is deleted.
  • Feedback submissions: automatically deleted after 180 days, or earlier when deleted with your account.
  • Push notification tokens: removed when you disable social notifications, sign out, or delete your device data or account; inactive registrations are automatically deleted after 180 days.
  • Social moderation audit records: automatically deleted after 30 days.
  • Server operational and error logs: Supabase platform logs (API, authentication, database, and server-function logs) are kept for reliability, security, and debugging under our current Supabase plan’s retention, currently 1 day, and then deleted automatically, with technical measures that avoid recording raw identifiers where feasible.
  • Website operational logs: retained on Cloudflare’s platform under Cloudflare-managed retention for the current Workers Free configuration, currently for up to 3 days, and then deleted automatically.
  • Account email delivery records: verification and password-reset emails are delivered by Resend, which retains the message (containing only the one-time code), the recipient address, and delivery logs under its plan retention, currently 30 days.
  • Local device data: stays on your device until you delete it (section 14) or remove the App.

Residual copies may persist for a limited time in our service providers’ encrypted backups and are purged on their backup schedules. Your customer record with RevenueCat is deleted when you delete your account (section 14); RevenueCat otherwise retains subscription records under its own retention policies. Apple’s App Store transaction records are outside our control and are retained by Apple under Apple’s privacy policy; you can review and manage the data Apple holds about you at privacy.apple.com. We may retain specific information longer where required by law, to resolve disputes, or to enforce our agreements, and where retained for those reasons it is kept only as long as necessary.

12. How We Keep Your Information Safe

We use technical and organisational measures appropriate to the nature of the data we process, including:

  • encryption of data in transit (TLS) between the App, the Website, and our servers;
  • passwords stored in one-way hashed form;
  • security credentials and log identifiers stored in hashed or one-way coded form where feasible;
  • sensitive on-device items (such as notification credentials) stored in the device’s secure keychain;
  • access controls so that server-side data is reachable only through authenticated, permission-checked operations;
  • rate limiting and abuse monitoring; and
  • hosting with reputable infrastructure providers that publish their security practices and certifications.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You can help protect your account by using a strong, unique password and keeping your device and the App up to date. If we become aware of a data breach affecting your personal information, we will investigate, notify affected users and supervisory authorities where required by law, and take reasonable steps to mitigate harm.

13. Children’s Privacy and Age Requirement

Forte is intended for a general audience and is not directed to children. You must be at least 16 years old — or older if a higher minimum age applies where you live — to create a Forte account or to use any account or social feature, including profiles, search, following, follower and following lists, activity feeds, and social notifications. By creating an account, you confirm that you meet this age requirement.

To enforce this requirement, we ask for your date of birth when you create an account, and in regions where age assurance is required we also use an age-range signal provided by Apple (both described in section 4). If either indicates you are under 16, an account is not created. If you are 16 or 17, your account is created as private and cannot be made public until you turn 18. We store your date of birth to apply these protections and so that a private account can become eligible for public visibility once the account holder is 18; it is deleted when you delete your account (section 14). A date of birth entered by someone too young for an account is not stored on our servers.

We do not knowingly collect personal information from anyone under 16. If we learn that an account belongs to someone under the applicable minimum age, we will restrict and then delete that account and its associated personal information. If you believe someone under the minimum age has provided us personal information, or you are a parent or guardian who would like to review or request deletion of a child’s information, please contact us using the details in section 19 and we will act on your request.

14. Managing, Reviewing, and Deleting Your Data

You can manage your information directly in the App:

  • Review and update. You can view and edit your profile details (display name, username, instruments) and see your practice history in the App.
  • Visibility. You can switch your account between private and public, hide individual statistics from other users, and manage followers, follow requests, and blocked accounts in Settings.
  • Notifications and microphone. You can turn practice reminders and social push notifications on or off in Settings, and you can manage notification and microphone permissions in iOS Settings.
  • Subscriptions. You can manage or cancel a subscription through your App Store subscription settings.
  • Delete your account. Settings → Account → Delete Account deletes your sign-in account, your profile, your synced practice sessions, your follow and block relationships, your social notifications, your push notification registrations, your feedback submissions (those linked to your account, plus feedback sent from the device you delete from — including feedback sent before you signed in — if its support identifiers are still stored on that device; feedback we can no longer identify as yours is instead deleted automatically on the 180-day schedule in section 11), and your customer record with our subscription provider. The App then removes Forte’s data from your device. Your App Store purchase history is held by Apple and is not deleted by this process; you can manage it with Apple.
  • Delete device data. The App’s “Delete Device Data” option removes the Forte data stored on that device (including local practice history, setlists, preferences, and this device’s notification registration). It does not delete your account, data already synced to our servers, purchase records, or data held by our service providers — use Delete Account for that.
  • Removing the App. Deleting the App removes Forte’s locally stored data from your device, except that iOS may preserve small items in the device’s secure keychain (such as sign-in state) until the App is reinstalled or the device is reset. For the most complete local removal, use Delete Device Data (or Delete Account) before removing the App.

You can also exercise any of these options, or any of the rights below, by emailing us at privacy@getforte.app. Including the User ID shown in the App’s settings helps us locate your data.

15. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • to know whether we process your personal information and to request access to it and a copy of it;
  • to correct inaccurate or incomplete information;
  • to delete your personal information;
  • to receive your personal information in a structured, commonly used, machine-readable format (such as CSV or JSON);
  • to object to, or ask us to restrict, certain processing;
  • to withdraw consent at any time where processing is based on consent; and
  • not to be discriminated against for exercising your rights.

You can exercise these rights using the in-app tools described in section 14 or by contacting us at privacy@getforte.app. We may need to verify your identity before acting on a request (for example, by asking you to write from the email address associated with your account and to provide the User ID shown in the App’s settings); we use that information only for verification. We respond within the timeframes required by applicable law. If we cannot fulfil a request, we will explain why, and you may have the right to appeal or to complain to a supervisory authority.

15.1 European Economic Area, United Kingdom, and Switzerland

If you are in the EEA, UK, or Switzerland, the rights above apply to you under the GDPR, the UK GDPR, or the Swiss Federal Act on Data Protection, alongside the legal bases in section 6 and the transfer safeguards in section 10. You also have the right to lodge a complaint with a supervisory authority: in the EEA, your national data protection authority; in the UK, the Information Commissioner’s Office; in Switzerland, the Federal Data Protection and Information Commissioner. We would, however, appreciate the chance to address your concerns first.

16. United States State Privacy Rights

Residents of states with comprehensive privacy laws — including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia — may have rights to access, correct, delete, and obtain a copy of their personal data, to opt out of targeted advertising, sales, and certain profiling, and to appeal a refusal. We honour the access, correction, deletion, and portability rights described in section 15 for all users.

We do not sell personal information, we do not share personal information for cross-context behavioural advertising, we do not use personal information for targeted advertising, and we do not profile you in ways that produce legal or similarly significant effects. Accordingly, there is no sale, sharing, or targeted advertising to opt out of, and we have not sold or shared personal information in the preceding 12 months.

For California residents, the categories of personal information we have collected in the preceding 12 months, as described in section 4, are:

  • Identifiers (collected): display name, username, email address, account and service identifiers, device push token, IP address.
  • Customer records information (collected): name and email address as above, and date of birth (section 4); no financial account details.
  • Commercial information (collected): subscription and purchase status from Apple and our subscription provider.
  • Internet or other electronic network activity (collected): interactions of the App with our servers, in-app profile search activity, and Website request logs.
  • Geolocation data (collected, approximate only): country or region derived from IP address by our infrastructure providers for security and operations; we do not collect precise geolocation.
  • Audio or sensory information (not collected): tuner audio is processed on your device only and never transmitted.
  • Inferences (collected): practice statistics derived from your practice sessions (such as practice-time patterns), used only to display your practice statistics to you and to other users in line with your visibility settings.
  • Sensitive personal information (collected): account login credentials (email address and password). We use login credentials only to authenticate you and secure your account; we do not use or disclose sensitive personal information for purposes that would require a “Limit the Use of My Sensitive Personal Information” option.
  • Characteristics of protected classifications (collected): date of birth, and the age derived from it, used only to verify age eligibility and to apply the age-based account protections described in section 13.
  • Biometric information, professional or employment information, and education information: not collected.

The sources, purposes, disclosures, and retention periods for these categories are described in sections 4, 5, 8, and 11. We disclose the categories above only to the service providers listed in section 8.1 for the business purposes described there. You may designate an authorised agent to submit requests on your behalf; we may require proof of authorisation and verification of your identity. If we decline a request, you may appeal by replying to our decision or emailing privacy@getforte.app with the subject “Privacy Appeal”; if your appeal is denied, you may contact your state attorney general. California’s “Shine the Light” law: we do not disclose personal information to third parties for their direct marketing purposes.

17. Do-Not-Track and Global Privacy Control

We do not track users over time or across third-party websites or apps, so there is no cross-site tracking for a “Do-Not-Track” browser signal to switch off, and we do not respond to such signals. Because we do not sell or share personal information or use it for targeted advertising, opt-out preference signals such as Global Privacy Control have no additional effect on how we process your data — every user already receives the protections described in this Policy.

18. Additional Regional Disclosures

Australia. Where the Privacy Act 1988 (Cth) applies to our handling of personal information, we comply with its applicable requirements, including the Australian Privacy Principles. You can raise a privacy concern using the contact details in section 19, and we will review and respond to it.

New Zealand. Where the Privacy Act 2020 (NZ) applies, this Policy describes the kinds of personal information we collect, how we collect and hold it, the purposes for which we use it, and how you can access and correct it (sections 14 and 15). Information may be disclosed to overseas service providers as described in section 10. If you have a complaint, you may contact us using the details in section 19. You may also complain to the Office of the Privacy Commissioner.

Canada. We process personal information in accordance with the Personal Information Protection and Electronic Documents Act and applicable provincial laws (including Quebec’s Act respecting the protection of personal information in the private sector). For purposes of Quebec privacy law, the person exercising the highest authority at SaxApp Pty Ltd serves as the person in charge of the protection of personal information and may be contacted through our Privacy Contact using the details in section 19. You may request access to or correction of your personal information, request a copy of computerized personal information collected from you in a structured, commonly used technological format, and withdraw consent subject to legal and contractual restrictions, using those contact details. Your information may be processed outside Canada (see section 10). If you are not satisfied with our response to a privacy concern, you may contact the Office of the Privacy Commissioner of Canada or your provincial regulator.

Brazil. If the Lei Geral de Proteção de Dados (LGPD) applies to you, you have rights to confirmation of processing, access, correction, anonymisation or deletion, portability, information about sharing, and revocation of consent. You can exercise them using the contact details in section 19, and you may lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

South Africa. If the Protection of Personal Information Act applies to you, you may request access to or correction of your personal information using the contact details in section 19, and you may lodge a complaint with the Information Regulator (South Africa).

Other regions. Where other local data protection laws give you rights in relation to your personal information, we will honour requests to the extent required by those laws. Contact us using the details in section 19.

19. How to Contact Us

For any questions, concerns, or requests about this Policy or your personal information, contact:

  • SaxApp Pty Ltd
  • ABN: 50 671 855 333
  • Postal address: 125 Grays Point Road, Grays Point, NSW, Australia
  • Privacy contact: privacy@getforte.app
  • Telephone: +61 449 828 938
  • Website: https://getforte.app

When submitting a data request, please include the User ID shown in the App’s settings so we can locate your information.

20. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. The “Effective date” at the top shows when it was last revised. If we make material changes, we will provide prominent notice — for example, in the App or on the Website — and, where applicable law requires advance notice, we will provide it before the changes take effect. We encourage you to review this Policy periodically.

Privacy Terms Contact Français