← Back to home
Legal

Privacy Policy

Last updated: May 30, 2026

Melodian ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect when you use the Melodian platform, how we use it, and the rights you have over your information. Please read it carefully alongside our Terms of Service.

1. Information We Collect

a) Information you provide

When you request beta access, we collect:

DataPurpose
Email addressTo send your beta invitation, product updates, and support communications.
Piano experience levelTo personalise your onboarding experience and tailor analysis feedback.
Digital piano ownershipTo understand hardware compatibility needs among our user base.
Piano teacher statusTo explore potential teacher-focused features and gather relevant feedback.

b) MIDI and Performance Data

When you connect a MIDI-enabled instrument and use the Service, we process the MIDI signals transmitted by your device. This includes:

  • Note-on and note-off events (which notes you play)
  • Note velocity (how hard or soft each note is struck)
  • Timing and duration of each note
  • Sustain and other pedal events

This data is processed to generate your performance analysis, accuracy scores, and ranking. We may use anonymised or aggregated performance data to improve our analytical algorithms and train machine learning models. Individual performance data will not be shared with third parties without your explicit consent.

c) Usage Data

We automatically collect information about how you interact with the Service, including pages and features accessed, session duration, click patterns, and error logs. This helps us identify issues and improve the product.

d) Device and Technical Information

We collect technical information such as browser type and version, operating system, device type, IP address, and Web MIDI API support status. This is used to ensure compatibility, diagnose technical issues, and maintain security.

2. How We Use Your Information

We use your information to:

  • Operate, maintain, and improve the Melodian Service.
  • Deliver personalised performance analysis, scores, and practice recommendations.
  • Manage your beta access and send you programme updates and invitations.
  • Respond to your support requests and technical queries.
  • Train and refine our AI and machine learning models using anonymised performance data.
  • Monitor for fraudulent activity and enforce our Terms of Service.
  • Comply with applicable legal obligations.

We will not use your email address to send you third-party marketing, and you may opt out of product-related emails at any time by contacting us at privacy@melodian.app.

3. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

Legal BasisWhen We Rely on It
Contractual necessityProcessing required to fulfil our commitment to you under these Terms and to deliver the Service you signed up for.
Legitimate interestsImproving the Service, maintaining security, detecting fraud, and conducting usage analytics — balanced against your rights.
ConsentOptional communications and any processing not covered above. You may withdraw consent at any time without affecting prior processing.
Legal obligationRetaining records as required by applicable law or responding to lawful requests from authorities.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information with:

  • Service providers: Cloud hosting, database, email delivery, and analytics providers who process data on our behalf under data processing agreements and are required to keep it confidential.
  • Legal and regulatory bodies: Where required by law, court order, or in response to a lawful request by public authorities.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

We will never share your individual MIDI performance recordings or identified performance data with third parties for advertising or commercial purposes without your explicit consent.

5. Data Retention

We distinguish between personal data (information that identifies you) and anonymised data (information permanently stripped of all identifiers). Different retention rules apply to each.

  • Account and signup information (email, experience level, etc.) is retained for the duration of your active account and for up to 2 years after account closure or your last use of the Service, after which it is deleted.
  • MIDI and performance data linked to your account is retained for as long as your account is active. Upon account closure or a deletion request, identifiable associations are removed within 90 days.
  • Anonymised performance data — once all personally identifying information has been irreversibly removed, the resulting data is no longer personal data under applicable law. We retain and use such anonymised data indefinitely for the purpose of training, evaluating, and improving our AI and analysis models.
  • Usage and technical logs are typically retained for up to 90 days.

You may request deletion of your personal data at any time (see Section 6). Deletion requests apply to identifiable personal data only; anonymised data that cannot be re-linked to you is not subject to erasure requests.

6. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Withdraw any consent you have given at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@melodian.app. We will respond within 30 days. EEA and UK residents may also lodge a complaint with their local data protection authority (e.g. the ICO in the UK).

7. Security

We implement industry-standard security measures to protect your personal data, including:

  • Encryption of data in transit using TLS (Transport Layer Security).
  • Encryption of sensitive data at rest.
  • Access controls limiting data access to authorised personnel only.
  • Regular security assessments and vulnerability reviews.

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee the absolute security of your information and encourage you to use a strong, unique password for your account.

8. Children's Privacy

Melodian is a piano learning platform that may be used by children under the supervision of a parent, guardian, or piano teacher. We recognise the importance of protecting children's personal data and comply with applicable laws, including COPPA (US), the UK GDPR, and GDPR Article 8 (EU).

Children under the age of 13 must not register for or use the Service directly. A parent or legal guardian must complete the beta sign-up on the child's behalf. By submitting a sign-up request for a child, the parent or guardian confirms they have the authority to provide consent and agree to this Privacy Policy on the child's behalf.

Where a teacher signs up students as part of a class or lesson programme, the teacher is responsible for obtaining appropriate parental or guardian consent before submitting any student information.

We collect only the information described in Section 1 of this policy. We do not use children's data for advertising, profiling, or any purpose unrelated to delivering and improving the Service. We do not share children's personal data with third parties except as described in Section 4.

Parents and guardians may request access to, correction of, or deletion of their child's data at any time by contacting us at privacy@melodian.app. If we become aware that data has been collected from a child under 13 without verifiable parental consent, we will delete it promptly.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.

Where we transfer personal data from the EEA or UK to a third country, we ensure appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs) approved by the relevant data protection authority, or transfers to countries with an adequacy decision.

10. Cookies and Tracking

We may use cookies and similar technologies to maintain your session, remember your preferences, and collect usage analytics. Cookies used are:

  • Essential cookies: Required for the Service to function (e.g. session management). These cannot be disabled.
  • Analytics cookies: Help us understand how users interact with the Service. You may opt out by contacting us.

We do not use advertising or cross-site tracking cookies.

11. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last updated" date at the top of this page and, where practical, notify you by email or via a notice within the Service. We encourage you to review this policy from time to time.

12. Contact Us

For any privacy-related questions, requests, or concerns, please contact our privacy team at:

privacy@melodian.app

We aim to respond to all enquiries within 30 days.

© 2026 Melodian. All rights reserved.