♪Curator← Back to home

Privacy Policy

Curator — https://curatormusic.app

Effective date: [[EFFECTIVE DATE]] Last updated: [[LAST UPDATED DATE]]

Placeholders to fill before publishing are marked like [[THIS]]. Search the document for [[ to find them all. See the companion "Plain-Language Guide" for what each one means and the steps to take before you go live.


1. Introduction

This Privacy Policy explains how [[OPERATOR LEGAL NAME]] ("Curator," "we," "us," or "our") collects, uses, shares, and protects personal information when you use the Curator website, web application, and any related mobile or installable applications and services (together, the "Service").

Curator is a choir management and music-learning platform. Choir leaders create choirs, invite members, and upload musical materials; members use the Service to learn their parts and prepare for rehearsals.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

This Policy applies to users everywhere in the world. Where specific regions grant additional rights, those are described in the region-specific sections at the end (see Sections 11–13).


2. Who We Are and How to Contact Us

Curator is operated by [[OPERATOR LEGAL NAME]], based in Salt Lake City, Utah, United States. For the purposes of the EU/UK General Data Protection Regulation, we act as the "controller" of the personal data described in this Policy.

For any privacy question or to exercise your rights, contact us at:

  • Privacy contact: [[privacy@curatormusic.app]]
  • Postal address: [[BUSINESS MAILING ADDRESS]]

If we ever appoint a data protection officer or an EU/UK representative, we will update this section with their contact details.


3. Information We Collect

We collect the following categories of personal information.

Account and profile information. When you sign up — including through Google sign-in (OAuth) — we collect your name, email address, and profile picture, and we create a profile for you. If you sign up with an email and password, we collect your email address and store a secured (hashed) form of your password through our authentication provider.

Choir and content information. When you use the Service, we collect and store the content you or your choir leaders upload or create, including musical scores (such as MusicXML and PDF files), audio and video recordings, video links, choir and voice-part names, membership and invitation details, announcements, event information, and practice or progress data (such as which pieces you have opened or marked as practiced).

Usage and device information. We automatically collect information about how you interact with the Service, such as pages viewed, features used, approximate location derived from your IP address, browser and device type, operating system, and referring pages. We collect this through analytics and similar technologies to understand and improve the Service.

Diagnostic and error information. To keep the Service reliable and secure, we collect technical logs and error reports, which may include your IP address, device and browser details, and information about what you were doing when an error occurred.

Communications. If you contact us, submit feedback, or receive transactional emails from us, we collect the content of those communications and related metadata.

Payment information (future). We do not currently charge for the Service. If we introduce paid plans, payments will be handled by third-party payment processors (such as Stripe or Paystack). We will receive limited information such as your subscription status and partial transaction details, but we do not collect or store full payment card numbers ourselves; those are handled directly by the payment processor under its own terms and privacy policy.

We do not intentionally collect special categories of sensitive personal data (such as health, religious, or biometric data). Please do not upload such data through the Service.


4. How We Use Your Information and Our Legal Bases

We use personal information to operate, provide, maintain, secure, and improve the Service. The table below explains our purposes and, for users protected by the EU/UK GDPR, the legal basis for each.

PurposeLegal basis (GDPR/UK GDPR)
Create and manage your account; authenticate sign-inPerformance of a contract with you
Provide the core Service (host and display scores, recordings, choir data; run the follow-along player; track progress and attendance)Performance of a contract with you
Send transactional emails (invitations, notices, account and security messages)Performance of a contract with you; our legitimate interests
Operate analytics to understand usage and improve featuresConsent (where required for non-essential cookies/tracking); otherwise our legitimate interests
Monitor, debug, and secure the Service; prevent fraud and abuseOur legitimate interests in keeping the Service safe and reliable
Process payments and manage subscriptions (future)Performance of a contract with you
Comply with legal obligations and enforce our TermsCompliance with a legal obligation; our legitimate interests
Communicate with you about the Service, and (with consent where required) send optional updatesConsent; our legitimate interests

Where we rely on legitimate interests, we have considered those interests against your rights and freedoms. You may object to processing based on legitimate interests as described in Section 9.


5. Cookies, Analytics, and Similar Technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the Service, and measure and improve how it performs. Some are strictly necessary for the Service to function; others (such as analytics) are optional.

Where required by law (for example, in the EEA and UK), we ask for your consent before setting non-essential cookies or trackers, and you can withdraw that consent at any time. You can also control cookies through your browser settings, though disabling some cookies may affect how the Service works.

We may use third-party analytics and error-monitoring providers that set their own identifiers to help us understand usage and diagnose problems. These providers process data on our behalf under our instructions.


6. How We Share Your Information

We do not sell your personal information for money. We share personal information only as described below.

Within your choir. Content and certain profile information are shared within the choir(s) you belong to, so that leaders and members can coordinate. For example, choir leaders can see membership and progress information for their choir, and members can access materials shared with the choir. Musical materials are shared within a choir, not across the entire platform.

With service providers (processors). We share personal information with trusted third parties that provide infrastructure and services on our behalf, under contracts that require them to protect it and use it only as we instruct. These currently include:

  • Supabase — authentication, database, and file storage
  • Google — sign-in (OAuth) and related authentication
  • Resend — sending transactional email
  • Vercel — website and application hosting

As the Service grows, we may add or change providers, including analytics providers, error-monitoring providers (for example, a service such as Sentry), and payment processors (for example, Stripe or Paystack). We will keep this Policy up to date to reflect the categories of providers we use.

For legal and safety reasons. We may disclose information if we believe in good faith that it is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Curator, our users, or others.

In a business transfer. If we are involved in a merger, acquisition, financing, reorganization, sale of assets, or transition of the Service to a new legal entity (including a company or LLC formed by the operator), your information may be transferred as part of that transaction. Any acquirer will remain bound by this Policy or provide equivalent protection.


7. International Data Transfers

We are based in the United States, and our service providers may store and process personal information in the United States and other countries. Data protection laws in those countries may differ from those in your country.

Where we transfer personal data out of the EEA, the UK, or another region with transfer restrictions, we rely on appropriate safeguards, such as the EU–U.S. Data Privacy Framework (where a provider is certified), the European Commission's Standard Contractual Clauses, and the UK International Data Transfer Addendum, or another lawful transfer mechanism. You may contact us for more information about these safeguards.


8. Data Retention

We keep personal information for as long as your account is active and as needed to provide the Service. After that, we retain and use information only as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and maintain security and backups.

When you delete your account, we will delete or de-identify your personal information within a commercially reasonable period, except where we are required or permitted to retain it (for example, in backups for a limited time, or to meet legal obligations). Content you shared within a choir may remain visible to that choir where necessary for its records unless and until it is deleted by an authorized user.


9. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Access — to know what personal information we hold about you and obtain a copy.
  • Correction / rectification — to correct inaccurate or incomplete information.
  • Deletion / erasure — to ask us to delete your personal information.
  • Restriction — to ask us to limit how we process your information.
  • Portability — to receive certain information in a portable, machine-readable format.
  • Objection — to object to processing based on our legitimate interests, and to object to direct marketing at any time.
  • Withdraw consent — where we rely on consent, to withdraw it at any time (this does not affect processing already carried out).
  • Non-discrimination — we will not deny you service, charge you a different price, or provide a lesser experience for exercising your rights.

How to exercise your rights. Contact us at [[privacy@curatormusic.app]]. We may need to verify your identity before acting on your request. We will respond within the time required by applicable law — generally within one month (EU/UK GDPR), within 45 days (California and Utah), or within 40 days for access requests (Ghana), and we will let you know if we need more time where the law allows.

Complaints. If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office). If you are in Ghana, you may complain to the Data Protection Commission. We would appreciate the chance to address your concerns first, so please consider contacting us before you do.


10. Children's Privacy

The Service is not directed to children, and you must be at least 16 years old to create an account. We do not knowingly collect personal information from anyone under 16 without appropriate consent.

Choirs may include members who are minors. Where a choir includes a member under 16, that member should participate only through an account managed by an adult (such as a parent, guardian, or authorized choir leader) who is responsible for providing any required consent. Choir leaders represent that they have the authority and any necessary parental or guardian consents to invite and manage minor members.

If we learn that we have collected personal information from a child under 13 (or a higher age where required by local law) without the required verifiable parental consent, we will take reasonable steps to delete it. If you believe a child has provided us personal information without proper consent, please contact us at [[privacy@curatormusic.app]].


11. Security

We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, and alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for any activity under your account.

If we become aware of a personal data breach that legally requires notification, we will notify affected users and the relevant authorities as required by applicable law.


12. Region-Specific Disclosures

12.1 European Economic Area and United Kingdom

If you are in the EEA or UK, we process your personal data as a controller on the legal bases set out in Section 4, and you have the rights described in Section 9, including the right to lodge a complaint with a supervisory authority. Information about international transfers is in Section 7.

12.2 California

If you are a California resident, you have the rights described in Section 9, including the rights to know, delete, and correct your personal information, and to opt out of the "sale" or "sharing" of personal information and to limit the use of sensitive personal information.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. Because we do not sell or share personal information in this sense, we do not offer a "Do Not Sell or Share My Personal Information" link; if this ever changes, we will update this Policy and provide the required choices. The categories of personal information we collect, our purposes, and the categories of recipients are described in Sections 3, 4, and 6. We will not discriminate against you for exercising your rights.

12.3 Ghana

If you are in Ghana, we process your personal data in a manner consistent with the Data Protection Act, 2012 (Act 843), including its data-protection principles, and you have rights of access, correction, and objection as described in Section 9. Our privacy contact is set out in Section 2.

12.4 Utah and other U.S. states

If you are a resident of Utah or another U.S. state with a consumer privacy law, you have the rights described in Section 9 to the extent that law applies, including rights to access, delete, and obtain a copy of your personal information, and to opt out of targeted advertising or the sale of personal data. We honor these rights as described above.


13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. If we make material changes, we will provide additional notice, such as by email or a notice within the Service. Your continued use of the Service after an update means you accept the revised Policy.


14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, contact us at:

[[OPERATOR LEGAL NAME]] [[privacy@curatormusic.app]] [[BUSINESS MAILING ADDRESS]]


This document is a template provided to help operate the Service and is not legal advice. Laws differ by jurisdiction and change over time. You should have a qualified attorney review this Policy before publishing it.

Privacy PolicyTerms of ServiceHome

© 2026 Curator