Draft — pending legal review. This page describes our intended data practices accurately but has not yet been reviewed by a qualified lawyer. It exists to satisfy app-store review requirements and to give legal counsel a factual starting point.

Privacy Policy

Last updated: 12 June 2026

1. Who we are

Clefora ("we", "us", "our") is a communication platform for music teachers, parents, and students. We are the data controller for personal data processed through the Clefora hub (hub.clefora.app), the Clefora mobile app, and this marketing website (clefora.app).

For privacy queries, contact privacy@clefora.app.

2. What data we collect

Account & authentication

  • Email address, display name, and role (teacher, parent, or student).
  • Authentication identifiers from Firebase Authentication, including Google Sign-In and Sign in with Apple if you choose those options.
  • A device push-notification token (Firebase Cloud Messaging) for sending lesson reminders and parent updates.

Lesson and teaching data

  • Repertoire pieces, practice goals, lesson notes, attendance, and progress milestones logged by teachers.
  • Messages exchanged between teachers and parents through the in-app messaging feature.
  • Calendar entries (lesson times, holidays, term dates) created by teachers.
  • Student profile information (name, instrument, age range) entered by the teacher or parent.
  • Date of birth — collected when a parent adds a child student. It is used to determine whether the under-13 parental consent rule applies, is visible to the child's teacher and guardians as part of the student profile, and is included in data exports.

Payments

  • Invoice metadata (amounts, due dates, status) is stored in our backend.
  • Card details are never stored by Clefora. They are handled directly by Stripe under Stripe Connect; we receive only a Stripe customer/payment-intent identifier.
  • We collect a small platform fee on each transaction processed through Stripe Connect.

Diagnostics & analytics

  • Anonymous product-usage events (e.g., "lesson logged", "digest sent") via PostHog, used to improve the product. No lesson content is sent.
  • Crash and error reports via Sentry when an unexpected fault occurs. We strip personal identifiers from stack traces where possible.
  • Aggregate web analytics (page views, referrers) on this marketing site via Google Analytics and Plausible.

Email

  • Transactional emails (lesson digests, invitations, password resets) are sent via Resend. Resend processes recipient email and message content on our behalf.

3. Legal basis (UK and EU users)

  • Contract — to provide the lesson-management, messaging, and payment features you signed up for.
  • Legitimate interests — to keep the platform secure, prevent abuse, and improve the product (analytics, crash reporting).
  • Consent — for non-essential cookies and any optional marketing communications. You can withdraw consent at any time.
  • Legal obligation — for tax records, payment-fraud prevention, and responses to lawful requests.

4. How we share data (subprocessors)

We share personal data only with the following service providers, each under a written data-processing agreement:

  • Convex — backend database and serverless functions (United States).
  • Firebase (Google) — authentication and push notifications (United States / EU).
  • Stripe — payment processing (United States / Ireland).
  • Resend — transactional email (United States).
  • PostHog — product analytics (EU).
  • Sentry — crash reporting (United States / EU).
  • Vercel — hosting for the hub and marketing site (United States).

We do not sell personal data and we do not share it with advertisers.

5. International transfers

Several subprocessors are based outside the UK or EEA. Where personal data is transferred internationally, we rely on the UK International Data Transfer Addendum and / or the EU Standard Contractual Clauses, together with the providers' supplementary safeguards.

6. Children's data

Clefora is designed for music teachers and the parents or guardians of students. Parents and guardians create and manage accounts for all students who are minors — a minor does not sign up independently.

For children whose recorded date of birth shows they are under 13, we enforce an additional step: the app will not activate the child's account until a parent or guardian has confirmed an explicit consent checkbox against the versioned consent wording shown in the app. We record which parent granted consent, the version of the wording they agreed to, and their email-verification status at the time. For student records created before date-of-birth collection was required, we prompt the guardian to supply it.

A parent can withdraw consent at any time in their account settings. Withdrawing consent immediately disables the child's app access. Consent records are kept as compliance artifacts and are not deleted on withdrawal; they are removed only if you later request erasure of the child's data (see §8 below).

If you believe a child's data has been provided without proper consent, contact privacy@clefora.app and we will investigate.

7. Retention

  • Account data: kept while the account is active, and for up to 12 months after closure to support reactivation and dispute resolution.
  • Lesson and messaging data: kept for as long as the teacher's or parent's account is active. On account deletion, data is removed within 30 days unless we are legally required to keep it.
  • Deleted content: when an item (such as a lesson, message, or practice goal) is deleted inside the app, it is soft-deleted and permanently purged 90 days later. Student profiles archived by a teacher are retained (restorable) until the account is deleted or a guardian requests the child's erasure; some ephemeral items, such as notifications, are purged sooner.
  • Child erasure: when a child's data is erased following an erasure request, invoices associated with that child are anonymised rather than deleted — the financial records are kept under legal and legitimate-interest bases, but the student reference is replaced so the child is no longer identifiable in billing history.
  • Payment records: kept for at least 7 years to comply with UK tax law.
  • Crash and analytics data: 90 days for raw events, longer in aggregated form.

8. Your rights

Under UK and EU data-protection law you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to erasure").
  • Restrict or object to processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where we rely on it.
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

Parents can also exercise two of these rights directly inside the app for a linked child: exporting the child's data and requesting the child's erasure. Erasure requests submitted in-product are reviewed before processing. Email remains available for all rights requests.

To exercise any of these rights, email privacy@clefora.app. We will respond within one month.

9. Cookies

This marketing site uses a small number of analytics cookies (Google Analytics, Plausible) to understand how visitors find Clefora. The hub and mobile app do not use third-party advertising cookies. You can control cookies through your browser settings.

10. Security

All connections between the apps and our servers use TLS. Sensitive teacher notes are encrypted at rest. We use Firebase for authentication so that we never see your password. Stripe handles all card data under PCI-DSS. We follow industry-standard practices for backup, access control, and incident response.

11. Changes to this policy

We will update this page when our practices change. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Privacy queries: privacy@clefora.app
Support: support@clefora.app