Privacy Policy

1. What data we collect

Maestro Planner collects information that is needed to authenticate users, operate the app, connect teachers and students, and maintain the security of the service.

• Account information such as email address, name, and optional display name.
• Profile settings such as timezone and role selection (teacher or student).
• Practice tracking data including practice items, session dates, durations, notes, tempos reached, weak spots, and improvement notes.
• Teacher-student relationship data, including invite codes, active links, and assignment history.
• Assignment data created by teachers, including titles, notes, focus areas, due dates, and linked practice items.
• Operational and security data such as IP addresses, user agent information, rate-limit metadata, and application logs.
• Billing-related identifiers if paid plans are enabled, such as Stripe customer or subscription identifiers.
• Session and authentication data, including session cookies and linked sign-in method records.

2. How we use data

We use collected data to:

• Authenticate users and maintain secure sessions.
• Let teachers and students track practice, assignments, and progress between lessons.
• Support teacher-student linking and assignment workflows.
• Provide operational support, diagnose bugs, and monitor security issues or abuse.
• Operate subscriptions and billing features if paid plans are enabled.
• Comply with legal obligations and protect the service against fraud or misuse.

3. Data storage and security

Maestro Planner stores application data using hosted infrastructure, including Render and PostgreSQL-backed storage. Data is intended to be transmitted over HTTPS in transit, and hosted providers may use encryption at rest as part of their managed infrastructure.

Reasonable administrative, technical, and operational safeguards are used to reduce the risk of unauthorized access. No method of transmission or storage is perfectly secure, and absolute security cannot be guaranteed.

4. Third-party services

Maestro Planner may share limited data with service providers that help run the product.

• Render: Application hosting, infrastructure, and platform logging.
• PostgreSQL / managed database infrastructure: Storage of account, practice, relationship, and assignment data.
• Resend: Delivery of sign-in emails and other transactional email if enabled.
• Stripe: Billing, subscription management, and payment-related customer records if paid plans are enabled.

These providers process data under their own terms and privacy practices. Maestro Planner does not sell personal data.

5. Data retention

Account and app data is generally retained for as long as the account remains active and as needed to provide the service.

• Practice, assignment, and relationship data remains associated with the account until deleted or the account is removed.
• Users can request a JSON export of their account data from account settings.
• Users can request self-service account deletion from account settings by completing a confirmation step.
• Operational logs may be retained for a limited period for security, debugging, and abuse prevention.
• Billing-related records may be retained as needed for accounting, fraud prevention, and legal compliance.
• Backups may temporarily retain deleted data for a limited operational recovery window before rotation or expiration.

When an account is deleted through the current self-service workflow, the application attempts to permanently remove the account and related user-owned data through existing database cascade rules. Certain operational, billing, security, or backup records may be retained for a limited period where necessary.

6. User rights

Depending on where you live, you may have rights to:

• Request access to the personal data associated with your account.
• Request correction or update of inaccurate account information.
• Request export of your account data in a reasonable format.
• Request deletion of your account and associated personal data, subject to any legal or operational retention requirements.

To request access, export, correction, or deletion, contact the data controller using the contact information below.

7. Children's data

Maestro Planner may be used in teacher-student contexts that involve minors. If users under 13 in the United States, or under the applicable digital-consent age in other jurisdictions, use the service, additional parental, guardian, school, studio, or teacher consent obligations may apply.

At this time, Maestro Planner does not describe a standalone age-verification or parental consent workflow in the product itself. Teachers, studios, schools, and account owners should evaluate whether they have obtained any required consent before using the service with children.

If Maestro Planner will be used broadly by minors, a more specific COPPA/GDPR-K compliant consent and account-creation policy should be added before wider public launch.

9. Contact information

For privacy questions, data requests, or legal notices, contact the Maestro Planner data controller at:

10. Policy updates

This Privacy Policy may be updated from time to time as the product, infrastructure, billing, or legal obligations change.

When changes are material, Maestro Planner may update the effective date above and may provide notice within the app, by email, or by another reasonable method.