Melodemia

Privacy Policy

Last updated: January 2026

1. Introduction

Melodemia ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our music school management platform.

Please read this policy carefully. By using our Service, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, business name, and contact details when you register
  • Business Data: Information about your music school including staff, students, schedules, and financial records
  • Payment Information: Billing address and payment method details (processed securely through Stripe)
  • Communications: Information you provide when contacting our support team

2.2 Information Collected Automatically

  • Usage Data: How you interact with our Service, including pages visited, features used, and actions taken
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Cookies: We use cookies and similar technologies to maintain sessions and improve user experience

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process transactions and send related information
  • Send administrative notifications, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities
  • Personalize and improve your experience
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

  • Stripe: Payment processing
  • GoCardless: Direct debit processing
  • Resend / SendGrid / Mailchimp: Email delivery
  • Twilio: SMS notifications
  • Bunny.net: Video hosting and CDN
  • Vercel: Hosting infrastructure

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Employee security training
  • Incident response procedures

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account, we will delete or anonymize your data within 30 days, unless retention is required by law.

Financial records may be retained for up to 7 years as required for tax and accounting purposes.

7. Your Rights (GDPR)

If you are in the European Economic Area (EEA) or UK, you have certain rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Restrict Processing: Request limitation of how we use your data

To exercise these rights, please contact us at privacy@melodemia.com.

8. Data Processing Roles

8.1 Controller

Melodemia is the data controller for account information and usage data related to our Service.

8.2 Processor

When you use Melodemia to manage your music school, you are the data controller for your students' and staff's personal data, and we act as a data processor on your behalf. We process this data only according to your instructions and applicable data protection laws.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses to ensure your data is protected.

10. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Analytics Cookies: Help us understand how users interact with our Service

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

11. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@melodemia.com

Data Protection Officer: dpo@melodemia.com

14. Supervisory Authority

If you are in the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority.