Clefwise
ClefwiseBack to dashboard

Privacy Policy

Last updated: 9 April 2026

Terms of Service

Contents

  1. 1. What this policy covers
  2. 2. Information we collect
  3. 3. How we use your information
  4. 4. Third-party services
  5. 5. Children's data
  6. 6. Data security
  7. 7. Data retention
  8. 8. Your rights
  9. 9. Cross-border data
  10. 10. Changes to this policy
  11. 11. Contact us & complaints

1. What this policy covers

Clefwise is a web-based music teaching business management platform available at clefwise.app. This policy explains how Clefwise collects, uses, stores, and protects personal information.

Teachers who use Clefwise to manage their studios are independent businesses. They are responsible for their own privacy practices with their clients. Clefwise acts as a data processor on behalf of teachers for the student and parent data they enter into the platform.

This policy covers the data that Clefwise (the platform) processes. It does not cover how individual teachers handle personal information outside of the platform.

2. Information we collect

Account information

Name, email address, and password (hashed — never stored in plain text). For teachers: studio name and business details. Your role (teacher, parent, or student).

Student information (provided by teachers or parents)

First and last name, date of birth, instruments played, skill level, guardian details (name, email, phone, relationship), profile photo, and referral source.

Lesson & practice data

Lesson schedules, attendance, cancellations, lesson notes and feedback (written by teachers), practice logs (instrument, duration, date), and achievements.

Financial data

Invoice amounts, due dates, and payment status. Payment method type and transaction references. Stripe account identifiers for teachers receiving payments. Credit card numbers are handled directly by Stripe and never touch Clefwise servers.

Communication data

Messages between teachers and parents, and announcements sent by teachers.

Technical data

IP addresses (for rate limiting and security only), authentication session cookies, and Google Calendar OAuth tokens (encrypted, only if you opt in to calendar sync). Clefwise does not use third-party tracking cookies or analytics services.

3. How we use your information

  • Providing the service — displaying schedules, lesson notes, practice data, and invoices.
  • Transactional emails — invoice delivery, lesson reminders, event reminders, and announcements.
  • Payment processing — facilitating payments between parents and teachers via Stripe.
  • Calendar sync — syncing lessons with Google Calendar (only if you connect your account).
  • Security — rate limiting, fraud prevention, and session management.

We do not sell, rent, or share your personal information with advertisers or data brokers.

4. Third-party services

Clefwise uses the following third-party services to operate the platform:

ServicePurposeData shared
SupabaseDatabase, authentication, file storageAll account and service data (encrypted at rest)
StripePayment processingInvoice amounts, payer email, teacher account details
ResendEmail deliveryRecipient email addresses, email content
Google (optional)Calendar syncOAuth tokens (encrypted), lesson event details

5. Children's data

Clefwise may store personal information about minors (students under 18). This data is provided by teachers or parents, not collected directly from children.

Student accounts are created by parents through the parent portal. Parents have full visibility over their children's data through their portal.

We do not knowingly collect data from children without parental involvement. If you believe a child's data has been collected without appropriate consent, contact us at support@clefwise.app.

6. Data security

  • Row-level security ensures users can only access data within their own studio or family.
  • OAuth tokens are encrypted with AES-256-GCM.
  • Files are served via time-limited signed URLs from private storage buckets.
  • Rate limiting is applied to public-facing endpoints.
  • Security headers are configured (Content Security Policy, HSTS, X-Frame-Options).

7. Data retention

  • Messages: Hard-deleted after 2 years, or when both parties delete them.
  • Practice logs: Retained for 3 years, then deleted.
  • Activity feed: 6-month retention.
  • Account deletion: Teachers can delete their account and all associated studio data at any time via account settings. Parent and student data associated with that studio is also removed.

Some data may persist in encrypted backups for up to 30 days after deletion.

8. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access your personal information held by Clefwise.
  • Correct inaccurate or outdated information.
  • Request deletion of your account and associated data.
  • Withdraw consent for optional features (e.g. Google Calendar sync).

To exercise these rights, email support@clefwise.app. We will respond within 30 days.

9. Cross-border data

Clefwise uses cloud infrastructure providers (Supabase, Stripe) that may process data outside Australia. These providers maintain appropriate data protection safeguards. By using Clefwise, you consent to this transfer where necessary to provide the service.

10. Changes to this policy

We may update this policy from time to time. For material changes, we will notify you via email. The “Last updated” date at the top reflects the most recent revision. Continued use of Clefwise after notification constitutes acceptance.

11. Contact us & complaints

For privacy questions or to exercise your rights:

  • Email: support@clefwise.app
  • Entity: Jackson Connor Pawelski trading as Clefwise

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

Privacy PolicyTerms of Service

© 2026 Clefwise. Made with for music teachers.