Privacy Policy

Effective Date: 7/5/2025

1. Introduction

Repertoire Star ("we," "us," "our") is committed to protecting the privacy and security of our users, especially minors. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our music platform service (the "Service").

For purposes of this Privacy Policy, "Site" refers to our website, which can be accessed at RepertoireStar.com. "Service" refers to our music platform services accessed via the Site, in which users can connect with other musicians, share performances, track repertoire, and engage in music education activities.

By accessing our Site or our Service, you accept our Privacy Policy and Terms of Use and you consent to our collection, storage, use and disclosure of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, username, email address, age/birth date, and password
  • Profile Information: Musical instruments, location (city/state only), bio
  • Repertoire Data: Work titles, composers, performance dates, practice logs
  • Content Uploads: Photos, videos, audio recordings of performances
  • Communication Data: Messages sent through our platform, and support requests

2.2 Information We Collect Automatically

  • Usage Data: Pages visited, features used, time spent on platform, search queries
  • Device Information: IP address, browser type, operating system, device identifiers
  • Performance Data: App crashes, load times, feature usage statistics
  • Location Data: General location (city/state) based on IP address (not precise location)

2.3 Information from Third Parties

  • Google Services: If you connect Google services, we may receive profile information and data as permitted by your Google account settings
  • Social Media: If you connect social media accounts, we may receive basic profile information
  • School/Educational Partners: If your school uses our service, we may receive limited educational information

3. Special Protections for Minors

3.1 Users Under 13

  • We do not knowingly collect personal information from children under 13 without verified parental consent
  • If we learn we have collected information from a child under 13 without consent, we will delete it promptly
  • Parents may review, delete, or refuse further collection of their child's information

3.2 Users 13-17 (Minors)

  • Limited Data Collection: We collect only information necessary for the Service
  • Enhanced Privacy Controls: Default privacy settings are more restrictive
  • Parental Rights: Parents can request information about data we collect from their minor children
  • No Behavioral Advertising: We do not use minor's data for targeted advertising

3.3 Parental Controls

  • Parents can contact us to review their minor child's account
  • Parents can request deletion of their minor child's account and data
  • Parents can modify privacy settings for their minor child's account

4. How We Use Your Information

4.1 Primary Uses

  • Service Delivery: Providing and maintaining the music platform
  • Account Management: Creating and managing user accounts
  • Communication: Sending service-related notifications and updates
  • Safety and Security: Monitoring for inappropriate content and behavior
  • Support: Responding to user inquiries and technical issues

4.2 Secondary Uses

  • Service Improvement: Analyzing usage patterns to improve features
  • Research: Conducting educational research on music learning (aggregated data only)
  • Legal Compliance: Complying with legal obligations and protecting rights

4.3 Uses We Avoid

  • No Selling Data: We do not sell personal information to third parties
  • No Targeted Ads to Minors: We do not use minor's data for behavioral advertising
  • No Unnecessary Sharing: We limit data sharing to essential service functions

5. How We Share Your Information

5.1 With Other Users

  • Public Content: Performance videos, photos, and repertoire lists you choose to make public
  • Connection Features: Basic profile information when connecting with other musicians

5.2 With Third Parties

  • Service Providers: Trusted partners who help us operate the Service (cloud storage, analytics, support)
  • Educational Partners: Schools and music education organizations (with appropriate agreements)
  • Google Services: When you choose to integrate Google services
  • Legal Requirements: When required by law or to protect safety

5.3 We Do Not Share

  • Personal contact information (email, phone, address)
  • Private messages between users
  • Account passwords or security information
  • Detailed usage data that could identify individuals

6. Data Security

6.1 Security Measures

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Limited employee access to personal data with multi-factor authentication
  • Regular Audits: Security assessments and vulnerability testing conducted quarterly
  • Incident Response: Established procedures for addressing security breaches
  • Secure Infrastructure: Firewalls, secure socket layer technology, and other protective measures

6.2 Content Moderation

  • Automated Scanning: Content is scanned for inappropriate material using AI tools
  • Human Review: Reported content is reviewed by trained moderators within 24 hours
  • Safe Environment: We work to maintain a safe environment for all users, especially minors

6.3 Your Role in Security

Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. By using our Service, you acknowledge that you understand and agree to assume reasonable risks inherent in electronic communications and data storage.

7. Your Privacy Rights

7.1 Access and Control

  • Account Settings: Control what information is visible to others
  • Data Access: Request a copy of your personal data
  • Data Correction: Update or correct your information
  • Account Deletion: Delete your account and associated data

7.2 Communication Preferences

  • Email Settings: Control what emails you receive from us
  • Administrative Communications: Note that we may continue to send you administrative emails including service updates, security notices, and policy changes, even if you opt out of promotional communications
  • Promotional Communications: Opt out of marketing emails by clicking unsubscribe or updating your preferences
  • Notification Settings: Manage in-app and push notifications

7.3 State-Specific Rights

  • California Residents: Additional rights under CCPA (see Section 12)
  • Other States: Rights under applicable state privacy laws

7.4 Withdrawal of Consent

You have the right to withdraw your consent for specific data processing activities at any time. To withdraw consent, contact us using the information in Section 18.

8. Data Retention

8.1 Account Data

  • Active Accounts: We retain data while your account is active
  • Inactive Accounts: Data may be retained for up to 24 months after last activity
  • Deleted Accounts: Most data is deleted within 30 days of account deletion

8.2 Content Data

  • User Content: Retained while account is active and for 90 days after deletion
  • Performance Data: May be retained longer for educational research (anonymized)
  • Communication Data: Retained for 12 months for safety and legal compliance purposes

8.3 Legal and Safety Data

  • Violation Records: Retained for 5 years for safety and legal compliance
  • Legal Disputes: Retained as required for legal proceedings

9. Business Transfers

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy. Any acquirer of our assets may continue to process your personal information as set forth in this Privacy Policy. We will notify you via email or prominent notice on our Site of any such transaction and any choices you may have regarding your personal information.

10. International Users

10.1 Data Transfers

  • US-Based Service: Data is primarily stored and processed in the United States
  • International Transfers: We may transfer data internationally with appropriate safeguards including Standard Contractual Clauses and adequacy decisions
  • EU Users: Additional protections under GDPR (see Section 13)

10.2 Legal Basis for International Transfers

When transferring data internationally, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate protection levels
  • Standard Contractual Clauses: EU-approved contract terms for data protection
  • Binding Corporate Rules: Internal data protection policies for multinational processing

11. Cookies and Tracking

11.1 Cookies We Use

  • Essential Cookies: Required for basic service functionality (login, security, preferences)
  • Analytics Cookies: Help us understand how users interact with the Service (Google Analytics)
  • Preference Cookies: Remember your settings and preferences

11.2 Third-Party Cookies

  • Google Services: When you use Google integration
  • Analytics Partners: For service improvement and research
  • No Advertising Cookies: We do not use cookies for targeted advertising to minors

11.3 Cookie Control

  • Browser Settings: You can control cookies through your browser settings
  • Platform Settings: Manage cookie preferences in your account settings
  • Opt-Out Tools: Use browser-based opt-out tools for analytics cookies

12. California Privacy Rights (CCPA)

12.1 California Consumer Rights

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

12.2 Minors' Rights

  • Under 16: We do not sell personal information of minors under 16
  • Parental Control: Parents can exercise rights on behalf of minor children

12.3 How to Exercise Rights

Contact us at stacie@stacked.software or use our online form to exercise your California privacy rights.

13. European Union Users (GDPR)

13.1 Legal Basis for Processing

  • Contract Performance: Processing necessary to provide the Service
  • Legitimate Interests: Improving service and ensuring safety
  • Consent: When required, we obtain clear consent

13.2 EU Privacy Rights

  • Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain types of processing
  • Right to Rectification: Correct inaccurate personal data
  • Right to Restriction: Limit processing of your data

13.3 Supervisory Authority

If you have concerns about our data processing, you may contact your local data protection authority. For a list of EU data protection authorities, visit: https://edpb.europa.eu/about-edpb/about-edpb/members_en

14. Universal Opt-Out Mechanisms

We honor universal opt-out mechanisms (UOOMs) such as the Global Privacy Control (GPC) signal. When we detect these signals from your browser, we will treat them as a request to opt out of the sale or sharing of your personal information for targeted advertising purposes, where applicable under state law.

15. Data Breach Notification

15.1 Our Response to Breaches

  • Immediate Assessment: We investigate potential breaches within 24 hours
  • Notification Timeline: We notify affected users within 72 hours of confirming a breach
  • Regulatory Reporting: We report breaches to relevant authorities as required by law

15.2 What We'll Tell You

In the event of a data breach, we will inform you about:

  • What information was involved
  • When the breach occurred
  • What we're doing to address the breach
  • Steps you can take to protect yourself

16. Automated Decision-Making

16.1 Automated Systems

We use automated systems for:

  • Safety Monitoring: Detecting inappropriate content or behavior

16.2 Your Rights

You have the right to:

  • Request Human Review: Ask for human review of automated decisions
  • Understand the Logic: Request information about how automated decisions are made

17. Updates to This Policy

17.1 Policy Changes

  • Notification: We will notify users of material changes via email or platform notification
  • 30-Day Notice: Significant changes will go into effect 30 days following notification
  • Continued Use: Continued use after changes constitutes acceptance
  • Archive: Previous versions available upon request

17.2 Minor-Specific Changes

  • Enhanced Notice: Additional notification for changes affecting minors
  • Parental Notice: Parents will be notified of material changes affecting their children

18. Contact Information

19. Effective Date and Acceptance

This Privacy Policy is effective as of 7/5/2025. By using our Service, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.

Last Updated: 7/5/2025