Legal
Privacy Policy
Effective date: 13 June 2026 · Last updated: 13 June 2026 · Governing law: India
This policy explains what personal data tringMUSIC collects, why we collect it, how we protect it, and what rights you have. tringMUSIC accounts are for parents and guardians only. Children and young people under 18 do not sign up directly. A parent or guardian creates the account and adds their child as a player. All player data is private, encrypted, and never shared publicly.
1. Who we are
tringMUSIC is a piano practice intelligence service operated under the trading name tringMUSIC. We are the Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act) of India. Contact us at any time at [email protected].
Registered address: 139 F, EA, Metropolitan Co-op Housing Society, Canal South Road, Kolkata 700105, India.
2. What data we collect
We collect only what is necessary to provide the service:
- Account data: name (or display name), email address, and account type (parent, teacher, or school administrator).
- Player profile data: the player's display name and age. This data is strictly private: it is never publicly accessible, never indexed, and never shared with any third party.
- MIDI session files: the MIDI files you upload for analysis. These contain musical performance data (note timings, velocities, and durations) only. They do not contain audio recordings.
- Practice session results: the scores, grades, metric values, and drill recommendations generated from each uploaded MIDI file.
- Usage data: basic log data (page views, upload counts, error events) for service improvement. We do not use third-party advertising trackers.
- Payment data: if you subscribe to a paid plan, payment is processed by our payment processor. We do not store card numbers or bank details.
We do not collect location data, device identifiers, or biometric data.
3. Children's and minors' data (under 18)
tringMUSIC is designed around the principle that parents and guardians are the account holders, not children. No person under 18 may create an account. A parent or guardian registers, accepts this policy, and then adds their child as a player profile within the account.
- Account sign-up: only adults (18 and over) may create a tringMUSIC account. At registration we ask you to confirm you are 18 or older.
- Player profiles: a parent or guardian adds their child's name and age to create a player profile. No photograph is collected. The child does not interact with our systems directly.
- No public data: player profiles are never visible to anyone other than the authenticated account holder. Name and age are not indexed, not searchable, and not shared with any third party.
- Consent: by adding a player profile for a child, the parent or guardian confirms they have the right to submit that child's data and consents to its processing as described in this policy.
- Deletion: the parent or guardian may delete any player profile at any time. All associated data including session files and scores is permanently deleted within 30 days.
- If we discover that a minor has created an account directly, we will suspend it and delete associated data promptly. Contact us at [email protected].
4. How we use your data
We use your data only for the following purposes:
- Providing the analysis, scoring, and reporting features of the service.
- Saving session history and generating Monthly, Quarterly, and Annual progress reports.
- Processing payments and managing your subscription.
- Responding to support requests and enquiries sent to [email protected].
- Improving the accuracy of our scoring engine (aggregated and anonymised, never individually identifiable).
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 5.
5. Data sharing
We share data only with the following categories of service providers, and only to the extent necessary:
- Cloud infrastructure: our database and file storage provider (Supabase) hosts data on servers that may be located outside India. We ensure adequate contractual protections are in place.
- Payment processor: Stripe or equivalent, for processing subscription payments. Subject to their own privacy policy.
- Authentication provider: if you use single sign-on (Google, Microsoft, etc.), the identity provider confirms your identity. We receive only your name and email.
We will disclose data to law enforcement or regulatory authorities if required to do so by applicable law.
6. Data retention
- Account and session data is retained for as long as your account is active.
- If you delete a player profile, that profile's session data is deleted from our systems within 30 days.
- If you close your account entirely, all associated data is deleted within 60 days, except where retention is required by law.
- Uploaded MIDI files are processed and then retained as part of the session record. You may request deletion at any time.
7. Your rights under the DPDP Act 2023
As a Data Principal under the DPDP Act, you have the following rights:
- Right to access: you may request a summary of the personal data we hold about you.
- Right to correction: you may request that inaccurate data be corrected.
- Right to erasure: you may request that your data be deleted, subject to any legal obligations we have to retain it.
- Right to grievance redressal: if you are unsatisfied with our response, you may raise a complaint with us and, if unresolved, with the Data Protection Board of India once it is constituted.
- Right to nominate: you may nominate another person to exercise these rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, email [email protected] with the subject line "Data Rights Request". We will respond within 30 days.
8. Grievance Officer
In accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the DPDP Act 2023, we have designated a Grievance Officer. To raise a grievance:
Email: [email protected]
Subject: "Privacy Grievance"
We will acknowledge within 48 hours and resolve within 30 days.
9. Security
We take the following technical and organisational measures to protect your data:
- Encrypted connections: all data in transit is encrypted via HTTPS/TLS.
- Row-level security (RLS): our database enforces account-scoped access at the row level. One account cannot read another account's data, enforced at the database layer, not just the application layer.
- Private storage: all player profile data (name and age) is stored in a private, account-scoped database schema. No player data is accessible via any public URL. No photographs are collected or stored. Avatars are pre-defined icons selected from our own icon library.
- Access controls: internal access to production data is limited to authorised personnel only, on a need-to-know basis.
- JWT authentication: all API requests require a valid, account-scoped token. Sessions expire and are not reusable after logout.
No system is perfectly secure. If you believe your data has been compromised, contact us immediately at [email protected].
10. Cookies
We use session cookies necessary to keep you logged in. We do not use advertising cookies or third-party tracking cookies. You may disable cookies in your browser settings, but some features of the service will not work without them.
11. Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify registered users by email. Continued use of the service after a policy update constitutes acceptance of the revised policy.
12. Contact
All privacy-related queries, data rights requests, and grievances should be directed to:
tringMUSIC
[email protected]