At Legato, we take the privacy and security of your data seriously. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the Legato platform and related services.
1. Information We Collect
Account Information
When you create a Legato account, we collect your name, email address, and password. If you choose to upgrade to a paid plan, we also collect billing information such as your payment method details, which are processed and stored securely by our third-party payment processor (Stripe).
Studio & Student Data
You may choose to input information about your music studio, including student names, contact details, lesson schedules, attendance records, lesson notes, repertoire lists, and payment history. This data is stored securely and is only accessible to you and any users you explicitly authorize.
Usage Data
We automatically collect certain information when you use our service, including your IP address, browser type, device information, pages visited, and actions taken within the application. This data helps us improve our service and troubleshoot issues.
Cookies & Similar Technologies
We use essential cookies to maintain your session and preferences. We may use analytics cookies to understand how our service is used. You can control cookie preferences through your browser settings. For more detail, see our Cookie Policy.
2. How We Use Your Information
Service Delivery
We use your information to provide, maintain, and improve the Legato platform, including scheduling, billing, student management, and communication features.
Communication
We may send you service-related announcements, security alerts, and support messages. With your consent, we may also send product updates and educational content. You can opt out of non-essential communications at any time.
Security & Fraud Prevention
We use your information to detect, prevent, and respond to security incidents, fraud, and abuse of our platform.
Analytics & Improvement
We analyze aggregated, anonymized usage data to understand trends, improve user experience, and develop new features.
3. How We Share Your Information
We Do Not Sell Your Data
Legato does not sell, rent, or trade your personal information or your student data to third parties for marketing purposes. Ever.
Service Providers
We share data with trusted third-party service providers who help us operate our platform, including cloud hosting (Supabase/AWS), payment processing (Stripe), email delivery, and analytics. These providers are contractually bound to protect your data and use it only for the services they provide to us.
Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Legato, our users, or the public.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
4. Data Security
We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest, regular security audits, access controls, and secure development practices. While no method of transmission over the Internet is 100% secure, we are committed to protecting your information using commercially reasonable measures.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or regulatory purposes. Student data you have entered will be permanently deleted upon account deletion unless you export it beforehand.
6. Your Rights & Choices
Access & Portability
You can access and download your data at any time through your Legato dashboard settings.
Correction
You can update or correct your personal information through your account settings.
Deletion
You can delete your account and all associated data at any time. Contact us at privacy@legatostudio.com if you need assistance.
Consent Withdrawal
Where we process data based on your consent, you can withdraw that consent at any time.
7. Children's Privacy
Legato is designed for use by music educators and studio managers who are adults. While teachers may store information about minor students as part of their teaching practice, we do not knowingly collect personal information directly from children under 13. Student data is entered and managed by the teacher, who is responsible for obtaining any necessary parental consent.
8. International Data Transfers
Your data may be processed and stored in the United States. If you are located outside the United States, you consent to the transfer and processing of your data in the United States, which may have different data protection laws than your jurisdiction.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by sending you an email notification. Your continued use of Legato after changes are posted constitutes your acceptance of the updated policy.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@legatostudio.com.