Privacy Policy

Introduction

Kreisleriana LLC ("Kreisler", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our music learning platform and associated services (hemidemi, rondeau, sestina, and the supporting MIDI, audio, score, and machine-learning services).

Kreisler is an educational product. Every piece of data we collect exists to help you learn, practice, and improve as a musician. We do not sell your personal data, we do not share it with advertisers or data brokers, and we do not use it for purposes outside of operating, securing, and improving the learning experience. The sections below describe, in detail, what we collect and how it is used.

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

Information We Collect

We collect information in the following ways:

Information You Provide

• Account Information: Email address, name (optional), and profile photo (optional) when you create an account
• Profile Data: Musical preferences, skill level, learning goals, and instrument information
• Payment Information: Billing details for subscription services (processed securely by our payment providers)

Information Collected Automatically

• Practice Data: MIDI input during practice sessions, including note events, timing, and velocity
• Performance Metrics: Accuracy scores, session duration, tempo adherence, and progress over time
• Usage Data: Features used, pages visited, and interaction patterns within the application
• Device Information: Browser type, operating system, device identifiers, and MIDI device information
• Log Data: IP address, access times, and error reports

What We Do NOT Collect

• Audio recordings from your environment
• Data from other applications on your device
• Contacts or personal files

How We Use Your Information

All use of your information is in service of our educational mission. Specifically, we use your information to:

• Provide, maintain, and improve the Service
• Analyze your practice sessions and provide personalized feedback
• Track your progress and generate learning recommendations
• Power adaptive exercises, spaced repetition, and skill assessments
• Process payments and manage subscriptions
• Communicate with you about updates, features, and support
• Detect and prevent fraud, abuse, and security issues
• Conduct internal research and analysis to improve our pedagogical models and learning outcomes
• Comply with legal obligations

We do not use your data for behavioral advertising, to train third-party models, or for any purpose unrelated to the educational service you signed up for.

Information Sharing

We do not sell, rent, trade, or otherwise transfer your personal data to third parties for their own use. We do not share your data with advertisers, data brokers, or any party that would use it for marketing or profiling outside of Kreisler.

Your information is disclosed only in the following limited circumstances:

• Service Providers: With infrastructure subprocessors who help us operate the Service (hosting, storage, payment processing, email delivery, error reporting). These providers act only on our documented instructions under data processing agreements and may not use your data for their own purposes.
• Instructors: If you voluntarily enter an instructor-student relationship, your instructor may see practice summaries and progress metrics (never raw MIDI streams or audio).
• Leaderboards: If you opt in to leaderboards, your display name and scores may be visible to other users. Leaderboard participation is strictly opt-in and can be turned off at any time.
• Legal Requirements: When required by law, binding court order, or to protect the rights, safety, or property of Kreisler or its users.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case we will notify you and any successor will be bound by commitments at least as protective as this policy.

Data Storage and Security

Your data is stored on secure servers located in the United States and European Union, with data center selection based on your region.

• Encryption in Transit: All data is encrypted using TLS 1.3 during transmission
• Encryption at Rest: All stored data is encrypted using AES-256 encryption
• Access Controls: Strict employee access controls and regular security audits

Retention: We retain your data while your account is active. Practice session data is retained until you delete it or your account. Analytics logs are anonymized after 90 days.

Cookies and Tracking

We use cookies, localStorage, and similar technologies to:

• Essential: Authenticate users, maintain sessions, prevent cross-site request forgery, and record your consent choices
• Personalization: Remember your display preferences, instrument settings, and recently accessed pieces
• Analytics (optional): Understand, in aggregate, how the Service is used so we can improve pedagogy, fix bugs, and prioritize features

Kreisler does not use advertising or marketing cookies, does not embed third-party ad trackers, and does not participate in any cross-site tracking or data brokerage networks. You can manage your cookie preferences through our cookie banner, your account Privacy settings, or your browser settings, and we honor Global Privacy Control (GPC) signals as a valid opt-out for non-essential cookies. Disabling non-essential cookies will not restrict your access to the Service.

Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain processing activities
• Withdraw Consent: Opt out of optional data collection

To exercise these rights, visit Settings > Privacy in the application or contact us at privacy@kreisleriana.com. We respond to verified requests within 30 days (or sooner where required by local law). You will never face discrimination or a degraded Service for exercising any of these rights.

GDPR Compliance

If you are in the European Economic Area (EEA), we process your data under the following legal bases:

• Consent (Art. 6(1)(a)): For optional features such as analytics and personalization cookies
• Contract (Art. 6(1)(b)): To provide the educational Service you signed up for
• Legitimate Interest (Art. 6(1)(f)): For security, fraud prevention, and improving pedagogy and learning outcomes
• Legal Obligation (Art. 6(1)(c)): When required by applicable law

We comply with GDPR requirements including data minimization, purpose limitation, storage limitation, and the rights of data subjects. Because Kreisler's data use is confined to delivering an educational product, our lawful basis is narrow and stable: we do not rely on novel or unexpected secondary uses of your data.

CCPA Compliance

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know what personal information we collect and how we use it
• Right to access a copy of your personal information
• Right to delete your personal information
• Right to correct inaccurate personal information
• Right to limit the use of sensitive personal information (Kreisler does not use sensitive personal information for any purpose beyond providing the Service)
• Right to opt out of the sale or sharing of personal information. Kreisler does not sell or share personal information as those terms are defined under the CCPA/CPRA, and has not done so in the preceding 12 months.
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@kreisleriana.com or use the privacy controls in your account settings. We honor Global Privacy Control (GPC) signals as a valid opt-out request.

Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Users between 13 and 18 should have parental consent before using the Service.

Security Measures

We implement appropriate security measures including:

• Encryption in transit and at rest
• Regular security audits and penetration testing
• Employee access controls and training
• Incident response procedures
• Bug bounty program for responsible disclosure

In the event of a data breach, we will notify affected users within 72 hours and report to relevant authorities as required by law.

Third-Party Services

We use the following categories of third-party services:

• Cloud Infrastructure: For hosting and data storage
• Analytics: For understanding usage patterns (anonymized)
• Payment Processing: For handling subscription payments
• Email Services: For transactional and support emails
• Authentication Providers: For OAuth login (Google, Apple, GitHub)

All third-party providers are bound by data processing agreements and only receive the minimum data necessary to provide their services.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses for transfers from the EEA.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

For significant changes, we may also send you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Kreisleriana LLC

Email: privacy@kreisleriana.com

For data protection inquiries in the EU/EEA or UK, you may also contact us at dpo@kreisleriana.com. EU/EEA users have the right to lodge a complaint with their local supervisory authority.