Privacy Policy

Last updated: 16 May 2026

This policy explains what personal information Ricordi collects, how we use it, and the choices you have. We aim to keep this short and plain. If anything is unclear, get in touch.

Who we are

Ricordi is operated by Oliver Nelson, a sole trader based in New South Wales, Australia. References to "we", "us", or "Ricordi" mean the operator. References to "you" mean the person using the service.

What we collect

• Account information: your name, email address, and a hashed password. You may optionally add an avatar image.
• Studio information: the name of the music studio you create or join, and your role within it (manager, teacher, or client).
• Content you create: chat messages, files you upload, lesson notes, documents, and any audio or video recordings you choose to capture using the service.
• Communications with our AI assistant (Bartók): the questions you ask and the assistant's responses.
• Usage data: IP address, browser or device type, and basic request logs needed to operate and secure the service.

We do not collect payment information, location data, contacts, or advertising identifiers.

How we use it

• To provide the service: showing you the right chats, files, and lessons.
• To communicate with you: account confirmations, password resets, and service notices.
• To keep the service secure: detecting abuse, debugging errors, and preventing fraud.
• To improve the product: looking at aggregated, non-identifying usage to fix bugs and prioritise features.

We do not sell your personal information or use it for advertising.

Who we share it with

We use a small number of trusted service providers to run Ricordi. Each only receives the data they need to perform their role:

• Digital Ocean — hosting and file storage. Primary servers and storage are located in Sydney, Australia.
• MailPace — sending transactional email (password resets, invitations, notifications).
• Deepgram — automated transcription of lesson recordings you choose to transcribe.
• Daily.co — powering in-app video lessons.
• OpenAI and Anthropic — powering the Bartók assistant and AI summaries of transcripts.
• Sentry — error and performance monitoring.

Several of these providers process data in the United States or other countries. Where personal information is transferred outside Australia, we rely on the standard data protection terms offered by each provider.

We will also disclose information if required by law, court order, or to protect the rights, safety, or property of Ricordi, its users, or others.

Children

Music studios often teach minors. Ricordi is designed to be used by studios that have already obtained appropriate consent from a parent or guardian for any user under the age of consent in their jurisdiction. In that context, the studio is the data controller and Ricordi acts as a data processor on the studio's behalf.

If you are a parent or guardian and believe your child has provided personal information to Ricordi without your consent, contact us and we will remove it.

Retention

• Active accounts: we retain your data while your account is active.
• Deleted accounts: when you delete your account from within the app, we permanently remove your personal information (name, email, password, avatar, and any AI assistant chat history) and sign you out of all sessions. Messages, files, and recordings you contributed to shared chats may remain visible to other members of those chats, attributed to "Deleted User". This is so other teachers, students, and parents retain their lesson history and shared context.
• Backups: encrypted backups of the database are retained on a rolling basis (typically up to 30 days) for disaster recovery, then expire automatically.

Your rights

You can:

• Access and correct your account information from the profile page.
• Delete your account at any time from the profile page (this is permanent).
• Request a copy of the personal information we hold about you by contacting us.
• Lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au) or your local data protection authority.

Security

All traffic to Ricordi is encrypted in transit using HTTPS. Passwords are stored only as one-way bcrypt hashes — we cannot see or recover them. Files and recordings are stored encrypted at rest. We work to keep the service secure, but no online service can be guaranteed to be completely secure.

Changes to this policy

If we make material changes to this policy, we will update the "Last updated" date above and, where appropriate, notify you by email or in-app notice before the changes take effect.

Contact

Questions, requests, or concerns: contact us.