Right to Privacy
uTheory.com will never publicly release, sell or otherwise distribute any personally identifiable information (including names, user names, emails or photos of users) without explicit permission of the users.
What Data We Collect and How We Use It
uTheory.com collects and saves the following personally identifiable information for users:
- First and last names
- Email address
- A profile photo (if uploaded by user, or shared via a Facebook profile)
- For teachers only, the name of the institution where they teach
- For teachers only, information used to validate the teacher’s status as a teacher including but not limited to a url link or an image uploaded by the teacher to uTheory.com's servers.
The name of the teacher and the institution where they teach will be shared any time a teacher sends an invite or shares an invitation link to a section with students.
uTheory.com collects and saves the following usage information for all users:
- Data on what portions (pages, exercises, etc...) of uTheory.com a user has completed and when they were completed
- Users’ answers to interactive questions on uTheory.com, and metadata about these answers (including but not limited to speed, accuracy, etc…).
- Audio recordings of performance assessments, such as sight singing or improvisation assignments.
If a user accepts an invitation to join a uTheory section taught by a third-party teacher, they give uTheory.com explicit permission to share all personally identifiable information and all usage information with that third-party teacher.
uTheory.com maintains all data on servers within the United States. Consent to this policy indicates consent to allow data to be transmitted to and stored within servers in the United States.
How we use your data
- uTheory uses data from users and personally identifiable information (PII) for educational purposes, for improving users' experience with uTheory, and to enable the basic operation of uTheory (for example, saving email addresses to allow sign-in and authentication). All use of user data and PII is within the limitations expressed in FERPA and New York's Education Law 2-d.
- Upon written request from a user or an educational agency, uTheory will delete or remove their PII as directed. Data deletion requests should be sent to firstname.lastname@example.org.
- Access to PII is restricted solely to uTheory's staff who need such access to carry out support requests from educational agencies or users. Such staff are trained in data privacy requirements.
- uTheory will not sell user data or use user data for marketing or commercial purposes. uTheory may use aggregated, annonymized user data for the purposes of research and improving its products, and may share the results of such annonymized analysis for sholarly, commercial or marketing purposes.
- uTheory uses industry-standard security best practices to protect data. See "Data Protection Techniques" below.
- uTheory uses the services of other companies to provide functionality to uTheory and its users. For example, uTheory's servers are partly hosted on Amazon Web Services (AWS). These companies do not have direct access to PII. For a list of uTheory's service providers, please contact us at email@example.com.
Right to Access, Right to Ownership
You retain rights to ownership of your personal data and meta data as defined above, and may at any point request it be exported or deleted by contacting firstname.lastname@example.org.
Educational agencies who use uTheory may at any point request that their associated data be exported or deleted by contacting email@example.com.
Right to be Forgotten
At any point, should you wish to delete all history of your use of uTheory.com, you may contact us at firstname.lastname@example.org. Upon verification of your identity, we will remove all records from our servers.
uTheory.com uses a browser cookie to keep users logged in when they return to the site.
Credit Card Information
uTheory.com complies with the requirements of the GDPR. This document outlines uTheory.com's compliance with the GDPR.
Users of uTheory.com acknowledge that when uTheory is used by an educational institution in the United States, personally identifiable information and usage information may constitute protected records per the Family Educational Rights and Privacy Act (FERPA). Users of uTheory maintain all of their rights as outlined in FERPA including:
- The right to inspect and review education records maintained by the educational institution or uTheory
- The right to request correction of a record you believe to be inaccurate or misleading
- The right to control disclosure of any educational records and personally identifiable information
Requests regarding FERPA should be addressed to email@example.com.
New York Education Law §2-d
uTheory complies with all vendor requirements as outlined in New York's Education Law §2-d. This document outlines uTheory's compliance with the law's requirements for vendors.
If your BOCES requires additional documentation, such as a signed Data Sharing and Confedentiality Agreement, please contact us at firstname.lastname@example.org.
1. Products & Services Offered
uTheory.com offers products and services related to music theory, rhythm and ear training learning online.
2. Payment Terms
Subscription payments are charged on a recurring time period, chosen by the customer at the sale of a subscription. A subscription may be cancelled at any time, and will remain active until the end of the period that has already been paid for. Institutional sales are available for fixed-durations and a number of seats.
3. Your ResponsibilityAs a condition of use, you agree not to use the service:
- To abuse, harass, threaten or intimidate any person
- For any purpose that is not permitted under the laws of the jurisdiction where you use uTheory.com
- To create or transmit unwanted spam to any person or URL
- To post copyrighted content which does not belong to you
- Take any action that imposes at our discretion an unreasonable or disproportionate load on our infrastructure
- Take any action that interferes or attempts to interfere with the proper working of the site
- Bypass any measure we may use to prevent or restrict access to the site.
Failure to abide by these may result in your being temporarily or permanently blocked from using uTheory.com.
5. Warranties and guaranties
uTheory.com makes no warranty or guarantee of any kind, express or implied, including but not limited to the warranties of merchantability or fitness for a particular purpose.
Information Security Policy
uTheory.com makes every effort to keep user information secure & private, and takes these efforts seriously. uTheory.com follows industry best practices for data protection, including breach detection, based on the OWASP guidelines.
Data Protection Techniques
Some of the techniques used to protect user data include:
- Hosting data exclusively at Tier IV-level data centers (as defined by the Uptime Institute)
- End-to-end encryption for all client-server communications and server-server communications
- Encryption at rest of all data
- Static code analysis and vulnerability testing
- Server-side data validation
- Penetration testing
- Code linting
- Unit- and integration-testing with each commit of code
- Server monitoring to detect unusual activity or attempted intrusion
- Restricting server access to the smallest possible number of employees
- Preventing data-loss with regular (minimum every 6 hours) off-site encrypted backups that are automatically deleted following an expiry period
- Storing only a secure hash of a password, and never the password itself, on uTheory servers
- Regular server-side software vulnerability assessments and upgrades
In the event of a data breach, uTheory.com will notify users within 72 hours of detection.
White Hat/Bug Bounty Program
As part of data security, we recognize that despite our best efforts, vulnerabilities may exist. Should you discover a security vulnerability on uTheory.com we encourage you to contact us at email@example.com as part of our Bug Bounty program. We may, at our sole discretion, reward such submissions with a bounty, provided that:
- You have detected a previously unreported bug or flaw that could result in the disclosure of sensitive user data or other private enterprise information.
- You’ve abided by the law in detecting the vulnerability,
- You give us reasonable time to investigate and mitigate any issue you report prior to disclosing it publicly or sharing information with others
- You make a good faith effort to avoid compromising the private information or experience of others, including (but not limited to) destruction of data or interruption or degradation of our services
- You do not exploit any security vulnerability you discover for any purpose (including demonstrating additional risk, such as attempting to compromise sensitive data or probing for additional issues)
- You disclose any privacy violation or disruption you may have caused while investigating an issue.
- We are able to verify that awarding a bug bounty to you is permitted by applicable laws including but not limited to US trade sanctions and economic restrictions.
Provided all of these conditions are met, uTheory.com will award a minimum bounty of $100.
Future Changes to these Policies