Privacy Policy

Account information — When you sign up, we collect your name and email address. You may optionally add a bio, profile photo, voice type, and instrument list from your profile settings.

Practice and progress data — We store records of your practice sessions (duration, category, notes you add), your musicianship exercise scores, course progress, and rhythm training progress. This data exists to show you your own growth over time.

Community content — Posts and comments you write in the community feed are stored and visible to other members. You can delete your own posts at any time.

Payment information — If you subscribe, payments are processed by Stripe. We receive a record of your transaction (plan, status, date) but we never see or store your full card number. Stripe's own privacy policy governs how they handle payment data.

Usage data — Like most web platforms, we collect basic usage information: which pages you visit, when, and from what type of device. This is used to improve the platform, not to profile you individually.

Communications — If you contact us by email, we keep a record of that correspondence to help resolve your issue.

We use the data we collect to:

• Run your account and deliver the platform — courses, live classes, community, and interactive exercises
• Show you your own progress — practice reflections, tier advancement, practice history
• Process your subscription payments
• Send you transactional emails — account confirmation, payment receipts, password resets
• Send you occasional platform updates and new feature announcements (you can unsubscribe at any time)
• Improve the platform based on how people use it
• Keep the community safe by enforcing our community standards

We do not sell your personal data. We do not use your data for advertising on other platforms. We do not build profiles of you to sell to third parties.

We share data only with services that are necessary to run the platform:

• Supabase — our database and authentication provider. Your account and progress data is stored here.
• Stripe — payment processing. They handle subscription billing securely.
• GoHighLevel (GHL) — our CRM, used to manage member communications and support. When you create an account or subscribe, your name and email are synced to GHL so we can send you relevant messages and support you as a member.
• Jitsi / video conferencing — for live class rooms. When you join a class, you connect to a Jitsi room. No personal data beyond your name (visible in the room) is shared.

All third-party services are chosen for their privacy and security standards. We do not share your data beyond what is needed to deliver the service.

When you create a Himig account, your name and email are synced to our GoHighLevel (GHL) account so we can communicate with you about your membership, new features, and community updates.

You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at hello@himig.co. Transactional emails (payment receipts, account security) cannot be turned off as they are necessary for the service.

Himig uses cookies to keep you signed in and to remember your preferences (such as dark/light mode). These are essential cookies — they are required for the platform to function.

We also use browser local storage to save temporary state (such as your rhythm training progress when offline). This data lives only in your browser and is not sent to our servers unless you are signed in, in which case it is synced to your account.

We do not use advertising cookies or third-party tracking pixels.

We keep your account data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required by law to retain it (for example, payment records).

Community posts you've made may remain visible for a short period after account deletion as part of discussion threads. Content you explicitly delete is removed promptly.

Depending on where you are located, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correct — update inaccurate information (most of this you can do yourself in your profile)
• Delete — request that we delete your account and personal data
• Portability — request your data in a machine-readable format
• Object — opt out of certain types of data processing

To exercise any of these rights, email us at hello@himig.co. We will respond within 30 days.

We take data security seriously. Your data is stored on Supabase infrastructure with encryption at rest and in transit. Passwords are never stored in plain text — they are hashed by Supabase Auth. Payment data is handled entirely by Stripe, which holds PCI DSS compliance.

No system is 100% secure. If we ever become aware of a data breach affecting your personal information, we will notify you promptly as required by applicable law.

Himig is operated from the Philippines. If you access the platform from outside the Philippines, your data may be transferred to and processed in the Philippines or other countries where our service providers operate (including the United States, where Supabase and Stripe are based).

If you are in the European Economic Area (EEA), you have rights under GDPR. We process your data on the basis of your consent (when you sign up) and to perform the contract between us (delivering your subscription).

If we make significant changes to this privacy policy, we will notify you by email and by an in-app notice before the changes take effect. The "last updated" date at the top of this page always reflects the most recent version.