Harmonize
PricingLog in
|

Privacy

Privacy Policy

Effective Date: March 6, 2026

Last Updated: April 19, 2026

Harmonize LLC ("Harmonize," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Harmonize platform, including our website, mobile applications, and related services (collectively, the "Service").

By using the Service, you consent to the practices described in this Privacy Policy.

1. Information We Collect

Information You Provide

Teacher Data:

  • Name, email address, phone number, birthday
  • Business name and address (if applicable)
  • Last 4 digits of Social Security number (for Stripe identity verification)
  • Profile information and preferences
  • Full bank account information and tax identification numbers are collected by Stripe directly — Harmonize does not store full SSN, full bank account numbers, or full tax IDs

Parent/Guardian Data:

  • Name, email address, phone number
  • Payment method information (collected and stored by Stripe — we do not store full card numbers or bank account details)
  • Communication preferences

Student Data:

  • Name, birthdate, instrument, skill level
  • Lesson schedule, progress notes, and attendance records
  • Phone number or email address (if added by teacher or parent/guardian for platform access)

Student data is provided by their teacher or parent/guardian, not collected directly from students.

Content You Upload:

  • Lesson notes, assignments, messages, and file attachments

Dispute Data:

  • Dispute reason, notes, responses, and resolution details

Information Collected Automatically

When you use the Service, we may automatically collect:

  • Device information (browser type, operating system, device type)
  • IP address and approximate location
  • Usage data (pages visited, features used, session duration)
  • Cookies and similar tracking technologies (see our Cookie Policy)
  • Session replay data — Sentry captures anonymized screen recordings of user sessions for error diagnosis and debugging (see Section 6)
  • Mobile app data — push notification tokens and device identifiers

E-Signature Evidence

For each electronic signature within the Service, we collect:

  • IP address at the time of signing
  • Device fingerprint
  • Timestamp of the action
  • The exact disclosure or agreement text presented

SMS Consent Records

For each SMS consent, we record:

  • Consent type (transactional, reminder, or marketing)
  • Opt-in method, timestamp, IP address, and user agent
  • The exact disclosure text shown at the time of consent

Mobile opt-in information and phone numbers collected for SMS communications will never be shared with, sold to, or transferred to third parties or affiliates for marketing or promotional purposes.

SMS to contacts without prior consent: If a contact's phone number is provided by a teacher without an active SMS consent record (either teacher attestation or direct opt-in), Harmonize does not send SMS communications to that number. The contact must provide explicit consent — by signing in to their portal, opting in through a teacher-initiated consent flow, or replying START to an initial message — before SMS delivery is enabled.

AI Interaction Data

When you use AI-assisted features, we collect:

  • Prompts and queries submitted to AI features
  • AI-generated responses
  • Full audit log of AI-initiated actions

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process payments and facilitate transactions between teachers and parents/guardians
  • Send transactional communications (invoices, receipts, lesson reminders, schedule changes)
  • Deliver SMS messages in accordance with the Telephone Consumer Protection Act (TCPA) (see our Terms of Service, Section 9)
  • Facilitate disputes between teachers and parents/guardians
  • Provide AI-assisted features (scheduling, messaging, billing actions)
  • Verify electronic signatures and maintain signature evidence
  • Provide customer support
  • Improve and develop new features for the Service
  • Monitor usage patterns and analyze trends (PostHog analytics, Sentry error monitoring)
  • Capture session replays for debugging and improving user experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal information.

3. Payment Data

Harmonize uses Stripe, Inc. to process all payments. We do not store, collect, or have access to:

  • Full credit or debit card numbers
  • Full bank account numbers
  • Full Social Security numbers or full tax IDs (these are collected directly by Stripe)

We do store:

  • Last 4 digits of SSN (for Stripe identity verification)
  • Stripe customer IDs and connected account IDs
  • Transaction records (amounts, dates, invoice details)
  • Payment status and payout history
  • Payout schedule and hold status
  • Dispute-related financial records

All sensitive financial data is handled by Stripe in compliance with PCI-DSS Level 1 standards. For more information, see Stripe's Privacy Policy.

ACH Payments and Plaid

ACH bank account verification is processed via Plaid. Plaid collects bank credentials directly — Harmonize receives a verified bank account token, not your bank credentials. Plaid's collection and use of your data is subject to Plaid's Privacy Policy.

Offline Payments

Teachers may record offline payment methods (cash, check, or other) within the platform. Offline payments are not processed through Harmonize, and no financial data is transmitted or stored for these transactions beyond the teacher's records.

4. AI Data Processing

Harmonize offers AI-assisted features powered by third-party large language model (LLM) providers — OpenAI, Anthropic, Google, and Cerebras — accessed exclusively via their API endpoints.

What is sent to AI providers:

  • Conversation context (your prompts and relevant prior messages)
  • Relevant user data needed to fulfill the request (contact names, schedules, billing information)

What is NOT sent to AI providers:

  • Passwords or authentication credentials
  • Full payment credentials (card numbers, bank account numbers)
  • Social Security numbers (including partial)

Data processing safeguards:

  • Data processing agreements (DPAs) are in place with each provider
  • AI providers accessed via API do not use your data to train their models
  • AI audit logs are retained as part of your account data
  • You can review AI-initiated actions in your account's audit trail

5. Children's Privacy (COPPA)

Harmonize does not allow users under 13 to access the Service. The Service is designed for use by adult teachers and parents/guardians.

Student access to the Service is initiated by the teacher or parent/guardian who adds the student's contact information (such as a phone number or email address). Teachers and parents/guardians are responsible for not granting platform access to children under 13. If a student's birthdate on record indicates they are under 13, magic link login access is blocked.

Student information — including names, lesson details, and progress records of minors — is provided to Harmonize by the student's teacher or parent/guardian. This information is used solely to provide the Service (scheduling, progress tracking, and billing).

Parents' Rights:

  • Parents or guardians may request to review, correct, or delete their child's personal information at any time by contacting their teacher or by emailing us at privacy@harmonize.app.
  • We will promptly delete a child's information upon a verified parental request.

If we discover that we have inadvertently collected personal information directly from a child under 13 without verified parental consent, we will delete that information promptly.

6. How We Share Your Information

We do not sell your personal information. We may share your information with:

Service Providers

We use third-party services to operate the platform:

ServicePurposeData Shared
StripePayment processing and payoutsTransaction data, payer info
TwilioSMS message deliveryPhone numbers, message content
Firebase / Google CloudInfrastructure, database, and authenticationAll service data (encrypted at rest and in transit)
PlaidACH bank account verificationBank account tokens
PostHogProduct analyticsUsage data, anonymized interactions
SentryError monitoring and session replaysError context, session recordings
OpenTimestampsSignature timestamp verificationDocument hashes (no PII)
OpenAI, Anthropic, Google, CerebrasAI features (via API)Conversation context, relevant user data
VercelWebsite hostingWeb traffic data

These services may receive student contact information (such as name, phone number, email, or lesson details) when necessary to perform their function — for example, to send SMS reminders, process payments that reference a student's lessons, or provide AI-assisted scheduling. Services without this marker do not receive student-identifying information.

These providers only access your data as necessary to perform their services and are bound by their own privacy policies and, where applicable, data processing agreements.

Teachers and Parents

  • Teachers can see parent/guardian contact information and student data for families enrolled in their studio.
  • Parents/guardians can see their teacher's business name and contact information.

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

If Harmonize is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

Advertising and Marketing

We may use advertising and marketing tools — such as tracking pixels, conversion APIs, and retargeting tags — to measure campaign performance and reach prospective users. These tools may share anonymized or pseudonymized usage data (such as page visits or feature interactions) with advertising platforms. We do not sell your personal information to advertisers.

7. Data Retention

  • Active accounts: We retain your data for as long as your account is active and as needed to provide the Service.
  • After cancellation: We retain account data indefinitely for business continuity, to support potential account reactivation, and to resolve any outstanding billing or legal matters. You may request deletion of your data at any time (see below).
  • Payment and financial records: Retained for 7 years to comply with tax and financial reporting obligations.
  • Electronic signature records: Retained for the life of the associated contract or agreement plus the applicable retention period.
  • SMS consent records: Retained for the duration of the consent relationship plus 5 years (TCPA statute of limitations).
  • AI audit logs: Retained with account data.
  • Dispute records: Retained with payment records (7 years).
  • Session replay data: 90 days (Sentry retention policy).
  • Deletion requests: You may request deletion of your data at any time by contacting privacy@harmonize.app. We will honor verified requests within 30 days, subject to legal retention requirements (e.g., tax records, signature evidence, SMS consent records). Parents or guardians may request deletion of a minor's data at any time; see Section 5.

8. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication requirements
  • Regular security monitoring and incident response procedures
  • Secure cloud infrastructure (Google Cloud / Firebase)

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users without unreasonable delay and in compliance with applicable state and federal law. Notification will include the nature of the breach, the types of data potentially affected, and steps you can take to protect yourself.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Opt-Out of Analytics: You can opt out of analytics tracking through your browser settings.

To exercise any of these rights, contact us at privacy@harmonize.app. We will respond to your request within 30 days.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, email privacy@harmonize.app or use the contact information in Section 13.

10. International Data

The Service is operated in the United States. All data is stored on US-based infrastructure (Google Cloud / Firebase). By using the Service from outside the United States, you consent to the transfer and processing of your data in the United States.

11. Cookies and Tracking

We use cookies and similar technologies to operate the Service, remember your preferences, and analyze usage. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Harmonize LLC

Harmonize with us.

Streamline your lessons and keep students on track.

© 2025 Harmonize LLC
English
Terms & Privacy