Privacy Policy

Last updated: December 21, 2025

✓ GDPR Compliant | ✓ FERPA Compliant

1. Introduction

StudioSync ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and the Family Educational Rights and Privacy Act (FERPA).

Your Rights: You have the right to access, export, correct, or delete your personal data at any time. See Section 11 for details.

2. Data Controller

StudioSync LLC acts as the data controller for personal information processed through our platform. For GDPR purposes, we can be contacted at:

Privacy Officer
Email: [email protected]
Address: [Your Business Address]

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Name (first and last)
  • Email address
  • Phone number (optional)
  • Password (encrypted)
  • Profile photo (optional)

3.2 Educational Records (FERPA Protected)

  • Student names and contact information
  • Lesson attendance records
  • Progress notes and assessments
  • Homework and assignments
  • Skill levels and learning goals

3.3 Payment Information

  • Billing address
  • Payment history and invoices
  • Credit card information (processed by Stripe - we do not store full card numbers)

3.4 Usage Data

  • IP address and device information
  • Browser type and version
  • Pages visited and features used
  • Login timestamps

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To provide our services as outlined in our Terms of Service
  • Consent: When you explicitly agree to data processing (e.g., marketing communications)
  • Legitimate Interests: To improve our services, prevent fraud, and ensure security
  • Legal Obligations: To comply with tax, accounting, and legal requirements

5. How We Use Your Information

5.1 Service Delivery

  • Schedule and manage lessons
  • Track student attendance and progress
  • Process payments and generate invoices
  • Send lesson reminders and notifications

5.2 Communication

  • Send important service updates
  • Respond to your inquiries
  • Send marketing communications (only with your consent)

5.3 Security and Compliance

  • Detect and prevent fraud
  • Ensure platform security
  • Comply with legal obligations

6. Data Sharing and Disclosure

We do NOT sell your personal data. We only share data in the following circumstances:

Student Privacy: Student names and educational records are NEVER shared publicly or with other students. Only authorized teachers and administrators can access student data.

  • Service Providers: Payment processors (Stripe), email service (if applicable), cloud hosting (AWS/similar)
  • Legal Requirements: When required by law or to protect our legal rights
  • With Your Consent: When you explicitly authorize sharing

7. Data Retention

We retain your data for the following periods:

Active Accounts: Until you request deletion

Lesson Records: 7 years (for educational and tax purposes)

Payment Records: 7 years (for tax and legal compliance)

Messages: 2 years or until you delete them

Deleted Accounts: 30-day grace period, then permanently deleted

8. Data Security

We implement industry-standard security measures including:

  • SSL/TLS encryption for data in transit
  • Encrypted password storage using bcrypt
  • Role-based access controls
  • Regular security audits and penetration testing
  • Secure cloud infrastructure with automatic backups
  • Two-factor authentication (available)

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all service providers
  • Compliance with GDPR requirements for international transfers

10. Cookies and Tracking

We use essential cookies for authentication and preferences. We do not use tracking cookies or third-party analytics without your explicit consent.

You can manage cookie preferences in your browser settings or through our cookie consent banner.

11. Your Rights (GDPR)

Under GDPR, you have the following rights:

✓ Right to Access

View all data we hold about you

→ Privacy Dashboard

✓ Right to Data Portability

Export your data in JSON format

→ Download My Data

✓ Right to Erasure

Request deletion of your account

→ Delete My Account

✓ Right to Rectification

Correct inaccurate data

→ Edit Profile

✓ Right to Restrict Processing

Limit how we use your data

→ Contact Us

✓ Right to Object

Object to data processing

→ Contact Us

Response Time: We will respond to all data requests within 30 days as required by GDPR.

12. Children's Privacy (FERPA)

We comply with the Family Educational Rights and Privacy Act (FERPA) for all student data. Student educational records are:

  • Never shared with other students
  • Only accessible to authorized teachers and administrators
  • Never used for marketing purposes
  • Protected with strict access controls
  • Available to parents/guardians upon request

13. Data Breach Notification

In the event of a data breach, we will:

  • Notify affected users within 72 hours (as required by GDPR)
  • Report the breach to relevant supervisory authorities
  • Provide detailed information about the breach and mitigation steps
  • Offer support and guidance to affected users

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Email notification to your registered address
  • Prominent notice on our website
  • In-app notification

Your continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Us

For any privacy-related questions, concerns, or to exercise your rights, please contact us at:

Privacy Officer
Email: [email protected]
Support: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

This Privacy Policy is effective as of December 21, 2025 and complies with GDPR and FERPA requirements.