Legal
Privacy Policy
Last updated: May 19, 2026. Plain language about what we collect, why, and how to get it deleted.
What we collect
We collect the following categories of data:
- Account data: email address, optional display name, date of birth (required for COPPA age verification)
- Practice profile: instrument, skill level, audition targets, excerpts practiced
- Judge submissions: audio recordings submitted for analysis, resulting score breakdowns, and written feedback reports
- Usage data: pages visited, features used, event timestamps, session duration
- Technical metadata: IP address, user agent, device type, browser version
- Payment data: billing email and last-4 card digits via Stripe. We do not store full card numbers.
Audio recordings
When you are signed in, your Judge Mode audio is kept for up to 90 days so you can listen back to your take and download it to study, then it is automatically deleted. Anonymous takes you submit on the free /try demo, without an account, are not stored at all. You can delete an individual take or your whole account at any time, and we complete deletion requests within 30 days.
What your audio touches during processing:
- For a Judge take, pitch and timing measurements are extracted (in your browser, and when our enhanced pitch model is enabled, by Replicate), then passed to Anthropic (Claude) to generate written feedback.
- If you use the Teacher voice feature, your spoken audio is sent to a speech-to-text provider (Deepgram or OpenAI) to transcribe it.
- These providers do not retain your audio beyond the time needed to process the request, and none of it is used to train third-party models.
If you are a California resident or located in the EU/EEA, audio processing constitutes a data transfer under CCPA and GDPR respectively. By submitting audio you consent to this processing as described. You may withdraw consent at any time by deleting your account.
How we use your data
We use your data to:
- Operate the service and generate feedback reports
- Send transactional emails: magic-link logins, receipts, billing notices, subscription renewal reminders
- Send product emails if you opted in (you can opt out at any time via the unsubscribe link or account settings)
- Debug errors and monitor service health (Sentry crash reports, PostHog usage analytics)
- Detect and prevent fraud, abuse, and acceptable-use violations
- Comply with legal obligations (tax records, COPPA compliance, law-enforcement requests with valid legal process)
We do not sell your data. We do not train third-party AI models on your recordings. We do not use your data for advertising targeting on other platforms.
Sub-processors
The following third parties process data on our behalf. Each is contractually bound to handle your data only as needed to deliver their specific service:
- SupabaseDatabase, authentication, and file storage. Hosted on AWS us-east-1.
- StripePayment processing and subscription billing. Handles all card data directly.
- AnthropicClaude language model for generating written audition feedback from extracted audio features.
- ReplicateHosts the enhanced pitch-analysis model. Receives the take audio when that model is enabled; not retained beyond processing.
- DeepgramSpeech-to-text and text-to-speech for the Teacher voice feature. Receives spoken audio to transcribe it, and the teacher's text to synthesize the spoken voice; not retained beyond processing.
- OpenAISpeech-to-text fallback for the Teacher voice feature. Receives spoken audio to transcribe it; not retained beyond processing.
- ResendTransactional email delivery (login links, receipts, billing notices, lifecycle emails).
- PostHogProduct analytics and session event tracking. Used to understand feature usage and conversion flows.
- SentryError monitoring and crash reporting. Captures stack traces and request context when the app errors.
- VercelHosting and edge network. All traffic routes through Vercel before reaching our application.
COPPA: children under 13
Orchestra Kingdom collects date of birth at account creation. For a child under 13, we require verifiable parental consent before we collect the child's audio or personal information or unlock the Judge, the Teacher, or audio analysis. A parent gives consent through a secure link we email them, or by starting a paid plan with a card. Until a parent consents, those features stay locked. See our COPPA notice for the full flow.
Users ages 13 to 17 may create accounts directly. We do not send marketing emails to minor accounts, and we do not pass minor accounts to third-party advertising networks.
Parents or guardians may request review, correction, or deletion of a minor's account data by emailing privacy@orchestrakingdom.com with subject "Minor account request." We respond within 7 days.
Your rights
You have the right to access, correct, export, or delete your account data. To exercise any right, email privacy@orchestrakingdom.com. We respond within 30 days.
California residents (CCPA): You have the right to know what personal information we collect, to delete it, to opt out of its sale (we do not sell personal data), and to non-discrimination for exercising these rights. To submit a CCPA request, email the address above with subject "CCPA request."
EU/EEA residents (GDPR): You have the right to access, rectify, erase, restrict, and port your personal data. You may object to processing and withdraw consent where processing is consent-based (for example, audio analysis). Our legal basis for processing audio is your explicit consent given at submission. You have the right to lodge a complaint with your local supervisory authority (for EU users, this is the data protection authority in your member state).
Data export: Email privacy@orchestrakingdom.com with subject "Data export request." We will deliver a machine-readable file (JSON) of your account, practice history, and feedback reports within 30 days.
Data retention
Retention periods by data category:
- Audio files (signed in): kept for up to 90 days so you can listen back and download your take, then automatically deleted
- Audio files (anonymous /try demo): not stored at all
- Feedback reports and practice logs: retained while your account is active, deleted within 30 days of account closure
- Account profile data: retained while active, deleted within 30 days of closure
- Billing records: retained for 7 years for tax and accounting compliance, then deleted
- Server logs: retained for 90 days for security monitoring, then deleted
Security
Data in transit is encrypted via TLS 1.2 or higher. Data at rest is encrypted by Supabase on AES-256. Production system access is role-restricted and logged. If we discover a material data breach affecting your personal information, we will notify affected users within 72 hours by email and describe the scope, what was exposed, and what we are doing about it. To report a security vulnerability, email security@orchestrakingdom.com.
Changes to this policy
If we materially change how we handle your data, we will email you at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance. If you disagree, you may close your account before the change takes effect.
Contact
Privacy questions: privacy@orchestrakingdom.com. For general legal matters: legal@orchestrakingdom.com. Orchestra Kingdom LLC, 2900 W Anderson Lane, Ste C 200 PMB 1115, Austin, TX 78757.
Privacy questions: privacy@orchestrakingdom.com. Also see our Terms of Service and Refund Policy.