← Back to home

Privacy Policy

Last updated: May 2, 2026

This policy describes how Kathucoda (“we”, “us”) collects and uses information across our website, mobile app, admin portal, and backend services. Store submissions (Google Play / Apple App Store) and integrations such as Meta require accurate disclosures — review this with your legal advisor before publishing.

1. Who we are

Kathucoda provides music education services and related digital tools. For privacy requests, contact us using the details in Section 12 — Contact.

2. What this policy covers

This policy applies to:

  • Public website (e.g. pages hosted at kathucoda.com, including this privacy policy).
  • Mobile application(s) built with Expo / React Native that connect to our systems.
  • Admin web application used by authorized staff to manage students, instructors, scheduling, and operations.
  • API / server (backend application, database, email delivery, and related infrastructure).

Third-party services (e.g. WhatsApp, Instagram / Meta, analytics) have their own policies — see Section 8.

3. Information we collect

Depending on how you interact with us, we may collect:

  • Identity & account: name, email address, phone number, role (e.g. student, teacher, admin).
  • Authentication: one-time codes sent by email for login or verification (we do not store your password as plain text where passwordless OTP is used).
  • Music-school data: instrument, level, notes, enrollment and session scheduling, attendance-related records, and similar operational data needed to run classes.
  • Optional profile fields: e.g. Instagram username when provided for coordination or marketing follow-up.
  • Technical & usage: IP address, device/browser type, approximate timestamps, app version, and diagnostic logs needed to operate and secure our services.
  • Website analytics: our public site may use tools such as Google Analytics to understand aggregate traffic (pages viewed, referrals). You can control cookies via your browser and vendor opt-out tools.

4. How we use information

We use data to:

  • Provide lessons, scheduling, billing/invoicing workflows, and internal administration.
  • Authenticate users and protect accounts.
  • Communicate about classes, invoices, and service-related notices.
  • Maintain security, prevent abuse, debug issues, and comply with law.
  • Improve our products (including aggregated or de-identified analytics where appropriate).

5. Legal bases (EEA / UK users)

Where GDPR / UK GDPR applies, we rely on appropriate bases such as contract (providing services you request), legitimate interests (security, product improvement, internal administration), and where required consent (e.g. certain marketing cookies or optional features). You may have rights to access, rectify, delete, restrict, or port your data, and to object — contact us to exercise these rights.

6. Sharing & subprocessors

We share data only as needed:

  • Hosting & infrastructure (e.g. cloud providers where our API and database run).
  • Email delivery (transactional messages such as OTP or notifications via providers like Resend or similar).
  • Analytics (e.g. Google Analytics on the marketing site — governed by Google’s policies).
  • Communication channels you choose (e.g. WhatsApp when you initiate chat via our link — governed by Meta/WhatsApp).
  • Legal & safety: when required by law, court order, or to protect rights and safety.

We do not sell your personal information as “sale” is commonly understood in California / similar regimes; we may use standard advertising/analytics cookies on the website as described by those vendors.

7. Data retention & security

We retain operational records as long as needed for legitimate school operations, legal obligations, and dispute resolution. We implement reasonable technical and organizational measures (encryption in transit where applicable, access controls for admin tools, secured hosting). No method of transmission over the Internet is 100% secure.

8. Third-party links & Meta / Instagram

Our website or apps may link to Instagram, WhatsApp, YouTube, or other services. If you connect Meta / Instagram features (including Business Login, webhooks, or messaging APIs), Meta’s terms and data policies apply in addition to this policy. Configure integrations only with accounts you are authorized to manage.

9. Children’s privacy

Our services may serve minors enrolled by parents/guardians. Where required by law (including Children’s Online Privacy Protection where applicable), we rely on parental consent or school-operational authority as appropriate. Parents may contact us regarding a minor’s information.

10. International transfers

If you access our services from outside the country where servers are hosted, your data may be processed in other countries with adequate safeguards (e.g. standard contractual clauses) where required by law.

11. Changes

We may update this policy from time to time. We will post the new date at the top and, where appropriate, provide additional notice in-app or by email. Continued use after changes means you acknowledge the updated policy.

12. Contact & your rights

For privacy questions or requests (access, correction, deletion where applicable), use the details on our Contact page, including account and data deletion. You can also use the phone and WhatsApp number on our home page, or email kathucoda@gmail.com.

Disclaimer: This document is provided for transparency and operational alignment with app store and platform requirements. It is not legal advice — consult qualified counsel for your jurisdiction.