Privacy Policy

Last updated: 26 May 2026

This Privacy Policy explains how Matthew Cawood ("we", "us", "our") collects, uses, and protects your personal information when you use The Practice Room at app.matthewcawood.com (the "App").

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all users of the App regardless of location.

1. Who We Are

The Practice Room is operated by Matthew Cawood, a sole trader. If you have any questions about this policy or your personal data, you can contact us at:

Email: matthew@matthewcawood.com
Website: matthewcawood.com

2. What Data We Collect

Account information

  • Email address and password (used for authentication)
  • Display name, profile photo, bio, instruments played
  • Optional: location (city/country), website URL, social media handles

Practice data

  • Practice sessions including date, duration, pieces practised, and notes
  • Practice goals and streaks
  • Results from practice tools (Passage Fixer game scores, Note Recognition scores)
  • Music collection status (pieces you are learning, have completed, or aspire to learn)
  • Music theory notebook entries and reading lists

Community activity

  • Posts, comments, reactions, and poll votes you submit
  • Practice logs you choose to share publicly
  • Chat messages (direct and group)
  • Video call participation via live clinics and one-to-one sessions

Event and booking data

  • Event RSVPs and clinic bookings (date, time, timezone)
  • Questions submitted during live events

Payment information

  • Subscription billing is handled by Stripe. We do not store your card details. Stripe's privacy policy is available at stripe.com/privacy.

Technical data

  • Browser type and device information (for compatibility purposes)
  • Session tokens stored in your browser's local storage
  • IP address (collected by our hosting provider, Netlify)

3. How We Use Your Data

  • To provide and maintain the App and its features
  • To manage your account and subscription
  • To display your practice history, progress, and community activity
  • To send transactional emails (event invitations, account notifications) via Resend
  • To facilitate live video calls and clinics via Daily.co
  • To improve the App based on how features are used
  • To comply with legal obligations

Our legal basis for processing your data is:

  • Contract performance — to provide the service you have signed up for
  • Legitimate interests — to operate, maintain, and improve the App
  • Legal obligation — where required by law

4. Third-Party Services

We use the following third-party services to operate the App:

  • Supabase — database, authentication, and file storage (privacy policy)
  • Stripe — payment processing (privacy policy)
  • Daily.co — video and audio calls for live clinics (privacy policy)
  • Resend — transactional email delivery (privacy policy)
  • Netlify — hosting and infrastructure (privacy policy)
  • Google Fonts — font delivery (no personal data collected)
  • OpenStreetMap Nominatim — optional location search for profile (no account required, no tracking)

5. Camera and Microphone

The App requests access to your camera and microphone only when you participate in live video calls or clinics. This access is optional and entirely user-initiated. Audio and video streams are processed by Daily.co and are not permanently stored by us.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data will be removed from our systems within 30 days, except where we are required to retain it for legal or financial reasons (such as billing records).

Community posts and practice logs you have shared may remain visible until explicitly deleted by you.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data ("right to be forgotten")
  • Restriction — ask us to limit how we use your data
  • Portability — request your data in a portable format
  • Object — object to processing based on legitimate interests

To exercise any of these rights, contact us at matthew@matthewcawood.com. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data. All data is transmitted over HTTPS. Authentication and storage are handled by Supabase, which uses industry-standard security practices including encryption at rest and in transit.

However, no method of transmission over the internet is 100% secure. If you believe your account has been compromised, please contact us immediately.

9. Children's Privacy

The Practice Room is intended for users aged 13 and over. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify users via the App where appropriate. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or requests, please contact:

Matthew Cawood
matthew@matthewcawood.com