Privacy Policy

    Last updated: January 2025

    1. Introduction

    LessonLoop ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our music lesson scheduling and billing platform at lessonloop.net.

    2. Information We Collect

    We collect information that you provide directly to us, including:

    • Account information (name, email address, password)
    • Profile information (phone number, organisation details)
    • Student and guardian contact details
    • Lesson scheduling and attendance data
    • Payment and billing information
    • Communications between teachers, students, and guardians

    3. Google API Services

    LessonLoop uses Google API Services to provide authentication and calendar integration features. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

    3.1 Google Sign-In

    When you choose to sign in with Google, we access the following information from your Google account:

    • Email address: Used to create and identify your LessonLoop account
    • Name: Used to personalise your profile
    • Profile picture: Optionally displayed on your account

    This information is only used to authenticate you and create your account. We do not share this information with third parties except as described in this policy.

    3.2 Google Calendar Integration

    If you choose to connect your Google Calendar, we access the following:

    • Calendar events: We read your calendar to check for scheduling conflicts
    • Create/update events: We create lesson events in your calendar and update them when lessons change
    • Delete events: We remove calendar events when lessons are cancelled

    Calendar data is only accessed when you explicitly connect your calendar. You can disconnect your calendar at any time from your account settings, which will revoke our access.

    3.3 Data Storage and Security

    Google OAuth tokens are encrypted and stored securely. We only request the minimum permissions necessary to provide the calendar synchronisation feature. We do not:

    • Sell your Google data to third parties
    • Use your Google data for advertising purposes
    • Access your Google data for any purpose other than providing LessonLoop services

    4. How We Use Your Information

    We use the information we collect to:

    • Provide, maintain, and improve our services
    • Process transactions and send related information
    • Synchronise your lessons with your calendar (if connected)
    • Send you technical notices and support messages
    • Respond to your comments and questions
    • Develop new features and services

    5. Data Sharing

    We do not sell your personal information. We may share your information with:

    • Service providers: Third-party services that help us operate our platform (e.g., payment processing, email delivery, cloud hosting)
    • Within your organisation: Other members of your music school or teaching organisation as required for the service
    • Legal requirements: When required by law or to protect our rights

    6. Data Retention

    We retain your personal data for as long as your account is active or as needed to provide you services. Financial records are retained for 7 years as required by UK tax law. You may request deletion of your data at any time, subject to legal retention requirements.

    7. Data Security

    We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes:

    • Encryption in transit (TLS 1.3) and at rest (AES-256)
    • Row-level security policies to isolate organisation data
    • Regular security audits and monitoring
    • Secure OAuth token storage

    8. Your Rights Under UK GDPR

    Under UK GDPR, you have the following rights:

    • Right of access: Request a copy of your personal data
    • Right to rectification: Correct inaccurate personal data
    • Right to erasure: Request deletion of your personal data
    • Right to restrict processing: Limit how we use your data
    • Right to data portability: Receive your data in a portable format
    • Right to object: Object to processing of your personal data

    To exercise these rights, please contact us at privacy@lessonloop.net.

    9. Revoking Access

    You can revoke LessonLoop's access to your Google account at any time:

    • Calendar access: Disconnect from Settings → Calendar in LessonLoop
    • Google Sign-In: Remove access via your Google Account permissions

    10. Children's Privacy

    LessonLoop may store information about students who are minors. This data is managed by teachers and guardians who are responsible for obtaining appropriate consent. We do not knowingly collect personal information directly from children under 13.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

    12. Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us:

    • Email: privacy@lessonloop.net
    • Website: lessonloop.net/contact

    LessonLoop's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.