Privacy Policy
Your data is yours. We build around that principle. If you have questions, support@tryfermata.com.
Quick Navigation
The short version: We collect what we need to run your studio. We never sell your data. We never use your student information for anything other than delivering the service you signed up for.
1. What We Collect
When you use Fermata, we collect two categories of information:
Account Information
Information you provide when you sign up:
- Name and email address
- Studio name
- Instruments you teach
- Billing information (handled entirely by Stripe — we never see your card number)
Studio Data
Information you input about your business and students:
- Student names, contact information, and lesson schedules
- Parent/guardian contact information (for communication purposes)
- Lesson notes, progress records, and attendance history
- Billing records and invoice history
- Your teaching schedule and availability
You own your studio data. We process it solely to deliver the service.
Usage Information
When you use Fermata, we may automatically collect:
- Device type, browser, and operating system
- Pages visited and features used (for product improvement)
- Approximate location (country/region, not precise)
- IP address (hashed for privacy)
2. How We Use It
We use your information to:
- Deliver the scheduling, billing, and communication features you signed up for
- Send lesson reminders, parent messages, and billing notifications
- Generate smart progress notes (using OpenAI — your data is not used to train AI models)
- Send transactional emails (signup confirmation, password reset, trial warnings, billing receipts)
- Process payments via Stripe
- Detect and prevent fraud or abuse
- Improve the product based on aggregated usage patterns (never individual-level)
3. Who We Share It With
We do not sell, rent, or share your personal data or student data with advertisers or third parties for their own marketing purposes. Ever.
We share data only in these limited circumstances:
- Service providers: We use trusted third parties to run the service — Stripe (payments), OpenAI (AI note generation), and our hosting infrastructure. These providers are contractually bound to protect your data and only use it to deliver their services to us.
- Legal requirements: If required by law, court order, or valid government request, we may disclose data. Where permitted, we'll notify you.
- Business transfer: If Fermata is acquired or merged, data may transfer to the new owner under the same privacy protections.
- With your permission: If you explicitly ask us to share something, we'll do it.
4. Security
We use industry-standard security measures to protect your data:
- All data in transit and at rest is encrypted (TLS/SSL + database-level encryption)
- Passwords are hashed using bcrypt — we never store plaintext passwords
- Access to our infrastructure is restricted and audited
- We regularly update dependencies and monitor for vulnerabilities
No system is 100% secure. If you discover a vulnerability, please contact us immediately.
5. Your Rights (GDPR & CCPA)
Fermata respects your rights under applicable privacy laws, including GDPR (EU/UK) and CCPA (California).
You have the right to:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct any inaccurate data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Portability: Receive your data in a portable, machine-readable format
- Object: Object to certain processing activities
- Restrict: Request limited processing in certain circumstances
- Withdraw consent: Where we rely on consent, withdraw it at any time (this doesn't affect prior processing)
California residents (CCPA):
You have the right to know what data we collect, why we collect it, and with whom we share it. You can opt out of the "sale" of personal information — we don't sell your data, but you have the right to opt out if that ever changes. We don't discriminate against you for exercising any of these rights.
EU/EEA residents (GDPR):
The legal basis for our processing is typically contract performance (processing your data to deliver the service you signed up for) and legitimate interests (improving the product). You have the right to lodge a complaint with your local data protection authority if you believe we've violated your rights.
6. Data Retention
We keep your data as long as your account is active. If you cancel your subscription:
- We retain your data for 90 days in case you change your mind
- You can request export during this window
- After 90 days, data is permanently deleted from our systems (and from backups within 30 days of the backup cycle)
7. Third-Party Services
Fermata uses the following third-party services that handle data:
- Stripe — processes all payment card data. Stripe's own privacy policy applies to their handling of your card details.
- OpenAI — used for smart progress note generation. Your student data is processed by OpenAI but is not used to train their AI models. OpenAI's privacy policy applies.
- Render — our hosting provider. Data is stored on servers in the United States. Render's privacy policy applies.
8. Contact & Complaints
Questions about your data? Want to exercise your rights? Email us:
If you believe we have violated your privacy rights, you have the right to file a complaint with the relevant data protection authority in your jurisdiction.