Privacy Policy

1. Introduction

RECORDER-ED ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our music education platform.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all users including students, teachers, parents, and guardians.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Personal Information

We collect information that you provide directly to us:

• Account Information: Name, email address, password, username
• Profile Information: Date of birth, phone number, address
• Child Profiles: Names and dates of birth of children (for parent/guardian accounts)
• Payment Information: Processed securely through Stripe (we do not store card details)
• Communications: Messages between students and teachers, support tickets
• Educational Data: Lesson history, progress notes, shared materials, exam registrations

3.2 Automatically Collected Information

• IP address and device information
• Browser type and version
• Usage data (pages visited, features used)
• Cookies and similar tracking technologies

4. How We Use Your Information

We process your personal data on the following lawful bases:

4.1 Contract Performance

• Providing access to lessons, workshops, and courses
• Processing payments and managing bookings
• Facilitating communication between students and teachers
• Managing your account and preferences

4.2 Legitimate Interests

• Improving and personalizing your experience
• Sending service-related notifications
• Analyzing platform usage to improve our services
• Preventing fraud and ensuring platform security

4.3 Legal Obligations

• Complying with legal and regulatory requirements
• Responding to legal requests and preventing illegal activity

4.4 Consent

We currently do not send marketing communications or use non-essential cookies. We only use essential cookies necessary for the platform to function (authentication, session management). If this changes in the future, we will seek your explicit consent.

5. How We Share Your Information

We share your information only in the following circumstances:

• Teachers and Students: We share necessary information between teachers and students to facilitate lessons (names, contact details, lesson schedules)
• Payment Processors: Stripe processes payments securely (see Stripe's privacy policy)
• Service Providers: Cloud hosting, email services, and analytics providers under strict data protection agreements
• Legal Requirements: When required by law or to protect rights and safety

We never sell your personal data to third parties.

6. Children's Privacy

We take special care with children's data. Users under 18 must have a parent or guardian create and manage their account through a child profile system.

• Parents/guardians provide consent for data processing
• We collect only necessary information for educational purposes
• Parents can access, update, or delete child data at any time
• We comply with children's privacy regulations

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, contact us at [contact email]. We will respond within one month.

8. Data Retention

We retain your personal data only as long as necessary:

• Active Accounts: Retained while your account is active
• Financial Records: 7 years (UK tax requirements)
• Educational Records: Deleted when no longer needed for educational purposes
• Inactive Accounts: Deleted after 2 years of inactivity (with notice)

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit and at rest
• Secure password hashing
• Regular security assessments
• Access controls and authentication
• Secure cloud infrastructure

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and stored in countries outside the UK/EEA. When we do this, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK ICO
• Adequacy decisions by the UK government
• Service providers certified under recognized data protection frameworks

11. Cookies

We only use essential cookies that are strictly necessary for the platform to function properly. These include:

• Authentication cookies: Keep you logged in to your account
• Session cookies: Maintain your session as you navigate the platform
• Security cookies: Protect against cross-site request forgery (CSRF) attacks

We do not currently use non-essential cookies for analytics, advertising, or tracking. These essential cookies do not require consent under GDPR as they are necessary for the service you have requested.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

Right to Lodge a Complaint:
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):