Security

Sign-in is handled by our authentication provider; sessions use secure, HTTP-only cookies. We never see or store your card details — Stripe handles payments.

Your profile, progress, projects and analytics are scoped to your account. One player can't read or modify another's data.

Microphone and instrument input for the amp, tuner and training tools is processed in your browser via the Web Audio API. It is not streamed to our servers or retained.

All traffic is served over HTTPS/TLS. Connections to our database, payment and email providers are encrypted.

We avoid third-party advertising and analytics SDKs. Our subprocessors are listed on the Privacy page.

Found a vulnerability? Email security@instrument.ninja. We appreciate responsible disclosure and respond promptly.