Legal
Harmonia ("Harmonia," "we," "us") provides software that lets independent music studios and teachers run lessons online — live video rooms with in-browser instruments, lesson plans, assignments, scheduling, file sharing, and messaging. This Privacy Policy explains what information Harmonia handles, how it is used, and the choices you have. By using Harmonia you agree to this policy.
Harmonia is a platform used by music studios. When a teacher or studio owner ("the Studio") signs up and adds students, the Studio decides who its members are, what content they share, and how they run lessons. For that member and content data, the Studio is the data controller and Harmonia acts as the service provider/processor that stores and transmits it on the Studio's behalf.
This matters for students and parents: your relationship is primarily with your Studio. To access, correct, or delete a student's information, the fastest path is to contact your Studio (your teacher). You may also contact us and we will work with the Studio to honor the request.
When an account is created we store a name, username, role (owner, manager, teacher, or student), the email address used for login and invites, a securely hashed password (we never store or see plaintext passwords), and the studio key that ties an account to its Studio.
Live video lessons are delivered through our video provider (see "Service providers"). Harmonia does not record video or audio of lessons. During a lesson, note/MIDI data may be relayed between the two participants so the on-screen instrument stays in sync; this is transient and used only to power the live session.
If a Studio uses Harmonia’s optional payment features, checkout is handled by Stripe on Stripe’s own PCI-compliant pages. We never receive or store full card numbers or bank credentials. Stripe returns to us only limited records needed to operate the feature and show a Studio its history — for example the amount, currency, date, status, what was purchased, a card brand and last-four digits, and Stripe identifiers (such as customer, payment, and connected-account IDs). A Studio that accepts payments connects its own Stripe account; Stripe collects that Studio’s business and identity details directly, under Stripe’s privacy policy.
Like most websites we process basic technical data needed to operate the service securely — for example your IP address (used for sign-in rate-limiting and abuse protection) and standard server logs. We use a single essential session cookie to keep you signed in. We do not use advertising or third-party tracking cookies.
The emails we send are account- and service-related (verification, invites, security codes, and lesson notifications). We do not run marketing email campaigns, and we do not sell personal information or show ads or let anyone pay to influence what you see in the app.
The service is not directed to children under 13, and we do not knowingly allow a child under 13 to create their own Studio or account. A child's account is created by their Studio, and the information held about that child (name, login email, lesson progress, messages with their teacher, and any files they submit) exists only to support their lessons with that Studio. We rely on the Studio to obtain verifiable parental consent before adding a student under 13. If we learn that we have collected personal information from a child under 13 without the required parental consent, we will delete it as promptly as possible.
Parents and guardians can, at any time, review the information held about their child, ask for it to be corrected, or ask for the child's account and data to be deleted — by contacting the child's Studio (teacher) or by contacting us at the address below. We will not require a child to disclose more information than is reasonably necessary to take part in a lesson.
If you believe a child has been added to Harmonia without proper parental consent, contact us and we will work with the Studio to remove the account and associated data.
All traffic is served over HTTPS. Passwords are stored only as salted hashes. Sessions use signed, HTTP-only, Secure cookies, and sign-ins are rate-limited to deter brute-force attempts. A Studio's private data files are stored outside the public web root and are not directly accessible over the web.
We keep your information for as long as your account or Studio is active, or as needed to provide the service. When a Studio or account is deleted, its associated data is removed from active storage; residual copies may persist briefly in routine backups before being overwritten.
Harmonia staff do not log into your account or browse around inside it. To run the service, keep it secure, and help with support, we may review account activity logs — records such as sign-in times, IP addresses, and which actions were taken — but we do not enter your account and act as you. Passwords are never visible to us or to anyone else: they are stored only as one-way salted hashes, so we cannot see, read, or recover them (if you forget yours, you reset it). If we determine that an account has been compromised or hacked, we may suspend or terminate it to protect you and other users.
No method of storage or transmission is 100% secure, and we cannot guarantee absolute security. We notify affected users of a breach where required by law.
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact your Studio (the fastest path for student data) or contact us directly. Teachers and owners can also edit or remove most member and content data right inside the app.
You can turn on email two-factor authentication in your Profile, change your password at any time, and request account deletion from your Profile.
If you are a California resident: California's "Shine the Light" law (Civil Code §1798.83) lets you request information about disclosures of personal information for third-party direct marketing — Harmonia does not share personal information for third-party direct marketing. California residents under 18 who are registered users may request removal of content they have posted (Business & Professions Code §22581); contact us or your Studio and we will remove it as required by law (removal may not be complete or comprehensive in all cases). To make a privacy request, email privacy@harmonialessons.com.
Because we do not track users across third-party websites or serve advertising, we do not respond differently to browser "Do Not Track" signals. We use only the essential session cookie described above.
We may update this policy as the service evolves. We will revise the "Last updated" date above and, for material changes, take reasonable steps to notify Studios.
Questions about this policy or your data: privacy@harmonialessons.com. For information about a specific student, please also reach out to that student's Studio (teacher).