Privacy Policy

The Short Version

Musically Nowlin is built by two elementary music teachers for music teachers. Students never create accounts, we never collect student names or personal information, and we don't run ads or tracking. That's the whole philosophy.

Students: No Accounts, No PII

Students join games using a class code shared by their teacher. They never create an account, never enter a name or email, and never provide any personally identifiable information (PII). The class code system is intentionally designed so that no student identity is required at any point.

Teacher Accounts

Teachers who choose to create an account provide their email address, name, and a password. Passwords are hashed and managed by Supabase Auth — we never see or store plaintext passwords. This information is used solely to manage your classes and view session data.

Session Data and Student Identification

When students play games, we store the game played, the score, timing data, and the class ID. Each session is linked to a student slot — a number assigned by the teacher (e.g., “Slot 7”). By default, slots are anonymous numbers with no identifying information attached.

Teachers may optionally assign display names (first name and last initial) to slots so they can identify students in their dashboard. These names are entered by the teacher, not by students, and are visible only to the teacher. Students never enter their own names at any point.

No Ads, No Tracking

Musically Nowlin does not display advertisements. We do not use tracking pixels, third-party analytics, or any tools that profile users. This is an educational tool, not an ad platform.

Error Monitoring

We use Sentry for error monitoring so we can fix bugs quickly. Sentry captures crash reports and technical diagnostics only — error messages, stack traces, and browser/device type. Sentry does not receive any student data, game scores, class information, or personal information. Session replay is disabled. Default PII sending is disabled. See Sentry's privacy policy for details on their data practices.

Where Data Is Stored

All data is stored in Supabase, which runs on AWS infrastructure in the us-east-1 region (Northern Virginia). Data is encrypted at rest and in transit.

Data Retention

Game session data is retained for up to two school years while a teacher's account is active. After two years, session data is automatically purged. Teacher account information is retained as long as the account exists.

Data Deletion

Teachers can request deletion of their account and all associated data — including classes, session records, student display names, and account information — by emailing support@musicallynowlin.com. We will process deletion requests within 30 days.

COPPA Compliance

Musically Nowlin is designed to comply with the Children's Online Privacy Protection Act (COPPA). We do not collect personally identifiable information from children under 13 — or from any students at all. The class code system requires no student identity, no student account, and no parental consent because there is no personal information to consent to. Students play games; we store scores tied to anonymous slot numbers. That's it.

To the extent that teacher-entered display names (first name and last initial) constitute educational records, teachers act as authorized school officials consenting to the use of this platform for educational purposes on behalf of their students and students' parents, consistent with COPPA's school official exception. No student data is used for any commercial purpose — it exists solely to support classroom instruction and teacher reporting.

Changes to This Policy

This platform is in active early development. We may update this policy as features evolve. If something changes in a meaningful way, we'll update this page. We encourage you to review this policy periodically.