MelodyMap home MelodyMap home MelodyMap
  • Directory
  • Resources
    • For Parents
    • For Students
    • For Adult Learners
    • All Articles
  • About Us
    • About MelodyMap
    • Educator Dashboard
  • Educators
Skip to main content

Privacy Policy

MelodyMap privacy policy. Learn how we collect, use, and protect your personal information when using our music educator directory.

Effective Date: February 18, 2026

Last Updated: June 18, 2026

MelodyMap (“we,” “us,” “our”) is operated by Second Difference Solutions LLC, a West Virginia limited liability company. We are the data controller for the personal information described in this Policy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the MelodyMap website at melodymap.io and related services (the “Service”).

MelodyMap is reachable from the European Union and the United Kingdom. We aim to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and similar U.S. state laws. Where these laws conflict, we apply the standard that is more protective of you.

Please read this Policy carefully. If you do not agree with it, please do not use the Service.

1. Information We Collect

1.1 Information from Students and Users

When you use MelodyMap as a student, parent, or visitor, we may collect:

  • Search queries and location data: When you search for music educators, we collect the location or address you enter and your search terms to return relevant results. If you choose to use the “Use my location” feature, your device’s GPS coordinates are sent to our server to find nearby music educators. We do not store your precise GPS coordinates beyond processing the search request; only the general search area is logged for analytics.
  • Pre-Enrollment Request information: If you submit a Pre-Enrollment Request, we collect the student’s name, contact email, contact phone number, the instruments and lesson type you are interested in, and any optional message you include. If the student is a minor, the parent or guardian submits the request on the student’s behalf, supplies the contact details, and confirms they consent to sharing the minor’s information with the selected Educator. This information is shared directly with the Educator you selected so they can contact you about lessons.
  • Anonymized usage data: We collect a small amount of usage data to keep the site fast, understand which educators are getting found, and improve search results. This data is anonymous in the sense that it does not identify you personally: we use a short-lived random session identifier that resets when you close the tab, the analytics layer does not store your IP address with your events or session record, and we do not persist any cross-session “returning visitor” identifier. We collect: pages visited, search-result clicks, the Educator you opened or pre-enrolled with, your approximate region, and device type (mobile / tablet / desktop).

1.2 Information from Educators

When you create an Educator account and profile, we collect:

  • Account information: Name, email address, and password (managed through Firebase Authentication).
  • Business profile information: Business name, address, phone number, website, lesson types, instruments taught, service descriptions, and any other information you provide in your Educator profile.
  • Imported business data: With your authorization, we import publicly available business data from Google Places, including ratings, reviews, hours of operation, and photos.
  • Payment information: If you enroll in the Referral Program or subscribe to a paid tier, your payment card details are collected and processed by Stripe. MelodyMap does not store your full card number — only the last four digits and card type are retained for display purposes in your dashboard.
  • Referral Program data: Enrollment status, card on file identifier, terms acceptance, and referral transaction history.

1.3 Information Collected Automatically

For all visitors, we automatically collect:

  • Log data: Browser type, operating system, and general access patterns. Server logs may briefly contain a full IP address before the analytics layer truncates it; raw server logs are retained for no more than 30 days for security and abuse prevention.
  • Anonymized analytics: Page views, search events, and search-result clicks are batched and sent to our own analytics endpoint. See Section 1.1 (“Anonymized usage data”) for what is and is not collected. We do not currently use Google Analytics. If we add it back or add Google Ads conversion tracking, we will ask for your consent first via an on-screen banner before any third-party tracking script loads.
  • Storage we use: A small set of items in your browser’s storage that keep the Service working: a Firebase Authentication session token (if you are signed in), a per-tab session identifier for analytics, and your UI preferences. We do not set any third-party tracking cookies. See Section 6 for more details.

2. How We Use Your Information

2.1 Student and User Data

We use student and user information to:

  • Provide search results for music educators based on your location query
  • Deliver your Pre-Enrollment Request to the selected Educator
  • Analyze search and usage patterns to improve the platform (using anonymized, aggregated data)
  • Communicate with you regarding a Pre-Enrollment Request you submitted, if necessary

2.2 Educator Data

We use Educator information to:

  • Display your business in the MelodyMap directory: Your profile information (business name, location, services, imported Google Places data) is displayed publicly in search results and on your directory listing to help students find music educators.
  • Advertising and promotion: We use your business information to create and display directory listings, landing pages, and promotional content — including in search results, location-based pages, email campaigns, and social media — to attract students to the MelodyMap platform. Your profile information is the basis for this advertising content.
  • Process referral fees and subscriptions: We use your payment information (via Stripe) to charge referral fees when Pre-Enrollment Requests are received and to process subscription payments.
  • Communicate with you: We send notifications related to your account, Pre-Enrollment Requests, billing, and platform updates.
  • Improve the platform: We analyze aggregated Educator data to improve search relevance, directory quality, and overall user experience.

2.3 Analytics and Platform Improvement

We log search events and click events to understand how the platform is used and to improve search result quality. Analytics data is aggregated and not used to personally identify individual users.

3. How We Share Your Information

3.1 Pre-Enrollment Requests

When a Student submits a Pre-Enrollment Request, their contact information (name, email, phone number, message) is shared directly with the selected Educator. This is the core function of the platform.

3.2 Public Directory Listings

Educator profile information is displayed publicly in the MelodyMap directory. This includes business name, address, phone number, website, services, and any imported Google Places data (reviews, ratings, hours). By creating an Educator profile, you consent to this public display.

3.3 Third-Party Service Providers

We share information with the following third-party services that help us operate the platform. These are our sub-processors for GDPR purposes:

Service Purpose Data Shared Location
Firebase (Google Cloud) Authentication, database, hosting Account data, profile data, anonymized analytics events United States
Google Places API Business data for directory listings Business search queries, place identifiers United States
Stripe Payment processing Payment card details, billing information, transaction data United States
Intuit (Mailchimp Transactional) Transactional email delivery Recipient email address, message content United States

These providers process data in accordance with their own privacy policies and the Data Processing Addendums (DPAs) they make available to us. Personal information transferred to these providers leaves the EU/UK; we rely on the Standard Contractual Clauses (or equivalent UK addendum) that Google, Stripe, and Intuit publish, plus their other transfer safeguards, to provide an appropriate level of protection.

If we ever add Google Analytics, Google Ads, or another third-party tracking script, we will show a consent banner so you can accept or reject it before the script loads.

3.4 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of MelodyMap, our users, or the public.

3.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction. We will notify affected users of any change in ownership or use of personal information.

4. Data Retention

4.1 Student / Visitor Data

  • Anonymized analytics events: Retained for up to 24 months, then deleted. Aggregated reports derived from these events may be retained longer because they do not identify you.
  • Raw server logs (including full IP): Retained for no more than 30 days for security, abuse prevention, and debugging.
  • Rate-limit records: To prevent abuse of public endpoints (search, place-details), we briefly store a caller’s IP address in a separate rate-limit collection keyed by IP + endpoint + time-window. These records auto-delete within 2 days and are never linked to analytics events or visitor sessions; they are used only to throttle excessive requests.
  • Pre-Enrollment Requests: Contact information submitted via Pre-Enrollment Requests is shared with the Educator and retained for up to 24 months so we can investigate disputes about referral charges or delivery. You can ask us to delete this record at any time after the Educator has contacted you; see Section 7.

4.2 Educator Data

  • Profile information: Retained for as long as your Educator account is active. If you delete your account or request removal, we will delete your profile data within a reasonable timeframe, except as required for legal or billing record-keeping.
  • Payment records: Transaction records are retained as required by applicable tax and financial regulations.
  • Imported Google Places data: Cached data is refreshed periodically (typically every 14–30 days) and is removed when your profile is deleted.

4.3 Analytics Data

Aggregated, anonymized analytics data may be retained indefinitely and does not constitute personal information.

5. Data Security

We implement reasonable technical and organizational measures to protect your information, including:

  • HTTPS encryption for all data in transit
  • Firebase Authentication for secure account access
  • Stripe PCI-compliant payment processing (MelodyMap never stores full card numbers)
  • Firestore security rules restricting data access to authorized users
  • Security headers (HSTS, X-Frame-Options, X-Content-Type-Options) on all pages

No system is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Cookies and Tracking

6.1 What We Store on Your Device

We store as little as possible. Under EU/UK ePrivacy law, the items below labeled “strictly necessary” do not require consent because they exist solely to deliver the Service you asked for; the rest are anonymous.

Item Type Purpose Duration
Firebase Auth token Cookie / localStorage Keep you logged in to your Educator account Session, plus a refresh token managed by Firebase
Per-tab session id sessionStorage Anonymous analytics correlation; cleared when the tab closes Tab lifetime
Display preferences localStorage Remember UI choices (e.g. dark mode) Until you clear them

The first two are strictly necessary. The third is for your convenience. We do not currently store a consent decision because we do not load any non-essential third-party tracker; if that changes, a consent record will be added to this table.

6.2 Third-Party Tracking

We do not currently use Google Analytics, Google Ads, or any other third-party tracking script that drops cookies. If we add one in the future, you will see a consent banner asking you to accept or reject it; if you reject, the script will not load.

6.3 Browser Controls

You can clear cookies and local storage at any time through your browser settings. Disabling them may sign you out of your Educator account and reset your preferences.

7. Your Rights

7.1 Rights Available to Everyone

Regardless of where you live, you can contact us at info@melodymap.io to:

  • Access a copy of the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your personal information, subject to legal retention requirements
  • Receive a portable copy of your data
  • Opt out of any non-essential tracking or marketing communications

We will respond within 30 days. If we need more time (e.g. to look up data across multiple systems), we will tell you and explain why.

7.2 Additional GDPR / UK GDPR Rights (EEA + UK Residents)

If you are in the European Economic Area or the United Kingdom, you also have the right to:

  • Restrict processing while a dispute about accuracy or lawful basis is resolved
  • Object to processing we carry out on the basis of legitimate interests
  • Not be subject to solely automated decisions that produce legal or similarly significant effects on you (we do not currently make such decisions)
  • Withdraw consent at any time, for any processing we carry out on the basis of consent. Withdrawal does not affect the lawfulness of processing that happened before you withdrew
  • Lodge a complaint with your local Data Protection Authority. In Ireland, that is the Data Protection Commission; in the UK, it is the Information Commissioner’s Office (ICO)

7.3 Lawful Bases (GDPR / UK GDPR)

Under GDPR and UK GDPR, every processing activity needs a lawful basis. Ours are:

Processing activity Lawful basis
Operating your Educator account, billing, providing the Service Contract (Article 6(1)(b))
Pre-Enrollment Requests submitted by visitors Consent of the visitor (Article 6(1)(a)); for minors, consent of the parent or guardian under Article 8
Anonymized site analytics Legitimate interests (Article 6(1)(f)) — running and improving the directory; the data is anonymous so the impact on you is minimal
Fraud prevention, security, abuse monitoring (raw server logs) Legitimate interests (Article 6(1)(f))
Any future third-party tracking (e.g. Google Analytics, Google Ads) Consent (Article 6(1)(a)) — collected via the on-screen banner before the script loads
Responding to legal process or regulator requests Legal obligation (Article 6(1)(c))

7.4 Educator Account Deletion

Educators may request full account and profile deletion by contacting info@melodymap.io. Upon deletion:

  • Your profile will be removed from the public directory
  • Your account data will be deleted from Firebase Authentication
  • Payment records will be retained only as required by law
  • Cached Google Places data associated with your profile will be purged

8. Children’s Privacy

MelodyMap is intended for adults who are searching for music lessons, including parents and guardians searching on behalf of a minor child.

  • Educator account creation is restricted to users who are at least 18 years old.
  • Pre-Enrollment Requests on behalf of a minor must be submitted by the parent or guardian. The form asks whether the student is a minor; when “yes” is selected, the parent or guardian must provide their own name as the contact and confirm they consent to sharing the minor’s information with the selected Educator. This is the parental-consent mechanism required by GDPR Article 8 (for EU/UK residents) and the U.S. Children’s Online Privacy Protection Act (COPPA), for any child under 13.
  • We do not knowingly allow a minor under 13 to create their own account or submit a Pre-Enrollment Request on their own behalf. If we learn that we have collected information directly from a child under 13 without verifiable parental consent, we will delete it promptly.

If you believe a child has provided us with personal information, please contact info@melodymap.io.

9. Data Breach Notification

If we discover a personal-data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the appropriate Data Protection Authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33 (and the UK GDPR equivalent), and
  • Notify affected users by email without undue delay when the breach is likely to result in a high risk to your rights, with a clear description of what happened, what data was involved, and what steps to take.

We maintain an internal incident-response procedure to support this.

10. State-Specific Disclosures (U.S.)

10.1 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information. MelodyMap does not sell personal information and does not share it for cross-context behavioral advertising.

10.2 Virginia, Colorado, Connecticut, and Other State Privacy Laws

Residents of states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, and similar) may have additional rights similar to those described in Section 7. To exercise them, contact us at info@melodymap.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page. For Educators with active accounts, we will provide notice through the Educator Dashboard or via email. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

MelodyMap (Second Difference Solutions LLC)
174 Norwood Drive
Falling Waters, WV 25419
United States
Email: info@melodymap.io
Website: melodymap.io

Please use the email address above for GDPR / UK GDPR / CCPA rights requests so we can route them to the right person quickly.

© 2026 MelodyMap
A Second Difference Solutions, LLC company
info@melodymap.io

 

About | Terms | Privacy