Privacy Policy

Carnatic Compass is an online learning platform for Carnatic music, delivering the Carnatic Foundations Mastery program and related practice tools. The data controller for personal information processed through the Service is Carnatic Compass. You can reach us at hello@carnaticcompass.com.

We collect only what we need to provide and improve the Service:

• Account information — email address, display name, and (if you choose Google sign-in) basic profile info from your provider.
• Authentication data — secure password hashes and session tokens; we never store passwords in plain text.
• Practice activity — sessions completed, durations, BPM, tala/raga selections, streaks, and progress milestones, used to power your dashboard and learning tree.
• Content you submit — notes, preferences, and questions you send to the AI Assistant.
• Technical data — IP address, browser/device type, language, and timestamps, captured in standard server and security logs.
• Cookies and local storage — strictly necessary cookies for sign-in and session continuity, plus local storage for preferences (theme, language, tambura settings).

We do not record audio from your microphone, and we do not upload your voice. Pitch detection and tuning happen entirely in your browser.

• Provide, maintain, and improve the Service.
• Authenticate you and keep your account secure.
• Personalize your dashboard, progression tree, and recommendations.
• Respond to support requests and important service notices.
• Detect, prevent, and address abuse, fraud, and security incidents.
• Comply with legal obligations.

We do not sell your personal information, and we do not use your practice data to train third-party advertising profiles.

• Contract — to deliver the Service you've signed up for.
• Legitimate interests — to keep the Service safe, prevent abuse, and improve quality.
• Consent — for any optional features that require it (you can withdraw consent at any time).
• Legal obligation — where we must retain or disclose data by law.

We share data only with vetted service providers acting on our behalf:

• Cloud backend & database — for authentication, storage, and serverless functions.
• AI providers — when you use the AI Assistant, your prompt is sent to a model provider for inference and is not used to train their public models. Avoid sharing sensitive personal information in prompts.
• Email & analytics — only if and when enabled, and limited to operational use.

We do not share your data for advertising and we do not sell it.

Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses to protect your information.

We retain account and practice data while your account is active. If you delete your account, we delete or anonymize your personal information within 30 days, except where we must retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

Depending on where you live (EU/UK GDPR, California CCPA/CPRA, India DPDP Act and similar laws), you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Request deletion ("right to be forgotten").
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email hello@carnaticcompass.com. We aim to respond within 30 days.

The Service is intended for learners aged 13 and above. If you are between 13 and 18 (or the age of digital consent in your country), please use the Service with the involvement of a parent or guardian. We do not knowingly collect personal information from children under 13 (or under 16 in the EU). If you believe a child has provided personal information to us, contact us and we will promptly delete it.

We use industry-standard measures including encryption in transit (HTTPS/TLS), encryption at rest, row-level access policies on the database, hashed passwords, and least-privilege server-side keys. No system is perfectly secure; please use a strong, unique password and notify us immediately of any suspected unauthorized access.

We use only strictly necessary cookies for authentication and session continuity. We do not use third-party advertising or cross-site tracking cookies.

We may update this policy from time to time. Material changes will be highlighted on this page and, where appropriate, communicated by email. The "Effective date" at the top reflects the most recent revision.

Questions, requests, or concerns? Email hello@carnaticcompass.com.