DRAFT — PENDING LEGAL REVIEW · NOT YET IN EFFECT

This privacy policy is a working draft for planning purposes only. It has not been reviewed or approved by legal counsel, it is not legal advice, and it does not yet govern anyone's use of Crescendo IQ. Nothing here is binding or may be relied upon. It must be reviewed and approved by qualified legal counsel before it takes effect.

Privacy Policy (Draft)

Draft prepared for review. Effective date: to be set upon legal approval.

Crescendo IQ provides software that music-education programs — private instructors, school band/choir/orchestra directors, and music studios — use to manage their students. This draft describes the personal information the service collects, how it is used and shared, how long it is kept, and the choices and rights available. Because the service is used by K-12 programs that may enroll children under 13, this draft is written with children's privacy laws (such as COPPA and FERPA, and state laws including Illinois SOPPA and California SOPIPA) in mind.

In most cases, the school, instructor, or studio that uses Crescendo IQ is the party that decides what information to collect and how it is used (the "operator"/"service provider" relationship). Crescendo IQ processes student information on their behalf and for their educational purposes.

1. Information we collect

The service collects the following categories of information.

Account & identity information. When a user signs up (with an email and password, or by signing in with Google), we collect their name, email address, whether the email is verified, and an optional profile image. Sign-in credentials are handled by our authentication provider; passwords are stored only as a secure hash.
Age signal (birth year). A student record may include a birth year only (not a full date of birth) so the program can identify students under 13. This field is optional.
Student profile fields. A program can define its own profile fields (text, dropdown, or number) that students complete when they join a group. The content of these fields is determined by the program.
Practice activity. Students can log practice sessions, including timing, an optional feeling rating, optional free-text notes and goals, and the activities practiced. Practice data may be stored temporarily on the student's own device (offline) before it syncs.
Attendance and assessments. Programs can record attendance for sessions and store assessment scores.
Parent/guardian email. A program may collect a parent or guardian email to send optional "did your child practice?" verification messages. There is no separate parent login; parents receive secure, time-limited links by email.
Technical information. Standard session and security information (such as IP address and browser/user-agent) is recorded when users sign in, and our hosting provider records standard request logs.

Data-minimization note: programs are advised not to enter sensitive information (for example health, medical, disability, or government identifiers) into free-text fields. The product surfaces a warning when a field name looks sensitive, but it cannot control what a program chooses to collect.

2. How we use information

Information is used to operate the service for the program's educational purposes: to create and manage accounts and group rosters, to record and display practice, attendance, and assessment activity, to send the transactional and verification emails described above, and to keep the service secure. We do not use students' information for targeted advertising, we do not build advertising profiles of students, and we do not sell students' information.

3. How we share information (subprocessors)

We use the third-party service providers ("subprocessors") listed below to operate the service. Each receives only the categories of data described next to it, and only to provide its function. We do not otherwise disclose students' information except as needed to provide the service or as required by law.

Hosting & Infrastructure

Vercel

Application hosting and content delivery for crescendo-iq.com.

Data shared

All data served or processed by the app while a request is in flight
Request logs and IP addresses

Database

Neon (PostgreSQL)

Primary database. Stores the entire application dataset at rest.

Data shared

All student and parent records (names, emails, parent emails, birth year)
Custom profile field values
Practice logs, attendance records, and assessments
Organization, group, membership, and account data

The most sensitive subprocessor — it holds everything stored at rest.

File Storage

Vercel Blob

File storage for uploaded files (e.g. profile photos).

Data shared

Uploaded files, which may include student profile images

Email Delivery

Resend

Transactional email delivery when an organization has not connected its own mailbox.

Data shared

Recipient email address and name
Email body (invitations, profile-completion, and parent-verification messages)

Authentication / Sign-In

Google

"Sign in with Google" authentication, and sending email from an organization's own connected Gmail mailbox.

Data shared

Sign-in: Google profile (name, email, profile photo)
Email-send: the organization's own mailbox identity and the emails it sends

When an organization sends email through its own Google mailbox, that email stays within the organization's Google tenant.

Microsoft

Sending email from an organization's own connected Microsoft mailbox.

Data shared

The organization's own mailbox identity and the emails it sends

When an organization sends email through its own Microsoft mailbox, that email stays within the organization's Microsoft tenant.

Payments & Billing

Polar

Subscription payments and billing for the paying organization.

Data shared

The paying organization/admin's billing and subscription data (plan, seats)

Billing is organization-level; student data is not sent to Polar.

4. How long we keep information

Information is kept for as long as needed to provide the service to the program, and is deleted on request. Programs can enable automatic purging of stale onboarding data and configure a retention window for it. When a student is removed, their program-scoped data is deleted; a program can also permanently erase a student's record, including the underlying account when it is not shared with another program. We keep a minimal, non-identifying record that a deletion occurred.

5. Your rights and choices

Parents and schools may request to review the information held about a student, request corrections, and request deletion. An administrator can export a complete copy of a student's record (in both machine-readable and human-readable form) and can permanently erase a student's data. A parent who holds a valid, time-limited link can download their child's record. To make a request, contact your program's administrator or use the contact details below.

6. Security

The service is built with multi-tenant isolation so each program can only access its own data, role-based access controls, encryption of sensitive connected-mailbox credentials at rest, audit logging of significant actions, and rate-limited, single-use secure links. No method of transmission or storage is perfectly secure, but we work to protect information using reasonable measures.

7. Children's privacy

Because programs may enroll children under 13, Crescendo IQ is designed to support a consent step before a child's information is collected — either a school's authorization on behalf of parents for educational purposes, or a parent's verifiable consent. The specific consent model and notice text are part of the legal review this draft is undergoing.

8. Changes to this policy

This is a draft and will change. Once approved, the effective version and its date will be published here, and material changes will be communicated to the programs that use the service.

9. Contact

Questions about this draft can be directed to Crescendo IQ. The formal privacy contact and mailing address will be added when this policy is finalized.