Privacy Policy

Effective Date: May 26, 2025

Last Updated: May 26, 2025

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. How We Share Your Information
  5. AI Services and Data Processing
  6. Data Storage and Security
  7. International Data Transfers
  8. Your Privacy Rights
  9. Children's Privacy
  10. Updates to This Policy
  11. Contact Information

1. Introduction

Welcome to ClefNote ("we," "our," or "us"). We are committed to protecting your privacy and providing transparency about how we collect, use, and share your information. This Privacy Policy explains our practices regarding the collection, use, and disclosure of information when you use our AI-powered platform for music educators.

By using ClefNote, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Name, email address, school name, city, state/province, country
  • Ensemble Information: Ensemble names, types, instrumentation details, student counts, difficulty level preferences
  • Music Library Data: CSV uploads containing title, composer, and arranger information
  • Program Information: Concert programs you create, including selected pieces, order, and notes
  • Communication Data:
  • Chat conversations with our AI assistant "Clef"
  • Support inquiries and feedback
  • Any other communications with us

2.2 Information We Collect Automatically

  • Usage Information: Features used, time spent on platform, interaction patterns
  • Technical Information: IP address, browser type, device information, operating system
  • Authentication Data: Login timestamps, session information (via Auth0)
  • Analytics Data: Page views, URLs visited, referral sources, timestamps, and basic performance metrics (via Vercel Analytics - privacy-first, no behavioral tracking or personal identification)

2.3 Information from Third Parties

  • Payment Information: Subscription and billing data processed by Stripe
  • Authentication Information: Profile data from Auth0

3. How We Use Your Information

We use the information we collect to:

  • Provide and Improve Our Services:
  • Generate AI-powered music recommendations
  • Create and manage concert programs
  • Store and organize your music library
  • Maintain chat history for continuity
  • Personalize Your Experience:
  • Tailor recommendations to your ensembles
  • Remember your preferences
  • Improve AI accuracy based on your feedback
  • Communicate with You:
  • Send transactional emails (via Resend)
  • Send signup and account-related emails (via Resend)
  • Send marketing communications and newsletters (via Lemlist)
  • Provide customer support
  • Notify you of updates or changes
  • Process Payments: Handle subscription billing through Stripe
  • Ensure Security and Prevent Fraud: Protect accounts and maintain platform integrity
  • Comply with Legal Obligations: Meet regulatory requirements

4. How We Share Your Information

We do not sell, trade, or rent your personal information. We share information only in the following circumstances:

4.1 Service Providers

  • Auth0: Authentication and session management
  • Stripe: Payment processing
  • Zoho: Email communications
  • Resend: Transactional and signup email delivery
  • Lemlist: Marketing email campaigns and newsletters
  • Vercel: Frontend hosting and analytics
  • Render: Backend hosting and database services

4.2 AI Service Providers

  • OpenAI: We share optimized chat messages to generate embeddings for intelligent music matching
  • Anthropic (Claude API): We share chat messages to provide AI recommendations

Important: When you interact with our AI assistant, your messages are processed by Anthropic's Claude API. Please do not share sensitive personal information in chat conversations.

4.3 Legal Requirements

We may disclose information if required by law, court order, or governmental authority.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the successor entity.

5. AI Services and Data Processing

5.1 Chat Data Storage and Review

  • All chat conversations are stored in our database for service improvement and to maintain your chat history
  • Our administrators may review chat messages for:
  • Quality assurance
  • Service improvement
  • AI training purposes
  • Compliance and safety

5.2 AI Recommendations Disclaimer

  • Music recommendations are algorithmic suggestions, not professional advice
  • You retain full responsibility for repertoire selection decisions
  • AI may not account for all musical, cultural, or educational considerations
  • Always apply your professional judgment when selecting music

5.3 AI Training and Improvement

  • We use aggregated and anonymized interaction data to improve our AI models
  • Individual chat messages may be reviewed to enhance recommendation quality
  • You may request exclusion of your data from training datasets by contacting us

6. Data Storage and Security

6.1 Where We Store Data

  • Primary Database: PostgreSQL on Render (US-based infrastructure)
  • Frontend Assets: Vercel global CDN
  • All sensitive user data (chat logs, programs, library) is stored on Render infrastructure

6.2 Security Measures

We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest for sensitive data
  • Access controls and authentication
  • Regular security assessments
  • Secure API endpoints

While we strive to protect your information, no method of transmission over the internet is 100% secure.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by regulatory authorities
  • Compliance with Privacy Shield principles where applicable
  • Adherence to GDPR requirements for EU data subjects

8. Your Privacy Rights

8.1 General Rights

You have the right to:

  • Access: Request a copy of your personal information
  • Correct: Update or correct inaccurate information
  • Delete: Request deletion of your account and associated data
  • Portability: Receive your data in a structured format
  • Object: Opt-out of certain processing activities

8.2 Regional Rights

European Union (GDPR):

  • Right to restrict processing
  • Right to object to automated decision-making
  • Right to lodge a complaint with supervisory authorities

California (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

Canada (PIPEDA):

  • Right to know why information is collected
  • Right to expect accuracy of information
  • Right to know who has access to information

8.3 Exercising Your Rights

To exercise any of these rights, contact us at support@clef-note.com. We will respond within 30 days.

9. Children's Privacy

ClefNote is designed for use by adult music educators. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will delete it promptly.

10. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on our website
  • Sending an email notification
  • Displaying a prominent notice in the application

11. Contact Information

For questions about this Privacy Policy or our privacy practices, please contact us at:

Email: support@clef-note.com

This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.