Replist Privacy Policy

Effective Date: March 30, 2026 Last Updated: March 30, 2026

This Privacy Policy explains how Replist ("Replist," "we," "us," or "our") collects, uses, and shares information when you use the Replist mobile application (the "App"), our website at replist.app (the "Website"), and related services (collectively, the "Services"). Replist is a repertoire management app for musicians who improvise, jam, and perform — helping users track what tunes they know, log practice sessions, and collaborate with friends and groups.

Replist is developed and operated by Innocence Labs.

If you have questions or requests about this Privacy Policy or your personal data, contact us at team@innocencelabs.com.

1) Summary (Plain English)

We collect the minimum data needed to run Replist: your account information (email, username, display name, password), your repertoire and practice data, and optional profile information (bio, instruments, avatar). We do not sell your personal information. We do not run ads. We do not track you across other apps or websites. Replist has social features (friends, groups, repertoire comparison), so some of your data is visible to users you connect with. You can delete your account and all associated data from within the App.

2) Information We Collect

A. Information you provide

Account Information: We collect your email address, display name, username, and password when you create an account. Passwords are securely hashed using an industry-standard one-way algorithm and are never stored in plain text.

Profile Information: You may optionally provide a bio and a list of instruments you play. This information is visible to other users who view your profile.

Profile Image (Optional): If you upload a profile photo, we collect and store that image. Profile images are stored in a public bucket, making them accessible via URL to other users you interact with (friends, group members, search results). Your profile image is deleted from our storage if you delete your account.

Repertoire Data: We collect the tunes you add to your repertoire, including which instruments you play them on, your knowledge tier for each (Want to Learn, Learning, Comfortable, Mastered), and any personal notes you add. Repertoire data is visible to your friends and group members.

Practice Logs: We collect practice session data you log, including which tune you practiced, duration, notes, and timestamps.

Tune Catalog Contributions: If you add tunes to the shared catalog, suggest edits to existing tunes (including Spotify links), or flag duplicates, we collect those contributions along with your user ID.

File Attachments: You may upload file attachments to tunes (PDFs, images). These are stored in a private bucket and are accessible only to you.

Groups: If you create or join a group, we store group membership, role (owner/member), and which tunes are added to the group. Your repertoire for group tunes is visible to other group members.

Friend Connections: When you send or receive friend requests, we store the connection and its status (pending, accepted, declined).

Waitlist (Website): If you join our waitlist on the Website, we collect your email address to notify you when Replist launches or becomes available.

Contact Form (Website): If you contact us through the Website, we collect your name, email address, and message.

B. Information collected automatically

We do not use third-party analytics, advertising SDKs, or tracking technologies. We do not collect device identifiers, location data, or browsing history. Supabase (our backend provider) may generate standard server logs for security and reliability purposes.

3) How We Use Information

We use the information described above to:

4) Data Visible to Other Users

Replist includes social features. The following information may be visible to other users:

Visible to anyone who searches for you: Your display name, username, profile image, bio, and instruments.

Visible to friends: Everything above, plus your full repertoire (tunes, instruments, and knowledge tiers). Friends can also compare repertoires with you to find common and unique tunes.

Visible to group members: Everything visible to searchers, plus your repertoire entries for tunes in the shared group list (including knowledge tiers).

Never visible to other users: Your email address, practice logs, personal tune notes, file attachments, and password.

5) When We Share Information

We share information only as described below.

A. Service providers (processors)

We use trusted vendors to operate the Services. They process data on our behalf under their respective terms and policies.

Supabase (Backend Infrastructure): We use Supabase for authentication, database, file storage, and edge functions. Your data is stored in Supabase-managed Postgres databases and storage buckets on AWS in the US region. Data is encrypted at rest and in transit.

Anthropic (Catalog Verification): When users suggest edits to the tune catalog, we use Anthropic's API to automatically verify the accuracy of suggestions. The data sent includes only the tune title, composer, and suggested changes — no personal information is included in these requests.

Resend (Email Delivery): We use Resend to deliver email notifications (for example, notifying us when a contact form is submitted). Contact form data (name, email, message) is included in these notification emails. Resend processes this data under their privacy policy.

B. Legal and safety

We may share information if we believe it is reasonably necessary to comply with law, regulation, legal process, or governmental request; enforce applicable terms and policies; protect the security or integrity of the Services; or protect the rights, property, and safety of Replist, our users, or others.

C. Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

We do not sell your personal information.

6) No Advertising & No Tracking

Replist does not display third-party ads. We do not track you across other companies' apps, websites, or services for advertising or measurement purposes.

We do not collect: location data, contacts or address book data, health or fitness data, browsing history, phone number, physical address, advertising identifiers (IDFA), or device fingerprinting data.

The Website does not use cookies, tracking pixels, or third-party analytics.

7) Data Storage and Security

Data Location: Your account data, repertoire, practice logs, and social connections are stored in Supabase (Postgres on AWS, US region). Profile images are stored in a public Supabase Storage bucket. Tune attachments are stored in a private Supabase Storage bucket. Authentication tokens are stored securely on your device (iOS Keychain) and remain active until you sign out or delete your account.

Security Measures: We use reasonable administrative, technical, and physical safeguards designed to protect information, including HTTPS encryption in transit, encrypted storage at rest, row-level security policies on all database tables, and access controls limiting data access to authorized personnel only. No method of transmission or storage is 100% secure, but we work to protect your information.

8) Data Retention

We keep your information for as long as needed to provide the Services, unless a longer retention period is required or permitted by law. Account and repertoire data are retained until you delete them or delete your account. Waitlist emails are retained until you request removal. Contact form submissions are retained for customer support records.

9) Your Choices and Rights

Delete your account: You can delete your account from within the App (Profile → Delete Account). This permanently removes your profile, repertoire, practice history, friend connections, group memberships, file attachments, and stored files. If you are the owner of a group, ownership is transferred before deletion.

Edit your profile: You can update your display name, username, bio, instruments, and profile image at any time.

Remove friends: You can remove friend connections at any time.

Leave groups: You can leave any group you are a member of.

Waitlist and contact data: To request deletion of waitlist or contact form data, email us at team@innocencelabs.com.

Depending on where you live, you may have the right to request access to, correction of, deletion of, or a portable copy of your personal information. You can make requests at team@innocencelabs.com.

10) Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:

11) Children's Privacy

Replist is intended for a general audience but is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, contact us at team@innocencelabs.com and we will take steps to delete it.

12) Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last Updated" date at the top and take reasonable steps to notify you. Your continued use of the Services after changes become effective means you accept the updated policy.

13) Contact Us

For questions, concerns, or privacy requests, contact team@innocencelabs.com.