A few days ago we shipped practice streaks and notifications and wrote that our reminders were designed to respect you. Bold claim. And right after a launch is exactly the dangerous moment — the moment you start trusting a fresh system. So before leaning on it, we did the thing that never makes a launch post: we audited it end to end — the iOS app, the Android app, and the server — looking for every place where the code didn’t live up to the words.

This is the unglamorous part of building software. Nobody applauds an audit. But it’s where trust actually comes from, so here’s an honest window into it.

How we hunted

We pointed a small army of automated AI reviewers at our own code — roughly ninety review agents across two passes. We’re not going to pretend that’s magic: about a quarter of what they flagged turned out to be false alarms, which is exactly why every single finding was independently re-verified against the actual code by an adversarial checker before we accepted it. What survived was about fifty real issues, ranging from cosmetic to genuinely embarrassing. We fixed them in four verified batches — full server test suite green, both apps building, every time. The tooling found the threads; the pulling was still on us.

Respect also covers leaving

The finding that stung most: we’d written a whole post about notifications respecting you, and the code didn’t fully respect the moment you leave.

If you deleted your account, our delivery queries could still push to your device during the 7-day deletion grace window. Worse — the scheduled cleanup job that enforces our “purged after 7 days” promise existed only as a manual task nobody had wired up to actually run. A promise with no enforcement is a hope. Now deleting your account silences push instantly, and a daily job actually enforces the purge.

Sign-out had a cousin of the same bug. On Android, signing out didn’t release the device’s push registration — in theory, the next person using that phone could receive the previous account’s notifications. Goodbye paths get a fraction of the attention the happy path gets, because nobody builds a feature dreaming about how people will leave it. But that’s where trust lives. Fixed on both platforms, including the subtle ordering: you have to release the registration while your credentials are still valid.

Respecting your attention and respecting your exit are the same promise.

One bad message, one mass wipe

The scariest one: a single malformed broadcast message could have been misread as “all of these devices are dead” — and deleted every Android push registration we had, in one shot. Nothing would have crashed. No error a user would ever see. Android push would have just quietly stopped. (Your on-device practice reminders would have kept firing — small mercy.) We caught it before Android push even finished rolling out, so it never actually happened. Now only true dead-device signals remove a registration — a garbled message removes nothing — and broadcasting to everyone requires an explicit confirmation step in our admin tools.

Two answers to one question

A smaller find, but the kind users actually notice: every morning the stats screen said “Streak: 0” until you practiced — while the morning reminder cheerfully said “Keep your 30-day streak alive!” Same app, two answers. Both now use the same number: the streak that’s still alive through yesterday. An app that contradicts itself is an app you stop believing.

Reminders that survive the real world

We also rebuilt Android reminders so the decision — skip if you’ve already practiced, what the copy says — happens at the moment the reminder fires, not hours earlier when it was scheduled. The schedule now survives reboots and force-stops, there’s a proper status-bar icon, and tapping a notification actually takes you to the right screen.

And a layer of guardrails underneath it all: per-account device registrations are capped, ancient stale registrations get cleaned up automatically, release builds no longer allow unencrypted HTTP, and credential files are locked out of version control.

Why we’re telling you this

Because “we audited our own launch and found fifty things” is a weird flex — until you consider the alternative, which is every app that doesn’t. The launch is the easy part to talk about. The week after is where the claims get earned.

FretsNotes stays free during the beta on iOS, Android, and the web. Try every exercise in your browser — no install — or request early access to the full app. We’ll keep sharing what we ship — and what we catch. Thanks for following along.