Terms of Use, Privacy and Security

Effective date: 05-01-2024

This document describes the kinds of information uTheory.com will collect for users, how it will be used, how it will be protected, and an assurance of your ownership of that data. It describes acceptable and unacceptable use of uTheory.com. In agreeing to this policy, you consent to allow uTheory to collect and use this information as described in this document and agree to the terms of use as described in this document.

Data Use and Privacy Policy:

Right to Privacy

uTheory.com will never publicly release, sell or otherwise distribute any personally identifiable information (including names, user names, emails or photos of users) without explicit permission of the users.

What Data We Collect and How We Use It

uTheory.com collects and saves the following personally identifiable information for users:

  • First and last names
  • Email address
  • A profile photo (if uploaded by user, or shared via a Facebook profile)
  • For teachers only, the name of the institution where they teach
  • For teachers only, information used to validate the teacher’s status as a teacher including but not limited to a url link or an image uploaded by the teacher to uTheory.com's servers.

The name of the teacher and the institution where they teach will be shared any time a teacher sends an invite or shares an invitation link to a section with students.

uTheory.com collects and saves the following usage information for all users:

  • Data on what portions (pages, exercises, etc...) of uTheory.com a user has completed and when they were completed
  • Users’ answers to interactive questions on uTheory.com, and metadata about these answers (including but not limited to speed, accuracy, etc…).
  • Audio recordings of performance assessments, such as sight singing or improvisation assignments.

If a user accepts an invitation to join a uTheory section taught by a third-party teacher, they give uTheory.com explicit permission to share all personally identifiable information and all usage information with that third-party teacher.

uTheory.com maintains all data on servers within the United States. Consent to this policy indicates consent to allow data to be transmitted to and stored within servers in the United States.

How we use your data

  • uTheory uses data from users and personally identifiable information (PII) for educational purposes, for improving users' experience with uTheory, and to enable the basic operation of uTheory (for example, saving email addresses to allow sign-in and authentication). All use of user data and PII is within the limitations expressed in FERPA and New York's Education Law 2-d.
  • Upon written request from a user or an educational agency, uTheory will delete or remove their PII as directed. Data deletion requests should be sent to support@utheory.com.
  • Access to PII is restricted solely to uTheory's staff who need such access to carry out support requests from educational agencies or users. Such staff are trained in data privacy requirements.
  • uTheory will not sell user data or use user data for marketing or commercial purposes. uTheory may use aggregated, annonymized user data for the purposes of research and improving its products, and may share the results of such annonymized analysis for sholarly, commercial or marketing purposes.
  • uTheory uses industry-standard security best practices to protect data. See "Data Protection Techniques" below.
  • uTheory uses the services of other companies to provide functionality to uTheory and its users. For example, uTheory's servers are partly hosted on Amazon Web Services (AWS). These companies do not have direct access to PII. For a list of uTheory's service providers, please contact us at support@utheory.com.

Right to Access, Right to Ownership

You retain rights to ownership of your personal data and meta data as defined above, and may at any point request it be exported or deleted by contacting support@utheory.com.

Educational agencies who use uTheory may at any point request that their associated data be exported or deleted by contacting support@utheory.com.

Right to be Forgotten

At any point, should you wish to delete all history of your use of uTheory.com, you may contact us at support@utheory.com. Upon verification of your identity, we will remove all records from our servers.

Cookies

uTheory.com uses a browser cookie to keep users logged in when they return to the site.

Credit Card Information

uTheory.com uses Stripe as a credit card processor. uTheory.com does not collect or store any credit card information on its servers. Stripe’s privacy policy can be found at https://stripe.com/us/privacy

GDPR

uTheory.com complies with the requirements of the GDPR. This document outlines uTheory.com's compliance with the GDPR.

Individual Subscription Cancelation and Refund Policy

You may cancel your uTheory subscription at any time from within your uTheory account, or by emailing support@utheory.com. Canceled subscriptions expire at the end of the subscription period.

Subscription fees are non-refundable, except that you may cancel a subscription by contacting uTheory within four calendar days after the subscription start or renewal date to request and receive a full refund of the new subscription fees.

FERPA

Users of uTheory.com acknowledge that when uTheory is used by an educational institution in the United States, personally identifiable information and usage information may constitute protected records per the Family Educational Rights and Privacy Act (FERPA). Users of uTheory maintain all of their rights as outlined in FERPA including:

  • The right to inspect and review education records maintained by the educational institution or uTheory
  • The right to request correction of a record you believe to be inaccurate or misleading
  • The right to control disclosure of any educational records and personally identifiable information

Acceptance of these terms of use signifies that users consent to allow uTheory personnel to have access to view student records which may include personally identifiable information and usage information when technical support is requested by the student or by the student's educational institution.

Requests regarding FERPA should be addressed to support@utheory.com.

New York Education Law §2-d

uTheory complies with all vendor requirements as outlined in New York's Education Law §2-d. This document outlines uTheory's compliance with the law's requirements for vendors.

If your BOCES requires additional documentation, such as a signed Data Sharing and Confedentiality Agreement, please contact us at sales@utheory.com.

COPPA

When uTheory is used by educators in their classroom, uTheory requests some personally identifiable information for students (including name and email) to allow teachers to be able to identify students within uTheory. To the extent COPPA applies, the school or district provides us with any necessary consent on behalf of its students' guardians to use uTheory in the classroom.

California Student Online Personal Information Protection Act (SOPIPA)

uTheory complies with all requirements of California's SOPIPA law. All covered information, as defined within SOPIPA, that is collected within uTheory is used exclusively for the school's educational purposes, in anonymized format to improve the quality of the services uTheory provides, or in anonymized and aggregated format for research or publicity purposes, as permitted by SOPIPA Section 22584b-4, e, f & g. None is used for targeted advertising, and uTheory does not deliver advertising or enable tracking in a way that would allow targeted advertising on third-party sites.

Further:

  • uTheory does not engage in targeted advertising to students, parents or guardians (section 22584b)
  • uTheory does not use tracking (including advertising cookies) that would enable targeted advertising on other sites (section 22584b-1).
  • uTheory does not sell any user information, ever (section 22584b-3).
  • uTheory does not disclose student information to third parties, except to those authorized from a student's school district, or when required by law as outlined in Section 22584e.
  • uTheory implements security procedures to prevent unauthorized access to data, and backup practices to prevent unauthorized destruction of data (section 22584d-1).
  • uTheory will delete a student's covered information when requested by the student's school or district. (section 22584d-2)

Terms of Use:

1. Products & Services Offered
uTheory.com offers products and services related to music theory, rhythm and ear training learning online.

2. Payment Terms
Subscription payments are charged on a recurring time period, chosen by the customer at the sale of a subscription. A subscription may be cancelled at any time, and will remain active until the end of the period that has already been paid for. Institutional sales are available for fixed-durations and a number of seats.

3. Your Responsibility

As a condition of use, you agree not to use the service:
  • To abuse, harass, threaten or intimidate any person
  • For any purpose that is not permitted under the laws of the jurisdiction where you use uTheory.com
  • To create or transmit unwanted spam to any person or URL
  • To post copyrighted content which does not belong to you
And you agree you will not:
  • Take any action that imposes at our discretion an unreasonable or disproportionate load on our infrastructure
  • Take any action that interferes or attempts to interfere with the proper working of the site
  • Bypass any measure we may use to prevent or restrict access to the site.

Failure to abide by these may result in your being temporarily or permanently blocked from using uTheory.com.

4. Privacy
uTheory.com’s privacy policy is available at http://utheory.com/#privacy

5. Warranties and guaranties
uTheory.com makes no warranty or guarantee of any kind, express or implied, including but not limited to the warranties of merchantability or fitness for a particular purpose.

Information Security Policy

uTheory.com makes every effort to keep user information secure & private, and takes these efforts seriously. uTheory.com follows industry best practices for data protection, including breach detection, based on the OWASP guidelines.

Data Protection Techniques

Some of the techniques used to protect user data include:

  • Hosting data exclusively at Tier IV-level data centers (as defined by the Uptime Institute)
  • End-to-end encryption for all client-server communications and server-server communications
  • Encryption at rest of all data
  • Static code analysis and vulnerability testing
  • Server-side data validation
  • Penetration testing
  • Code linting
  • Unit- and integration-testing with each commit of code
  • Server monitoring to detect unusual activity or attempted intrusion
  • Restricting server access to the smallest possible number of employees
  • Preventing data-loss with regular (minimum every 6 hours) off-site encrypted backups that are automatically deleted following an expiry period
  • Storing only a secure hash of a password, and never the password itself, on uTheory servers
  • Regular server-side software vulnerability assessments and upgrades

Notification

In the event of a data breach, uTheory.com will notify users within 72 hours of detection.

White Hat/Bug Bounty Program

As part of data security, we recognize that despite our best efforts, vulnerabilities may exist. Should you discover a security vulnerability on uTheory.com we encourage you to contact us at security@utheory.com as part of our Bug Bounty program. We may, at our sole discretion, reward such submissions with a bounty, provided that:

  1. You have detected a previously unreported bug or flaw that could result in the disclosure of sensitive user data or other private enterprise information.
  2. You’ve abided by the law in detecting the vulnerability,
  3. You give us reasonable time to investigate and mitigate any issue you report prior to disclosing it publicly or sharing information with others
  4. You make a good faith effort to avoid compromising the private information or experience of others, including (but not limited to) destruction of data or interruption or degradation of our services
  5. You do not exploit any security vulnerability you discover for any purpose (including demonstrating additional risk, such as attempting to compromise sensitive data or probing for additional issues)
  6. You disclose any privacy violation or disruption you may have caused while investigating an issue.
  7. We are able to verify that awarding a bug bounty to you is permitted by applicable laws including but not limited to US trade sanctions and economic restrictions.

Provided all of these conditions are met, uTheory.com will award a minimum bounty of $100.

Future Changes to these Policies

uTheory.com may modify the above policies. The latest version will be indicated by the effective-date at the top of this document. The revised privacy policy becomes effective when posted to uTheory.com. Your use of uTheory.com following these changes means you accept the revised privacy policy.

©2024 uTheory, LLP
uTheory is a registered trademark of uTheory, LLP