Privacy Policy

Introduction

Arco, LLC ("Arco," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Arco mobile application and web service (collectively, the "Service").

By using Arco, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you create an account, we collect:

• Email address (via Apple Sign-In or email authentication)
• Apple ID identifier (if using Apple Sign-In)

Content You Create

When you use the Service, we store:

• Audio recordings of your music lessons
• Transcriptions generated from your recordings
• AI-generated lesson summaries
• Notes, tags, and annotations you add
• Chat conversations with our AI assistant

Payment Information

When you subscribe to a paid plan or purchase credits:

• Payment processing is handled entirely by Apple (App Store) or Stripe
• We do not store your credit card numbers or payment details
• We receive only transaction confirmations and subscription status

Usage Data

We collect limited usage data to improve the Service:

• App crash reports and performance metrics
• Feature usage analytics (anonymized)
• Device type and operating system version

Data You Choose to Sync

If you enable optional features:

• Google Drive backup data (stored in your own Google Drive account)

Cookies, Local Storage, and Similar Technologies (Web)

When you use the web app, we use browser storage (including localStorage and sessionStorage) for essential functions such as session persistence, security flows, and user preferences.

We do not use third-party advertising cookies.

You can clear browser storage in your browser settings, but doing so may sign you out and reset some preferences.

How We Use Your Information

We use your information for the following purposes:

1. Provide the Service — Process your recordings, generate transcriptions and summaries, and enable AI-powered lesson analysis
2. Manage Your Account — Process subscriptions, track usage credits, and maintain your account
3. Improve the Service — Analyze anonymized usage patterns to enhance features and fix bugs
4. Communicate with You — Send essential service notifications and respond to support requests
5. Ensure Security — Protect against unauthorized access and maintain service integrity

Data Processing and AI Services

To provide transcription, AI, diagnostics, and support features, data may be processed by:

• Google Cloud (including Vertex AI / Gemini) — For speech-to-text transcription and AI processing
• OpenAI — For generating lesson summaries and powering the chat assistant
• Sentry — For crash and error monitoring
• Crisp — For in-app support chat

Sentry and Crisp are used for diagnostics and support workflows, not advertising profiles. We do not intentionally send your name to Sentry in routine error telemetry.

If you contact support through Crisp, support-message content and account contact details (such as email) may be available to support systems so we can respond to your request.

These providers process data under their terms and applicable data-processing commitments. We configure providers for service delivery and support and do not permit use of your lesson content for targeted advertising.

Data Storage and Security

Where Your Data is Stored

• Local Device Storage — Audio files and metadata are stored locally on your device first
• Cloud Servers (United States) — Account data, transcriptions, and summaries are backed up to secure cloud servers located in the United States
• Your Google Drive — If you enable Google Drive backup, copies are stored in your personal Google Drive account

Security Measures

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+)
• Encryption at rest for cloud-stored data
• Secure authentication via Apple Sign-In and Supabase Auth
• Regular security audits and updates
• Access controls limiting employee access to user data

Data Retention

• Active Accounts — Your data is retained as long as your account is active
• Deleted Content — When you delete recordings or other content, it is permanently removed from our servers within 30 days
• Account Deletion — Upon account deletion, all your data is permanently deleted within 30 days
• Backups — Encrypted backups may retain deleted data for up to 90 days for disaster recovery purposes

Your Rights and Choices

You have the right to:

Access Your Data

View all data associated with your account within the app.

Export Your Data

Download your recordings, transcriptions, and summaries at any time via the app or Google Drive backup.

Delete Your Data

• Delete individual recordings and their associated data
• Request complete account deletion by contacting us at hello@arco.app

Opt Out

• Disable cloud backup and use the app in local-only mode
• Disable Google Drive sync
• Disable AI chat features

How to Exercise Rights

• Email us at hello@arco.app from the email associated with your account
• We may request account-verification information before completing a request
• We respond within timelines required by applicable law

Children's Privacy

Arco is designed for music teachers and music students who are adults and young adults. The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@arco.app.

Third-Party Services

Our Service integrates with the following third-party services:

We carefully select partners who maintain high privacy and security standards.

International Data Transfers

Your data is processed and stored in the United States. If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to Know — Request details about data we collect and how it's used
• Right to Delete — Request deletion of your personal information
• Right to Correct — Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing — We do not sell personal information or share it for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information — You may request limits where this right applies
• Non-Discrimination — We will not discriminate against you for exercising your rights

European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights:

• Right of Access — Obtain a copy of your personal data
• Right to Rectification — Correct inaccurate personal data
• Right to Erasure — Request deletion of your personal data
• Right to Restrict Processing — Limit how we use your data
• Right to Data Portability — Receive your data in a portable format
• Right to Object — Object to certain processing of your data

To exercise these rights, contact us at hello@arco.app.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the app
• Sending an email notification for significant changes
• Updating the "Last Updated" date at the top of this policy

Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: