Privacy Policy for Coco

Last updated: January 7, 2025

This Privacy Policy explains how Marco Santonocito, an individual business owner based in Pordenone, Italy (“we”, “us”, or “Coco”), collects, uses, discloses, and protects personal data when you use the Coco mobile application and related services (the “Service”).

We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws worldwide.

1. Data Controller

The data controller responsible for your personal data is:

Marco Santonocito
Pordenone, Italy
Email: privacy@cocomusic.app

2. Who Can Use Coco

Coco is open to users of all ages.

If you are a minor, use of the Service requires parental or legal guardian consent. By creating an account and using Coco, you confirm that such consent has been obtained where required.

3. Personal Data We Collect

3.1 Data You Provide Directly

  • Email address (required)
  • Name (optional)
  • Age (optional)
  • Musical instruments played (optional)
  • Years of musical experience (optional)
  • Self-assessment regarding perfect pitch (optional)

3.2 Account, Usage, and Training Data

When you use Coco, we collect and store data related to your training activity, including:

  • Session history
  • Accuracy, response times, and hesitation metrics
  • Practice streaks
  • Course and level progress
  • Performance statistics and insights

This data is associated with your account and used to provide the core functionality of the Service.

3.3 Communications Data

We collect data related to communications you receive from us, including:

  • Push notifications
  • Transactional emails (e.g. account creation, password reset)
  • Product and marketing emails

4. How We Use Your Data

We use your personal data to:

  • Provide, operate, and maintain the Coco Service
  • Authenticate users and manage accounts
  • Deliver personalized training experiences and performance insights
  • Track progress and display statistics
  • Send transactional communications
  • Send product updates and marketing communications
  • Monitor app stability and diagnose crashes
  • Analyze usage to improve the Service
  • Comply with legal obligations

5. Legal Bases for Processing (GDPR)

  • Performance of a contract (Article 6(1)(b))
    To provide the Service you request by creating an account.
  • Legitimate interests (Article 6(1)(f))
    For analytics, crash reporting, service improvement, and communications, balanced against your rights and freedoms.
  • Legal obligations (Article 6(1)(c))
    Where required by applicable law.

6. Analytics, Crash Reporting, and Infrastructure

We use third-party service providers (“data processors”) to operate and improve Coco:

  • Vercel – backend hosting
  • Supabase – authentication and database services (EU region)
  • Sentry – crash reporting (EU)
  • Google Analytics – usage analytics
  • PostHog – product analytics (EU)

Analytics and crash reporting are currently always enabled and cannot be disabled via in-app settings. Access to the Service requires account registration.

7. Payments and Subscriptions

Payments and subscriptions are processed through:

  • Apple App Store
  • Google Play Store

Subscription management is handled by RevenueCat.

We do not collect or store payment card details or billing information. Payment data is processed directly by Apple, Google, and their respective payment systems.

8. Communications and Marketing

We may send you:

  • Transactional emails necessary for the Service
  • Push notifications related to your activity
  • Product and marketing emails

You can opt out of marketing communications at any time by:

9. Data Retention

We retain personal data for as long as your account remains active.

When you delete your account, your personal data is deleted or anonymized, unless retention is required by law.

10. Account Deletion

You can delete your account:

Account deletion results in the removal of associated personal data, subject to legal retention obligations.

11. International Data Transfers

Most of our service providers process data within the European Union.

In limited cases where data may be processed outside the EU, appropriate safeguards such as Standard Contractual Clauses (SCCs) are used to protect your data in accordance with GDPR.

12. Data Security

We implement industry-standard technical and organizational measures to protect personal data, including access controls and secure infrastructure.

However, no system is completely secure, and we cannot guarantee absolute security.

13. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent where applicable
  • Lodge a complaint with a data protection authority

To exercise your rights, contact privacy@cocomusic.app.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be communicated through the app or by other appropriate means.

15. Contact

If you have any questions or concerns about this Privacy Policy or your data, contact: privacy@cocomusic.app