1. Definitions

• “User” includes public visitors, PAYG users, individual subscribers, group members, institutional admins, institutional teachers, and institutional students.
• “SB Catalog” refers to SongBase’s curated works, including IPA, translations, audio demos, metadata, and interactive transcripts.
• “Custom Content” includes user-created works, custom IPA databases, notes, audio recordings, and exercise submissions.
• “Institutional Users” are users accessing SongBase through an institution’s Single Sign-On (SSO).
• “Group Subscription” refers to studio/ensemble or multi-seat professional accounts.

2. Information We Collect

We collect several types of information to operate, secure, and improve the Services.

2.1 Information You Provide to Us

We may collect the following information directly from you:

Account Information

• Name
• Email address
• Password (for non-SSO users)
• Role (individual, group member, institutional teacher, institutional student, institutional admin)

Payment Information

• Payments are processed by Stripe.
• SongBase does not store credit card numbers or banking details.

User-Created Content

Depending on your account type, you may create or upload:

• Custom translations
• Custom IPA database entries
• Forked or custom works
• Notes associated with works
• Audio recordings
• IPA exercises
• Exercise responses and progress data
• Comments on student work (teachers only)

Support and Communication

• Emails, messages, or other communications you send to us.

2.2 Information Collected Automatically

When you access SongBase, we automatically collect:

• IP address (through server logs and internal analytics)
• Browser and device type
• Operating system
• Referring URL
• Pages viewed
• Actions taken within the platform
• Session duration and timestamps
• Crash logs, errors, and diagnostics
• Authentication status (SSO, OAuth, or password)

These logs help us operate and secure the platform and improve performance.

2.3 Cookies & Tracking Technologies

We use the following:

• Session Cookies (for login and navigation)
• Functional Cookies (to remember preferences)
• Google Analytics (GA4)
  • GA4 anonymizes IP addresses automatically and cannot store full IPs.
  • GA4 does not allow SongBase to identify specific individuals.
• Internal SongBase Analytics System
  • Tracks usage, exercises, interactions, and performance.
  • Users can select anonymous internal tracking, which removes identifiable data from internal analytics.

What we do NOT use:

• Advertising cookies
• Third-party marketing trackers
• Behavioral advertising pixels

A separate Cookie Notice provides additional details.

2.4 Information from Third-Party Logins (OAuth)

If you sign in using Google, LinkedIn, or Facebook, we may receive:

• Name
• Email address
• Profile image (if provided)
• Authentication token

We do not receive your password.

2.5 Information from Institutional Single Sign-On (SSO)

When you sign in through your institution, we may receive:

• Name
• Email address
• Institutional affiliation
• Role attributes (teacher, student, admin)

Your institution controls the attributes it shares.

2.6 Information from Institutions

Institutions may send:

• Directory attributes
• License or seat data
• Admin user lists
• Optional usage or enrollment context

3. How We Use Your Information

We use your information for the following purposes:

3.1 To Provide and Maintain the Services

Including but not limited to:

• Account creation and authentication
• Content rendering (IPA, translations, audio, transcripts)
• Interactive transcript functionality
• Forced alignment and timing display
• IPA exercise creation and tracking
• Custom and forked work creation
• Group and institutional collaboration tools
• Notes, comments, and feedback features

3.2 To Support Group and Institutional Features

Group Owners & Managers

May view:

• Seat-level usage metrics
• Exercise progress
• Notes
• Activity summaries

Institutional Teachers

May view:

• Student progress on exercises
• Individual exercise submissions
• Notes on accessible works

Institutional Admins

May view:

• Aggregate, non-student-specific usage summaries
• High-level institutional reports

Student Data Retention (Option A Rule)

When a student loses institutional affiliation:

• Student access ends
• Teachers no longer see student-specific submissions or progress
• SongBase may retain anonymized data for internal analytics

3.3 To Improve, Analyze, and Secure the Platform

• Diagnose performance issues
• Monitor for security threats
• Conduct internal analytics
• Improve IPA generation tools, workflows, and features
• Enhance user experience and curriculum tools

3.4 AI-Related Processing

• AI translation and TTS processing is performed via third-party providers (e.g., OpenAI).
• User data is not used to train external AI models.
• Only the minimal necessary text/audio required for generation is transmitted.

3.5 Communications

We use your information to send:

• Transactional emails (via ZeptoMail)
• Account notices and confirmations
• Subscription and billing-related updates
• Support replies

We do not send marketing messages without opt-in.

3.6 Legal and Compliance

We may use data to:

• Detect and prevent fraud or abuse
• Comply with legal obligations
• Enforce our Terms of Service and AUP

4. How We Share Your Information

We do not sell your personal data. We may share information in the following circumstances:

4.1 With Our Service Providers (Subprocessors)

These companies process data on our behalf:

• Stripe — payment processing
• AWS S3 — file and asset storage
• Cloudflare — CDN and security
• Heroku / Railway — application hosting
• ZeptoMail — transactional emails
• YouTube — optional video hosting
• OpenAI — translation and TTS processing
• OAuth Providers — Google, LinkedIn, Facebook

These providers are contractually prohibited from using personal data for their own purposes.

4.2 With Groups and Institutions

Group Subscriptions

Group owners/managers may access:

• Seat-level usage metrics
• Exercise progress and submissions
• Notes and comments
• Custom works created by the group

Institutional Subscriptions

Teachers may access:

• Student progress and exercise submissions (only while student has active SSO access)
• Notes and custom content visible to authorized institutional users

Institutional Admins may access:

• Aggregate usage summaries
• No student-level data

Upon student separation:

• Student access ends immediately
• Teachers lose visibility into student-specific work
• Only anonymized data is retained

4.3 With Your Consent

We may share your personal information with third parties only when you explicitly request or authorize us to do so, such as when you:

• Request that we share your custom content or exercise data with individuals or organizations outside your group or institution;
• Request permission to publish materials derived from SongBase content; or
• Authorize us to involve third-party support services for troubleshooting purposes.

SongBase will never share your data outside the normal operation of the Services without your affirmative consent.

4.4 For Legal or Security Reasons

We may disclose information to:

• Comply with laws or legal processes
• Protect SongBase, users, or the public
• Detect, prevent, or respond to fraud or security threats

5. How We Protect Your Information

We use industry-standard security practices, including:

• HTTPS/TLS encryption in transit
• Secure password hashing
• Role-based access controls
• Limited employee access to data
• Regular backups
• Monitoring for unusual or unauthorized activity

However, no system is completely secure, and we cannot guarantee absolute security.

6. Data Retention

6.1 Individual Users

• Data is retained while the account is active.
• Accounts with 18 months of inactivity may be flagged for deletion.
• SongBase may retain certain custom materials as permitted by the Terms of Service.

6.2 Group and Institutional Users

• Institutional content is retained indefinitely for instructional continuity.
• Teacher-created materials remain accessible to the institution even after the teacher departs.
• Student-specific data is removed or anonymized when the student loses affiliation.

6.3 Exercise Data

• Stored while the user has access.
• Deleted or anonymized upon student separation.
• Retained in anonymized form for analytics.

6.4 Logs and Diagnostics

Stored for security, troubleshooting, and analytics for a reasonable period.

7. Your Rights and Choices

7.1 Access, Correction, and Deletion

You may request to:

• Access personal data
• Update inaccurate information
• Delete your account and personal data (subject to institutional or legal constraints)

7.2 Tracking Preferences

SongBase offers:

• Anonymous internal tracking (hides identifiable details from internal analytics)
• Cookie preference controls via the Cookie Notice

Google Analytics operates independently using anonymized IPs.

7.3 Marketing Preferences

You may opt in or out of marketing communications.

8. International Users

If you are accessing the Services from outside the United States, you acknowledge that your information may be transferred to and processed in the United States.

9. Children's Privacy

SongBase is not intended for children under 13 unless provided access through an institution with appropriate consent. We do not knowingly collect personal data from children under 13 outside institutional use.

10. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via email or platform notice.

The updated version becomes effective as of the posted “Last Updated” date.

11. Contact Information

For questions regarding this Privacy Policy, data access requests, or privacy concerns:

• Email: [email protected]
• Address: 929 McKimmon Rd, Fayetteville, NC 28303 US

Please include “Privacy Inquiry” in the subject line for faster routing.