Privacy Policy

Last updated: 6 March 2026

1. Overview

EnsembleOS Ltd (“we”, “us”, “our”) operates EnsembleOS, a web-based choir management platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

Account information

  • Name and email address (provided during registration)
  • Profile information (display name, voice section)
  • Authentication data (password hash, or OAuth provider identity)

Usage data

  • Practice session data (duration, pieces practised, timestamps)
  • Confidence self-assessments
  • Rehearsal attendance and RSVP responses
  • Chat messages and file attachments

Uploaded content

  • Audio files (recordings, stems)
  • PDF scores and MusicXML files
  • Images and documents shared in chat

Payment data

  • Billing information is processed directly by Stripe. We do not store credit card numbers. We receive and store your Stripe customer ID, subscription status, and billing history.

Technical data

  • IP address, browser type, and device information
  • Pages visited and features used
  • Error logs and performance metrics

3. How We Use Your Data

We use your data to:

  • Provide and maintain the Service
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, password resets)
  • Generate practice analytics and engagement reports
  • Moderate chat content for safety and policy compliance
  • Improve the Service based on usage patterns
  • Respond to support requests

We do not sell your personal data. We do not use your data for advertising. We do not share your data with data brokers.

4. Third-Party Services

We use the following third-party services to operate EnsembleOS:

  • Supabase — Database, authentication, and file storage. Data is stored on our self-hosted instance.
  • Stripe — Payment processing. Stripe's privacy policy applies to payment data.
  • Resend — Transactional email delivery.
  • AI Processing — Audio stem splitting uses machine learning models. Audio files are processed temporarily and not retained by the AI service after processing is complete.

5. Cookies

We use essential cookies required for the Service to function, including authentication tokens and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory reasons.

Uploaded audio files and scores are deleted when removed from the repertoire or when the choir is deleted.

7. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate data.
  • Erasure — Request deletion of your personal data.
  • Portability — Request your data in a machine-readable format.
  • Restriction — Request that we restrict processing of your data.
  • Objection — Object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@ensemble-os.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS)
  • Row-level security (RLS) in the database
  • Secure authentication with hashed passwords
  • Regular security reviews and updates

9. Children's Privacy

EnsembleOS is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. International Transfers

Your data is stored on our self-hosted infrastructure located in the European Economic Area. If data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The date at the top of this page indicates when the policy was last updated.

12. Contact

If you have questions about this Privacy Policy or our data practices, contact us at support@ensemble-os.com.