Right to Privacy
uTheory.com will never publicly release, sell or otherwise distribute any personally identifiable information (including names, user names, emails or photos of users) without explicit permission of the users.
What Data We Collect and How We Use It
uTheory.com collects and saves the following personally identifiable information for users:
- First and last names
- Email address
- A profile photo (if uploaded by user, or shared via a Facebook profile)
- For teachers only, the name of the institution where they teach
- For teachers only, information used to validate the teacher’s status as a teacher including but not limited to a url link or an image uploaded by the teacher to uTheory.com's servers.
The name of the teacher and the institution where they teach will be shared any time a teacher sends an invite or shares an invitation link to a section with students.
uTheory.com collects and saves the following usage information for all users:
- Data on what portions (pages, exercises, etc...) of uTheory.com a user has completed and when they were completed
- Users’ answers to interactive questions on uTheory.com, and metadata about these answers (including but not limited to speed, accuracy, etc…).
If a user accepts an invitation to join a uTheory section taught by a third-party teacher, they give uTheory.com explicit permission to share all personally identifiable information and all usage information with that third-party teacher.
uTheory.com maintains all data on servers within the United States. Consent to this policy indicates consent to allow data to be transmitted to and stored within servers in the United States.
uTheory.com may from time to time share anonymized or aggregate data about users’ progress, for instance in research papers on music theory learning, but will never release identifiable information.
Right to Access, Right to Ownership
You retain rights to ownership of your personal data and meta data as defined above, and may at any point request it be exported or deleted by contacting email@example.com.
Right to be Forgotten
At any point, should you wish to delete all history of your use of uTheory.com, you may contact us at firstname.lastname@example.org. Upon verification of your identity, we will remove all records from our servers.
uTheory.com uses a browser cookie to keep users logged in when they return to the site.
Credit Card Information
uTheory.com complies with the requirements of the GDPR. This document outlines uTheory.com's compliance with the GDPR.
Users of uTheory.com acknowledge that when uTheory is used by an educational institution in the United States, personally identifiable information and usage information may constitute protected records per the Family Educational Rights and Privacy Act (FERPA). Users of uTheory maintain all of their rights as outlined in FERPA including:
- The right to inspect and review education records maintained by the educational institution or uTheory
- The right to request correction of a record you believe to be inaccurate or misleading
- The right to control disclosure of any educational records and personally identifiable information
Requests regarding FERPA should be addressed to email@example.com.
1. Products & Services Offered
uTheory.com offers products and services related to music theory, rhythm and ear training learning online.
2. Payment Terms
Subscription payments are charged on a recurring time period, chosen by the customer at the sale of a subscription. A subscription may be cancelled at any time, and will remain active until the end of the period that has already been paid for. Institutional sales are available as annual licenses.
3. Your ResponsibilityAs a condition of use, you agree not to use the service:
- To abuse, harass, threaten or intimidate any person
- For any purpose that is not permitted under the laws of the jurisdiction where you use uTheory.com
- To create or transmit unwanted spam to any person or URL
- To post copyrighted content which does not belong to you
- Take any action that imposes at our discretion an unreasonable or disproportionate load on our infrastructure
- Take any action that interferes or attempts to interfere with the proper working of the site
- Bypass any measure we may use to prevent or restrict access to the site.
Failure to abide by these may result in your being temporarily or permanently blocked from using uTheory.com.
5. Warranties and guaranties
uTheory.com makes no warranty or guarantee of any kind, express or implied, including but not limited to the warranties of merchantability or fitness for a particular purpose.
Information Security Policy
uTheory.com makes every effort to keep user information secure & private, and takes these efforts seriously. uTheory.com follows industry best practices for data protection, including breach detection, based on the OWASP guidelines.
Data Protection Techniques
Some of the techniques used to protect user data include:
- Hosting data exclusively at Tier IV-level data centers (as defined by the Uptime Institute)
- End-to-end encryption for all client-server communications and server-server communications
- Encryption at rest of all data
- Static code analysis and vulnerability testing
- Server-side data validation
- Penetration testing
- Code linting
- Unit- and integration-testing with each commit of code
- Server monitoring to detect unusual activity or attempted intrusion
- Restricting server access to the smallest possible number of employees
- Preventing data-loss with regular (minimum every 6 hours) off-site encrypted backups that are automatically deleted following an expiry period
- Storing only a secure hash of a password, and never the password itself, on uTheory servers
- Regular server-side software vulnerability assessments and upgrades
In the event of a data breach, uTheory.com will notify users within 72 hours of detection.
White Hat/Bug Bounty Program
As part of data security, we recognize that despite our best efforts, vulnerabilities may exist. Should you discover a security vulnerability on uTheory.com we encourage you to contact us at firstname.lastname@example.org as part of our Bug Bounty program. We may, at our sole discretion, reward such submissions with a bounty, provided that:
- You have detected a previously unreported bug or flaw that could result in the disclosure of sensitive user data or other private enterprise information.
- You’ve abided by the law in detecting the vulnerability,
- You give us reasonable time to investigate and mitigate any issue you report prior to disclosing it publicly or sharing information with others
- You make a good faith effort to avoid compromising the private information or experience of others, including (but not limited to) destruction of data or interruption or degradation of our services
- You do not exploit any security vulnerability you discover for any purpose (including demonstrating additional risk, such as attempting to compromise sensitive data or probing for additional issues)
- You disclose any privacy violation or disruption you may have caused while investigating an issue.
- We are able to verify that awarding a bug bounty to you is permitted by applicable laws including but not limited to US trade sanctions and economic restrictions.
Provided all of these conditions are met, uTheory.com will award a minimum bounty of $100.
Future Changes to these Policies