๐†‘music-forte
Legal

Privacy policy

Plain-language summary of the personal data we collect, why we collect it, who we share it with, how long we keep it, and the rights you have to inspect, correct, or delete it.

Last updated ยท May 2026
This policy describes how the platform currently handles data. Material changes will be announced in-product 14 days before they take effect.

Who we are

Music-Forte ("we", "us") is an AI-powered music education platform for Ugandan secondary schools and individual learners. The platform is operated by Tillafrica Ltd (registered in Uganda). Our address is [ADDRESS]. You can reach us at support@music-forte.app.

What we collect

Account data
Email, password (stored as a salted argon2id hash โ€” we never see the cleartext), display name, role, account creation timestamp, verification status. Required to identify you across devices.
Session data
Encrypted session cookies for sign-in (`forte_session`). Login timestamps, IP address, and user agent for active sessions, shown on the Devices tab in /account so you can revoke any of them.
Conversation history
Threads and messages you create with the AI assistant โ€” your prompts, the model's replies, and any artifacts the model produced (lesson plans, scores, drills, charts). Stored so you can resume across devices.
Memory
Facts the assistant has learned about you (e.g. "teaches S5 in Mbarara", "prefers solfรจge") so it can give context-aware answers. You can view, edit, pin, or forget any of these from the Memory drawer.
Notation drafts
Pieces you author in FORTE Notation โ€” the ABC source, the parsed note array, your title and metadata. Required for cross-device editing and for sharing.
Practice sessions
For each Practice (Follow) run: piece title, your settings, per-note assessment log, audit findings, and the audio recording (when consent is given). Recordings live in Cloudflare R2 under a per-user prefix and are streamed back only when you request them. See /docs/practice for detail.
Drill + mastery progress
Per-skill mastery percentages, drill attempt logs, streak counts. Drives the briefing and the per-piece trend lines in /practice.
Microphone audio
When you use Practice (Follow), Hum capture, or voice input, your microphone is opened. Real-time pitch detection runs in your browser. For Practice we also record a copy and upload it to your account (so you can replay across devices). For Hum and voice input, audio is processed in-browser only and never leaves the device.
Diagnostic + usage logs
HTTP request logs from Cloudflare, error reports, and aggregate usage counts (e.g. how many lessons were generated this week). We do not associate request logs with individual users beyond the time window needed to diagnose issues (typically โ‰ค 30 days).

How we use your data

  • Provide the service. Run the chat, store your drafts, sync your practice history, generate lesson plans against the NCDC corpus.
  • Personalisation. Memory entries adjust how the assistant addresses you. You control these directly.
  • Coaching narratives. Practice run summaries are sent to a third-party language model (DeepSeek โ€” see Subprocessors) which generates teacher-voice feedback. The audio recording itself is not sent to the LLM; only structured findings are.
  • Security. Detect abuse, prevent account takeover, throttle bad actors.
  • Service improvement. Aggregate, anonymised metrics inform what we build next. We don't train models on your data, full stop.

What we never do

  • Sell your data to third parties.
  • Train AI models on your conversations, drafts, recordings, or memory.
  • Show you third-party advertising.
  • Share your audio recordings with anyone outside your account, except as required to operate (R2 storage, audio decoding inside your browser).

Subprocessors

We rely on a small set of third-party services to operate. Each one receives only the data necessary for its function. The full list with purposes and data categories is at /subprocessors.

How long we keep data

  • Account data โ€” until you delete your account.
  • Sessions (cookies) โ€” 30 days from last activity, then auto-expired.
  • Conversations + drafts + practice sessions โ€” until you delete them, or until you delete your account (whichever comes first).
  • Memory facts โ€” until you forget them or delete your account. The assistant may also propose retiring stale facts.
  • Practice audio recordings โ€” kept indefinitely with the session row. Delete a session to delete its recording from R2 (idempotent โ€” the row delete cascades the audio).
  • Diagnostic logs โ€” typically โ‰ค 30 days, then auto-rotated.
  • Account deletion โ€” when you delete your account from /account โ†’ Danger, all the above is removed within 30 days. Backups roll off within 90 days.

Your rights

You have the right to:

  • Access โ€” see all the data we hold about you. Most of it is visible directly in-product (Library, Memory drawer, Practice history). For a complete export, email us.
  • Correct โ€” edit your display name, email, password, memory facts, and any draft or practice session at any time.
  • Delete โ€” remove individual items in-product, or delete your whole account from /account โ†’ Danger.
  • Object / restrict processing โ€” for example, you can decline microphone access and the corresponding features simply won't function. We won't silently fall back.
  • Data portability โ€” request a machine-readable export of your data.
  • Withdraw consent โ€” at any time. Practical effect: turn off the relevant feature.

Under the Uganda Data Protection & Privacy Act 2019, you may also lodge a complaint with the Personal Data Protection Office (PDPO). For users outside Uganda, equivalent rights apply under your local data-protection regime (GDPR, CCPA, etc.); we treat the strongest applicable standard as our floor.

Children

Music-Forte is designed for secondary-school audiences (typically ages 14+). Where a school enrols learners under 18, we treat the school as the data controller for those accounts and process data on the school's instruction. Schools should obtain parent/guardian consent in line with local law before enrolling minors.

If you are under the age of digital consent in your jurisdiction (16 in many places, 18 under UDPPA for some categories), please register only with parent or guardian permission.

Security

  • Passwords stored using argon2id with per-user salt.
  • All traffic over HTTPS/TLS.
  • Cloudflare D1 + R2 at rest; access scoped per request, no public buckets.
  • Session cookies are HTTP-only, Secure, SameSite=Lax.
  • CSRF protection on every state-changing endpoint via same-origin checks.
  • Annual review of who has admin access to production data.

No system is impregnable. If you find a vulnerability, please email support@music-forte.app with "Security" in the subject. We'll respond within 5 business days and credit reporters in our changelog if requested.

International transfers

Music-Forte runs on Cloudflare's global edge network. Data may be stored or processed in regions outside Uganda โ€” primarily Europe and the United States โ€” to deliver the service. Where the destination jurisdiction does not provide adequate data-protection standards, we rely on contractual safeguards (Cloudflare's DPA, SCCs where applicable). See /subprocessors for region detail.

Changes to this policy

We'll notify you at least 14 days before changes that materially affect what we collect or share. Notification is in-product (a banner in the chat shell) and via email if a feature change requires re-consent. The "Last updated" date at the top of this page reflects the most recent edit.

Privacy contact

Email support@music-forte.app. For matters under the Uganda Data Protection & Privacy Act, the data controller is Tillafrica Ltd.