Sign In Sign Up Collections Repository Progress Pricing

Privacy Policy

We are committed to protecting your personal data and your right to privacy. The purpose of this privacy policy is to explain what information we collect, how we use it, and your rights.
Last updated: January 5th 2026.

Definitions

“Service” means, collectively: (a) the website available at qlavist.com and any subdomains of qlavist.com; (b) the Qlavist web application made available through that website; and (c) any Qlavist mobile application(s) we make available for download; in each case, together with all related content, features, functionality, updates, and support services that we provide in connection with Qlavist.

Who We Are

We are Qlavist, operated by Fussbann Group SARL-S, registered as a SARL-S in Luxembourg with a share capital of €100. The official address of Fussbann Group is 18 Rue Edmond Zinnen, Differdange, 4688. Registered under number B287598, with business permit number 10168928/0. You can contact us and our representative responsible for data privacy at contact [at] qlavist.com.

We reserve the right to change this privacy policy from time to time. Only significant changes will be notified on our website.

This policy was initially drafted in English. If any translated version of this policy differs from the English version, the English version will take precedence.

How We Process Your Data

When You Visit Our Website

When you visit our website (whether or not you are logged in), we process limited technical information that your device and browser send to display the site and keep it secure. This may include server log data (for example, request and error logs) and the use of strictly necessary cookies or similar technologies required for core functions such as security and session management. We do not use analytics or advertising cookies at this time. If we introduce optional cookies in the future, we will ask for your consent through our cookie settings.

When You Register and Use Our Service

Registration with email and password. When you create an account directly with Qlavist, we process the information you provide to set up and secure your account (such as your email address and login credentials) and basic account identifiers. We also store this information as part of your account profile. We use this information to authenticate you, provide access to the Service, and manage your subscription.

Registration / sign-in with Google. When you choose to register or sign in using Google, you authorize Google to share limited account information with us for authentication and account creation/linking (typically your email address, name, and a unique identifier). We also store this information as part of your account profile. We do not request or receive your Google profile picture.

Legal basis and purpose. The processing described above is necessary for the performance of our contract with you. We use these data to establish and manage your user account, provide access to the Service, manage your subscription, and send you essential, non-promotional messages about your account and the Service (such as security notices and support communications). To deliver these messages, we use an email service provider acting on our behalf.

Age Verification

Our Service is not intended for users under 16 years of age at this time. During registration, we ask you to confirm that you meet this age requirement. We use this information only to enforce our eligibility rules and help protect children’s privacy. We do not collect or retain your date of birth for this purpose. Instead, we store an account-level indicator showing that the age check has been completed, so we do not ask you again.

Core Service Data Processing

We process certain information that is necessary to provide the Service, operate your account, and deliver the learning features you use. This processing is necessary to perform our contract with you.

  • MIDI and instrument settings. When you connect a MIDI device, we process basic device details (such as device name and manufacturer) to support compatibility and provide a smoother setup experience in future sessions.

  • Calibration and feedback data. If you use the calibration feature, we process and retain calibration outputs and related computed values so that feedback and exercises can be adapted to your instrument and settings. For performance and convenience, we may also store limited calibration-related settings locally on your device so you do not have to repeat setup steps.

  • Practice and progress data. When you use exercises, we process and retain information about your practice and learning progress in order to provide the core learning functionality. This may include, for example, practice time, what you practiced (such as pieces/exercises and sections or measures), practice history, and performance scores we calculate (such as accuracy and dynamics-related scores) to help you track your progress over time. Real-time feedback is generated during your practice session, and certain computations may take place on your device. As Qlavist evolves, some features may require processing additional practice-related data on our systems; if so, we will describe those changes in this Privacy Policy before they apply.

  • Subscription management (Stripe). If you subscribe to a paid plan, payments are processed by our payment provider, Stripe. We do not receive or store your payment card details. We retain limited subscription and billing administration data needed to manage your access (such as your Stripe customer reference, subscription reference, plan reference, subscription status, and relevant subscription dates).

  • Operational and security data. To operate the Service reliably and keep it secure, we process and retain limited operational data generated when you access Qlavist. This may include account and session identifiers, basic connection and device information (such as IP address and browser/OS type), timestamps, and service logs (for example, authentication, error, and security logs). We use this data to maintain availability, troubleshoot issues, prevent abuse or fraud, and protect accounts and the Service.

  • User feedback events. When you submit feedback in the Service (for example a rating or other feedback prompt), we store the feedback event and related context to help us improve Qlavist and troubleshoot issues. This may include the time of the feedback, the type of feedback event, the page or feature you were using (such as the URL), and the information you submit as part of the feedback. Feedback content may include personal data if you choose to include it. We process this information based on our legitimate interest in improving and securing the Service and handling user feedback.

Marketing and Promotional Communications

For sending promotional emails and marketing updates, we rely on your explicit consent. You will be asked separately to provide this consent, and you can manage or withdraw it at any time in your account settings.

Marketing and Advertising

At this time, we do not display advertising in Qlavist and we do not use advertising cookies or similar technologies for marketing targeting. If we introduce advertising or ad-related tracking in the future, we will update this Privacy Policy and, where required, ask for your consent via our cookie settings before such technologies are used.

When You Contact Us

We collect personal data that you voluntarily provide when you contact us (for example via our contact form), such as your name and email address. We use this information to respond to your inquiry, based on our legitimate interest in providing support and handling requests. We retain a record of our correspondence to handle your request and follow up.

How We Store and Protect Your Data

We are committed to securing your personal data. We store your data on servers hosted by DigitalOcean, a cloud infrastructure provider. Our Service data is hosted within the European Economic Area (EEA), and access to it is restricted and controlled.

To protect your data, we implement a range of technical and organizational security measures, including:

  • Encryption: We use encryption to protect your data both in transit (when it is sent from your device to our servers) and at rest (when it is stored on our servers).

  • Access Control: Access to your personal data is restricted using appropriate access controls.

  • Secure Infrastructure: DigitalOcean maintains security standards and assurance programs that support a robust and secure foundation for our services. You can read more about their security here: https://www.digitalocean.com/security.

We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your personal data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

You can also help protect your personal data by using a strong password, keeping it confidential, and avoiding reusing the same login credentials across different services. If you suspect that your Qlavist account or your interaction with us is no longer secure (for example, you believe your account has been compromised), please contact us immediately.

How Long We Keep Your Data

We will not keep your personal data for longer than is necessary for the purposes for which it was collected. The specific retention periods depend on the type of data and the purpose of processing. In some cases, we may retain certain information for longer where it is necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

  • Account and Service Data: We retain your account information, user progress, and MIDI device and calibration data for as long as your account is active. If you request the deletion of your account, we will delete this data from our active systems and request deletion from our Service providers acting on our behalf, where applicable. After you delete your account, we may keep aggregated and/or anonymised statistics that do not identify you. Copies of your personal information may remain in our backups for a limited period, and deletions will be applied again if a backup is restored.

  • Age Verification Data: As noted, we do not store your specific date of birth after the initial verification. We only retain a flag in your account to indicate that your age has been verified, which is kept for the duration of your account's existence.

  • Payment Data: We do not store credit card information on our servers. Your Stripe customer ID and subscription status are retained for as long as you have an active subscription. We may retain records required for accounting, tax, and other legal obligations for the periods required by applicable law.

  • Communications: Information provided through contact forms is retained for as long as necessary to resolve your inquiry and for a reasonable period thereafter for record-keeping, unless we need to retain it longer to establish, exercise, or defend legal claims.

  • Marketing Data: Data collected for marketing communications is stored until you withdraw your consent (for example, by unsubscribing or changing your preferences).

  • Feedback Data: We retain feedback events for as long as necessary to review and act on feedback, improve the Service, and maintain appropriate records for troubleshooting and Service quality. Where feasible, we may retain aggregated and/or anonymised statistics that do not identify you.

Data Sharing and International Data Transfers

We may share your data with a limited number of third-party service providers who process data on our behalf (data processors). In addition, if you choose to use a third-party sign-in option, the relevant sign-in provider will process your data under its own terms. These include:

  • Payment Processor: Stripe, for handling payment transactions. DPA/compliance information: https://stripe.com/legal/dpa/faqs.

  • Cloud Infrastructure: DigitalOcean, for hosting our application and storing your data. DPA: https://www.digitalocean.com/legal/data-processing-agreement.

  • Email Delivery Provider (transactional communications): Sendamatic, for sending essential, non-promotional service messages (such as account/security notices and support-related communications). Where Sendamatic or its sub-processors process personal data outside the EEA, we require appropriate safeguards and contractual protections and are notified of material changes to sub-processors in accordance with our agreement. DPA: https://assets.qlavist.com/media/dpa/sendamatic.pdf

  • Sign-in Provider: Google, if you choose to register or sign in using Google.

If any of our service providers (or their sub-processors) process data outside the EEA, this may involve transferring personal data to countries outside the European Union. Where such transfers occur, we rely on appropriate safeguards recognized under EU data protection law, such as an adequacy decision (including, where applicable, the EU–US Data Privacy Framework for certified US organizations) and/or standard contractual clauses. You can verify EU–US Data Privacy Framework certification on the official website: https://www.dataprivacyframework.gov.

Your Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. You can exercise these rights by contacting us via email at contact [at] qlavist.com. If you make a request, we have one month to respond to you. In some cases, we may extend this period by up to two additional months (for example, if your request is complex or you make multiple requests). If we do so, we will let you know within the first month. Every user is entitled to the following rights:

  • The right to be informed: You have the right to be informed about how we collect and use your personal data. This privacy policy is intended to fulfill this right.

  • The right to access: You have the right to request copies of your personal data. While we provide the first copy free of charge, we may charge a reasonable fee based on administrative costs for any further copies requested by you.

  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.

  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.

  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

  • The right to object: You have the right to object to our processing of your personal data, under certain conditions.

  • The right not to be subject to automated individual decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You may request human intervention in such cases.

  • The right to withdraw consent: Where we rely on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing carried out before you withdrew your consent.

  • The right to lodge a complaint: You have the right to lodge a complaint with a data protection authority. Please see the section on complaints below for details.

How to Lodge a Complaint

If you believe we have not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with a data protection supervisory authority. We encourage you to contact us first so we can try to resolve the issue.

If you are in Luxembourg, you can contact the Commission Nationale pour la Protection des Données (CNPD) and submit a complaint using their official complaint form: https://cnpd.public.lu/en/particuliers/faire-valoir/formulaire-plainte.html. cnpd.public.lu+1

If you are in the EU/EEA outside Luxembourg, you may also lodge a complaint with the supervisory authority where you live, work, or where you believe the issue occurred.

Cookies and Other Technologies

Our website uses cookies, which are small text files placed on your device, and other similar technologies like localStorage and sessionStorage. We use these technologies to ensure the website functions correctly, secure your experience, and (where you choose) remember certain settings for convenience.

How We Use Cookies

We use these technologies for different purposes:

  • Strictly Necessary Functionality (no consent required): We use cookies and client-side storage items that are essential to ensure the correct operation of our website and to provide the services you have requested. This includes maintaining your user session, enabling secure login, and supporting essential site navigation. Where needed for the Service to work during an active session, we use session cookies and/or sessionStorage to preserve essential in-session selections (such as your currently selected MIDI device, practice session settings, and session calibration data needed to generate real-time feedback) so your practice session continues to work across page navigation. It also includes technologies used by third-party services that are required to provide requested features, such as Stripe (when you make payments) for secure payment processing and fraud prevention. These strictly necessary technologies are used only to provide requested features (such as account login, security, and payments) and are not used for analytics or advertising.

  • Security (strictly necessary; no consent required): We use security technologies from services such as Cloudflare Turnstile to protect our website and services from spam and malicious abuse. The data collected by these services is used to distinguish between a human user and automated bot activity. You can learn more about how Cloudflare handles data by visiting their privacy policy.

  • Preferences / Functional (optional; based on your choice): If you choose to enable preference storage, we may use cookies and/or localStorage to remember certain settings for convenience so you do not have to re-enter them each time. To remember your choice about this optional preference storage on this device, we use a cookie named qlv_storage_optin that stores only whether preference storage is enabled or disabled. The preference storage is intended to remember settings across browser sessions on this device. This may include remembering interface and practice settings (such as tempo, looping, metronome, and selected targets), table display settings, whether you have completed onboarding prompts, and recent MIDI device and calibration information on this device.

  • Analytics and Advertising (consent-based): At this time, we do not use analytics or advertising cookies or similar technologies. If we introduce optional analytics or advertising technologies in the future, we will ask for your consent through our cookie settings before they are used.

How to Manage Your Cookie Preferences

You have full control over your cookie preferences. Optional Preferences / Functional storage can be managed in the Qlavist exercise interface settings (when you are signed in). You can enable or disable preference storage at any time, and if you disable it, we will stop using optional localStorage for convenience features on that device. Changing this setting updates (or removes) the qlv_storage_optin cookie; you can also delete it via your browser settings.

You can also set your browser not to accept cookies. The website allaboutcookies.org provides detailed instructions on how to do this. However, please be aware that blocking strictly necessary cookies and client-side storage items may impact the core functionality of our website.