Introduction
Arco, LLC ("Arco," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Arco mobile application and web service (collectively, the "Service").
By using Arco, you agree to the collection and use of information in accordance with this policy.
Our Core Privacy Principles
- We do not sell your data.
- We do not share your data with third parties for marketing or advertising purposes.
- We apply account-level isolation controls. These controls are designed to prevent one user from accessing another user's lesson data except when you intentionally share content through Arco's sharing features.
- You own your content. You can export or delete it at any time.
- We do not use your lesson content to train Arco's own AI models.
Information We Collect
Account Information
When you create an account, we collect:
- Email address (via Apple Sign-In or email authentication)
- Apple ID identifier (if using Apple Sign-In)
Content You Create
When you use the Service, we store:
- Audio recordings of your music lessons
- Transcriptions generated from your recordings
- AI-generated lesson summaries
- Notes, annotations, Space metadata, member details, and lesson organization details you add
- Chat conversations with our AI assistant
- Shared lessons and Space membership, invitation, delivery, and Connect Code metadata when you use Arco sharing features
Payment Information
When you subscribe to a paid plan or purchase credits:
- Payment processing is handled by Apple (App Store), RevenueCat, or Stripe depending on platform and billing flow
- We do not store your full credit card numbers or Apple payment credentials
- We receive transaction confirmations, subscription status, and limited billing metadata needed to manage access
Usage Data
We collect limited usage data to improve the Service:
- App crash reports and performance metrics
- Limited operational and feature-usage data
- Device type and operating system version
Data You Choose to Sync
If you enable optional features:
- Google Drive backup data (stored in your own Google Drive account)
Cookies, Local Storage, and Similar Technologies (Web)
When you use the web app, we use browser storage (including localStorage and sessionStorage) for essential functions such as session persistence, security flows, and user preferences.
We do not use third-party advertising cookies.
You can clear browser storage in your browser settings, but doing so may sign you out and reset some preferences.
How We Use Your Information
We use your information for the following purposes:
- Provide the Service — Process your recordings, generate transcriptions and summaries, and enable AI-powered lesson analysis
- Manage Your Account — Process subscriptions, track usage credits, and maintain your account
- Improve the Service — Analyze limited operational and usage patterns to enhance features and fix bugs
- Enable Sharing Features — Deliver lessons and shared content to the Space members or people you explicitly choose through Arco
- Communicate with You — Send essential service notifications and respond to support requests
- Ensure Security — Protect against unauthorized access and maintain service integrity
What We Do Not Do
- We do not sell your personal information.
- We do not share your personal information for third-party marketing or advertising.
- We do not use your lesson recordings, transcripts, summaries, or chat history to train Arco's own AI models.
- We do not intentionally permit third-party AI providers to use your lesson content for targeted advertising or general-purpose model training on our behalf.
Data Processing and AI Services
To provide transcription, AI, billing, diagnostics, and support features, data may be processed by:
- Google Cloud (including Vertex AI / Gemini) — For speech-to-text transcription and AI processing
- OpenAI — For generating lesson summaries and powering the chat assistant
- Sentry — For crash and error monitoring
- Crisp — For in-app support chat
- RevenueCat — For iOS subscription management and App Store purchase status processing
Sentry and Crisp are used for diagnostics and support workflows, not advertising profiles. We do not intentionally send your name to Sentry in routine error telemetry.
If you contact support through Crisp, support-message content and account contact details (such as email) may be available to support systems so we can respond to your request.
These providers process data under their terms and applicable data-processing commitments. We configure providers for service delivery and support and do not permit use of your lesson content for targeted advertising.
AI Models and Training
- Arco does not use your lesson recordings, transcripts, summaries, or chats to train Arco's own AI models.
- We use third-party AI providers to perform the transcription, summarization, retrieval, and chat tasks you request.
- We configure those providers for service delivery and do not instruct them to use your lesson content to train their general-purpose models.
- If you voluntarily send us lesson content, screenshots, transcripts, or chats in a support request or bug report, we may review that material to investigate the issue, respond to you, and improve the Service.
How We Share Information
We do not sell your personal information. We may disclose information in the following limited situations:
- Service Providers — We share information with vendors that help us operate the Service, such as cloud infrastructure, AI processing, support, crash reporting, payment processing, and authentication providers.
- Sharing Features You Use — If you choose to share lessons through Spaces, Connect Codes, or other user-directed sharing features, the content and metadata needed for that Space or share are made available to the users involved.
- Legal and Safety — We may disclose information to comply with law, legal process, or valid governmental requests, to enforce our Terms, or to protect the rights, safety, and security of Arco, our users, or others.
- Business Transfers — If Arco is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to applicable law.
- Aggregated or De-Identified Information — We may use or share information that cannot reasonably identify you for analytics, reliability, or product-improvement purposes.
Data Storage and Security
Where Your Data is Stored
- Local Device Storage — Audio files and metadata are stored locally on your device first
- Cloud Servers (United States) — Account data, transcriptions, and summaries are backed up to secure cloud servers located in the United States
- Your Google Drive — If you enable Google Drive backup, copies are stored in your personal Google Drive account
Security Measures
We implement industry-standard security measures including:
- Encryption in transit (TLS 1.2+)
- Encryption at rest for cloud-stored data
- Secure authentication via Apple Sign-In and Supabase Auth
- Regular security audits and updates
- Access controls limiting employee access to user data
Data Isolation
Arco is designed with account-level data isolation:
- Each user has their own authorization scope and data partitioning
- Users cannot access another user's recordings, transcriptions, or account data through normal app usage, except when content is intentionally shared through Arco
- AI chat histories are separated per account
- When Arco searches your lessons, it uses a vector store scoped to your account
- Shared lessons and Spaces are only accessible to the users involved in that share
Data Retention
- Active Accounts — Your data is retained as long as your account is active
- Deleted Content — When you delete recordings or other content, we begin removing it from active systems promptly; some derived files or encrypted backup copies may persist until scheduled cleanup or overwrite
- Account Deletion — When you delete your account, we lock the account immediately and begin deleting Arco-managed cloud data while remaining cleanup continues in the background
- Retained Records — Minimal billing, fraud-prevention, or dispute records may be retained where required by law or operational necessity
Your Rights and Choices
You have the right to:
Access Your Data
View all data associated with your account within the app.
Export Your Data
Download your recordings, transcriptions, and summaries at any time via the app or Google Drive backup.
Delete Your Data
- Delete individual recordings and their associated data
- Delete your account through Settings in the app or web experience
- Contact hello@arco.app if you need help completing a deletion request
Opt Out
- Choose not to enable optional Google Drive backup, or disconnect it later
- Choose not to use optional AI chat features
- Clear browser storage on the web to remove locally stored session data and preferences
How to Exercise Rights
- Email us at hello@arco.app from the email associated with your account
- We may request account-verification information before completing a request
- We respond within timelines required by applicable law
Children's Privacy
Arco is designed for music teachers and music students who are adults and young adults. The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@arco.app.
Third-Party Services
Our Service integrates with the following third-party services:
We carefully select partners who maintain high privacy and security standards.
International Data Transfers
Your data is processed and stored in the United States. If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where required.
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
- Right to Know — Request details about data we collect and how it's used
- Right to Delete — Request deletion of your personal information
- Right to Correct — Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing — We do not sell personal information or share it for cross-context behavioral advertising
- Right to Limit Use of Sensitive Personal Information — You may request limits where this right applies
- Non-Discrimination — We will not discriminate against you for exercising your rights
European Privacy Rights (GDPR)
If you are in the European Economic Area, you have additional rights:
- Right of Access — Obtain a copy of your personal data
- Right to Rectification — Correct inaccurate personal data
- Right to Erasure — Request deletion of your personal data
- Right to Restrict Processing — Limit how we use your data
- Right to Data Portability — Receive your data in a portable format
- Right to Object — Object to certain processing of your data
To exercise these rights, contact us at hello@arco.app.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy in the app
- Sending an email notification for significant changes
- Updating the "Last Updated" date at the top of this policy
Your continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Email: hello@arco.app
Company:
Arco, LLC
Massachusetts, United States
Summary
Your privacy matters to us. Your data belongs to you.