Privacy Policy

Effective Date: July 2, 2026

The short version: we collect the minimum we need to run a music-school management app. We do not sell your personal data, we do not share it with advertisers, and we do not use advertising trackers. Card numbers are handled by Stripe and never stored by us. Most student records belong to your school, and we act as its service provider. Questions? Email privacy@lessoncomplete.com.

1. Introduction and Who We Are

This Privacy Policy explains how Progress Complete LLC, a Texas limited liability company that operates the Lesson Complete product (“Lesson Complete,” “LC,” “we,” “us”), collects, uses, shares, and protects information when you use our music-school management product — the web application and the Lesson Complete mobile apps for iOS and Android (together, the “Service”).

Lesson Complete is a multi-tenant platform. Music schools and studios sign up, and their administrators, teachers, students, and families use the Service to schedule lessons, exchange messages and files, track practice and attendance, handle tuition and payroll, and get help from an in-app assistant. People also interact with us before they have an account — for example, by booking a trial, joining a waitlist, or sending an inquiry through a school’s public page.

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service. Where a school’s own written agreement with Lesson Complete (such as a data processing agreement) governs how we handle that school’s data, that agreement controls for those records.

2. Who Controls Your Data

Because Lesson Complete is used by many independent schools, who is “in charge” of a given piece of information depends on what it is:

  • The school is the controller of the records it creates and manages inside the Service — student profiles, lesson notes, practice and attendance, schedules, enrollment, messages, files, billing of families, and staff records. For this information, Lesson Complete acts as a processor (a service provider) that handles the data on the school’s instructions. Section 9 explains what this means for student records.
  • Lesson Complete is the controller of a narrower set of information that we need to run our business — for example, the account and contact details of the person who signs a school up, our own billing for the Lesson Complete subscription, support communications, security and audit logs, and aggregate usage analytics. We are also the controller for information that people submit directly to us before any school relationship exists (such as a trial booking or contact-form inquiry on a school’s public page), until that information becomes part of a school’s records.

If you are unsure who controls a particular record, contact your school first; you can also reach us at privacy@lessoncomplete.com and we will help route your request.

3. Information We Collect

We collect only what we need to provide the Service. The categories below describe what we collect and where it comes from.

Account and identity information

When you create an account, authentication is handled by our identity provider, Clerk. Clerk collects your email address, your name, and your password, and Clerk stores your login credentials. Lesson Complete stores your name, email address, and (if you provide them) a secondary email, phone number, profile photo, language, time zone, and settings such as whether two-factor authentication is enabled, so we can identify you inside the Service and route your messages and notifications. We never see or store your raw password.

School and student records (we act as a processor)

Schools, teachers, students, and families enter records into the Service, such as student names, nicknames, dates of birth and ages, instruments and skill level, lesson notes, practice and assignment logs, attendance, schedules, and enrollment details. Depending on how a school uses the Service, a student profile may also include a home address, an emergency contact name and phone number, and notes a school chooses to record such as allergies, medical notes, or special needs. For these records, the school is the controller and Lesson Complete is a processor acting on the school’s instructions. We do not use these records for our own purposes beyond operating, securing, supporting, and improving the Service.

Guardian and family information

For students who have parents or guardians on file, we store guardian names, relationship type, email addresses, and phone numbers, and the family groupings used to organize billing and communication.

Prospective students — trials, waitlists, and inquiries

A school’s public pages let people reach out before enrolling. When someone books a trial lesson, joins a waitlist, registers for a free event, or submits a contact form, we collect the details they provide — which can include a parent or guardian’s name, email, and phone number, a prospective student’s name and age, and any message they write. We use this information to pass the inquiry to the relevant school and to let the school follow up. If you submit this kind of information on behalf of a child, please provide only what the school asks for. You can ask us or the school to delete a prospective student inquiry at any time (see Sections 9 and 14).

Content you create

The Service lets you create and exchange content, including messages, announcements, uploaded files, scores and lesson materials, practice videos, voice notes, photos, and lesson and practice logs. We store this content so it is available to the people you share it with inside your school. Files such as scores, recordings, and lesson materials are stored with our storage provider and delivered through short-lived signed links (see Section 13).

Reviews and testimonials

If your school invites you to leave a review, the review text and rating you submit are stored and associated with the student’s enrollment. A school may choose to display selected reviews or testimonials — sometimes including a first name — on its public storefront page. If you would like a review or testimonial removed from public display, contact your school or email privacy@lessoncomplete.com.

Payment and billing information

Payments and tuition are processed by Stripe (including Stripe Connect for schools that collect money through the Service). Full card numbers and other sensitive payment details are collected and handled directly by Stripe and are not stored by Lesson Complete. We receive and store limited transaction information so we can show the correct billing state inside the Service — for example, that a payment succeeded, the amount and a reference, invoice and balance history, gift-card balances, and a saved card’s brand, last four digits, and expiration month and year (which Stripe sends us; we never receive the full card number). If a payer disputes a charge, Stripe also sends us limited chargeback information. For schools that get paid through the Service, Stripe Connect collects bank, identity, and tax details directly through Stripe’s own onboarding; we store only the connected account’s identifier and status (for example, whether payouts are enabled), not bank account numbers or government IDs.

Shop and orders

If your school runs an in-app store and you order a physical item, we collect the order details and the shipping information you provide — the recipient’s name, shipping address, postal code, country, and phone number — along with your order and purchase history. To calculate shipping rates and create a shipping label, we share the delivery address with our shipping provider, EasyPost. Card payment for orders is handled by Stripe, as described above.

Teacher and staff information

For schools that manage staff through the Service, we store work-related information about teachers and staff that the school enters, such as pay rates (including hourly, per-lesson, percentage, or salary models), payroll payments and the method used, bonuses and deductions, sales commissions, expenses, and — for schools that use the mileage feature — trip records that include the start and end addresses of a route, which may include a teacher’s home address. The school is the controller of this information, and we process it to provide the staff-management features the school uses.

In-app AI assistant

The Service includes “Beacon,” an in-app AI assistant. When you use it, we process the messages you send, and the assistant can retrieve information from your school to answer you. We store your conversations and a log of the actions the assistant takes. Section 5 explains how the assistant works and which providers are involved.

Device permissions (mobile apps)

The mobile apps may ask for device permissions. Each one is optional, is requested only when you use the related feature, and is used only for the purpose described. The iOS app may ask for:

  • Camera — to record practice videos, capture a profile photo, or scan a QR code to sign in.
  • Microphone — to record practice audio and voice notes, to dictate to the assistant, and for the built-in tuner (tuner audio is analyzed on your device and is not uploaded).
  • Photo Library — to attach images you select to messages and lesson logs.
  • Speech Recognition — to let you dictate to the in-app assistant instead of typing. Dictation is performed on your device where supported, and only the resulting text is sent.
  • Face ID — to unlock the app locally. Biometric matching is performed by iOS on your device; your biometric data never leaves your device and is never sent to Lesson Complete.
  • Calendar — to write your lessons to your device calendar when you ask us to (write-only; we do not read your calendar).
  • Location— for the optional teacher mileage feature, to estimate travel time and log mileage. The app may ask for “Always” location access so it can update an active route, but it has no background-location capability enabled and reads your location only while you have an active route open — never passively or in the background.
  • Push Notifications — to send lesson reminders, message alerts, and payment confirmations. To deliver these, we store a device push token.

The Android app asks for fewer permissions: Microphone — for the built-in tuner (tuner audio is analyzed on your device and is not uploaded); Notifications — for lesson reminders, message alerts, payment confirmations, and optional practice reminders you schedule on your device; and Location — for the optional teacher mileage feature, read only in the foreground while the active-route screen is open (the Android app has no background-location permission at all). Attaching a photo or capturing with the camera on Android uses the system photo picker and camera app, which do not require app-level permissions.

Cookies, technical, and usage data

Like most online services, we collect basic technical information needed to operate and secure the Service — for example, log data such as IP address, device and browser type, and timestamps; a small number of cookies needed to keep you signed in and remember your selected school; push and device tokens; and aggregate usage metrics. On the web we use Vercel Web Analytics, a privacy-friendly, cookieless tool that measures aggregate traffic and does not use cross-site advertising cookies. Section 7 describes our use of cookies in more detail.

Information we receive from others

We receive some information about you from third parties rather than directly from you: from Clerk when your account is created or updated; from Stripe about payments, saved-card details (brand, last four, expiry), and disputes; from a school’s administrators and teachers, who enter records about students and families; and, if you connect an optional integration such as a video-meeting account, basic account and meeting details from that provider. We combine this information with what you give us to operate the Service.

4. How We Use Information

We use the information we collect to:

  • Provide and operate the Service — authenticate you, schedule lessons, deliver messages and files, track practice and attendance, run the in-app assistant, and process tuition and payroll.
  • Send transactional communications such as lesson reminders, message alerts, invoices, and payment confirmations by email, SMS, or push notification.
  • Process payments and billing through Stripe, including invoicing, receipts, and (where a school enables them) scheduled charges and overdue reminders.
  • Maintain, secure, and improve the Service, including diagnosing problems, preventing abuse and fraud, rate-limiting, and understanding aggregate usage.
  • Provide customer support and respond to your requests.
  • Send service updates and, where permitted, school communications and marketing you can opt out of (see Section 14).
  • Comply with legal obligations and enforce our terms.

We do not use student records or the content you provide to train advertising models, to build advertising profiles, or for cross-context behavioral advertising, and we do not sell your personal data.

5. The Beacon AI Assistant

The Service includes an in-app AI assistant called Beacon that helps administrators, teachers, students, and families with tasks such as checking a schedule, reviewing practice, answering questions about the product, and (for staff) routine administrative actions. We want to be transparent about how it handles data.

  • What it can access. The assistant is limited to your own account and your school’s data, and what it can see and do is restricted by your role. When you ask it something, it may retrieve information from your school to answer — for example a student’s schedule, practice history, or billing status — and that retrieved information can include personal data.
  • Which providers are involved. Beacon is powered by an open-weight large-language model hosted by a third-party AI inference provider (currently DeepInfra), with real-time session transport provided by LiveKit. To generate a response, the text of your message, instructions for the assistant, and any information the assistant retrieves to answer you are sent to these providers, which process them on our behalf as our service providers. The same AI processing supports optional onboarding tools that help a new school import its roster and schedule from text or photos you paste or upload (a photographed roster is sent to our AI provider to be read), and the assistant’s knowledge search. Some of this processing may run on infrastructure we operate rather than on a third party, and we keep this section current as our providers change.
  • Voice. The current assistant is text-based. On iOS, if you dictate a message, speech-to-text is performed on your device where supported and only the resulting text is sent.
  • Conversation history. We store your conversations and an internal log of the actions the assistant takes, so you have continuity and so we can secure, support, and improve the feature. You or your administrator can delete a conversation, and we retain conversations only as long as needed for these purposes (see Section 12).
  • Children and safety. Students, including minors, may use the assistant. Students receive a learner-focused experience that is limited to age-appropriate, music- and school-related topics, and the assistant is instructed to refuse unsafe content. The age band used for these safeguards is determined from the student’s date of birth on file; if no date of birth is on file, the strictest (child) safeguards apply.
  • We do not let it advertise to you. We do not use the assistant or its conversations to advertise to you or to your children, and we do not sell assistant data.

We instruct our AI providers to process this information only to provide the assistant’s responses to you. As the Service evolves, we may change the models or providers that power the assistant; we will keep this section accurate and update the Effective Date when we do.

6. Automated Messages and Billing

Some features run automatically once a school turns them on, so we want to call them out:

  • Scheduled charges and reminders. If a school enables them, the Service can automatically charge a saved payment method when a charge is scheduled, send invoice and payment-due reminders, and (where the school opts in) add a late fee to an overdue invoice and notify the payer.
  • Attention nudges. If a school opts in, the Service can automatically send a reminder by SMS or email to a family — which may be a guardian of a minor — when it detects something that needs attention, such as a missed payment or a lapse in scheduling.
  • Flagging. The Service flags certain items for staff to review, such as low-rated reviews. This flagging is based on simple rules (for example, the star rating), not on profiling of free-text content.

These automated features are configured and controlled by your school, not by Lesson Complete, and a person at your school can review, change, or turn them off. They are not used to make decisions that produce legal or similarly significant effects about you without human involvement. To stop automated messages, use the opt-out options in Section 14 or contact your school.

7. Cookies and Similar Technologies

We use a small number of cookies and similar technologies, and none of them are advertising cookies.

  • Strictly necessary cookies. Our identity provider, Clerk, sets cookies that keep you signed in. We set functional cookies that remember which school and location you are working in and, for staff tools, support secure administrative functions. These are required for the Service to work.
  • Analytics. On the web we use Vercel Web Analytics, which measures aggregate traffic without using cookies and without tracking you across other websites.
  • In the mobile apps. The apps do not use advertising identifiers or third-party ad SDKs. They store sign-in credentials securely on your device — in the device keychain on iOS, and in app-private storage that is excluded from device backups on Android — and keep non-personal preferences (such as theme) on the device.

Because we do not sell or share personal information for cross-context behavioral advertising, there is nothing for a browser “Do Not Track” or Global Privacy Control (GPC) signal to opt out of, and we treat such a signal as consistent with how we already operate. You can control or clear cookies through your browser settings, though strictly necessary cookies are required to sign in.

8. Device Permissions and How to Revoke Them

Every device permission listed in Section 3 is optional and is requested only when you use the related feature. You can review or change these permissions at any time on your device.

On iOS, open the system Settings app, scroll to Lesson Complete, and toggle Camera, Microphone, Photos, Speech Recognition, Face ID, Calendar, Location, and Notifications on or off individually. You can also manage Location and Notifications under Settings → Privacy & Security → Location Services and Settings → Notifications.

On Android, open the system Settings app and go to Apps → Lesson Complete → Permissions to allow or deny Microphone, Notifications, and Location individually.

Turning off a permission disables only the feature that needs it; the rest of the app continues to work. Because Face ID is handled entirely by iOS, your biometric data is never accessible to Lesson Complete regardless of this setting.

9. Children’s Privacy, COPPA, and FERPA

Lesson Complete is designed for music schools and studios, and some students are minors, including children under 13. Student records — including names, ages, instruments, lesson notes, practice logs, and messages — are entered and controlled by the school, its teachers, and the students or their families. For these records, the school is the controller and Lesson Complete acts as a processor on the school’s behalf.

COPPA.The Service is intended to be set up and operated by schools and adults, not by children directly. We do not knowingly collect personal information from a child under 13 for our own purposes. Where a child interacts with the Service — for example, a young student logging practice or using the assistant — we do so to provide the school’s educational service at the school’s direction, and we rely on the school to obtain any parental consent required by law and its own policies. We do not use a child’s information to advertise to them, and we do not condition participation on disclosing more information than is reasonably necessary. We retain a child’s personal information only for as long as reasonably necessary to provide the school’s educational service (or as the school directs) — never indefinitely — as described in Section 12.

FERPA.To the extent a school is subject to the Family Educational Rights and Privacy Act, Lesson Complete acts as a “school official” with a legitimate educational interest: we perform an institutional service the school would otherwise perform itself, we are under the school’s direct control with respect to the use and maintenance of education records, and we do not redisclose or use education records for any purpose other than providing the Service. When our relationship with a school ends, we return or delete education records at the school’s direction. Parents, guardians, and eligible students may exercise their rights regarding student records through the school, which can access, correct, and delete those records.

If you are a parent or guardian and believe a child has provided us information outside of a school’s use of the Service, or you want student records, a trial or inquiry, or a publicly displayed review corrected or deleted, please contact your school first; you may also contact us at privacy@lessoncomplete.com and we will work with the school to address it.

10. How We Share Information and Our Sub-Processors

We do not sell your personal data, and we do not share it with advertisers or advertising networks. There are no third-party advertising SDKs in the Service. We share information only in the limited ways below.

Within your school

Content and records are visible to the people in your school who are authorized to see them — for example, a teacher and the students they teach, a student’s guardians, or a school administrator.

Service providers (sub-processors)

We rely on a set of vendors to run the Service. They process information only to perform services for us, under contracts that limit their use of the information, and they are not permitted to use it for their own marketing. Our current sub-processors are:

  • Clerk — authentication, login, and account identity. Privacy policy
  • Stripe / Stripe Connect — payment processing, tuition, and payouts. Privacy policy
  • Amazon Web Services (AWS) — our database and core hosting infrastructure in the United States. Privacy policy
  • Vercel — web application and API hosting, and cookieless aggregate analytics. Privacy policy
  • Cloudflare (R2 and Stream) — storage and delivery of files, scores, and lesson materials, and video hosting. Privacy policy
  • Twilio — SMS and text-message delivery. Privacy policy
  • Twilio SendGrid — transactional and school email delivery. Privacy policy
  • Apple Push Notification service — delivery of push notifications to iOS devices. Privacy policy
  • Google Firebase Cloud Messaging — delivery of push notifications to Android devices. Privacy policy
  • DeepInfra — hosted AI inference that powers the Beacon assistant, onboarding import tools, and knowledge search. Privacy policy
  • LiveKit — real-time session transport for the AI assistant. Privacy policy
  • Upstash — rate-limiting to protect the Service from abuse. Privacy policy
  • Axiom — application logging and monitoring (technical logs and identifiers). We instruct our engineers not to send card numbers, raw passwords, or message bodies to our logging provider, and full card numbers never reach Lesson Complete in the first place. Privacy policy
  • EasyPost — shipping rate quotes and label creation for store orders; receives the delivery address for orders that ship. Privacy policy
  • Optional integrations — if a teacher connects a video-meeting account (such as Zoom), we share the details needed to create meetings; and if a teacher uses the mileage feature, route addresses and device location are sent to the device platform’s mapping service — Apple Maps on iOS, Google’s geocoding service on Android — to calculate routes and travel time. These are used only when you choose to enable the feature.

Legal, safety, and business transfers

  • Legal and safety. We may disclose information if required by law, subpoena, or legal process, or to protect the rights, safety, and security of users, the public, or Lesson Complete.
  • Business transfers. If Lesson Complete is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this Privacy Policy.

We update this list as our providers change. We never grant advertisers access to your data, and we do not allow our service providers to use your data for their own marketing.

11. International Data Transfers

Lesson Complete is based in the United States, and the Service is operated and hosted in the United States. If you access the Service from outside the United States — including from the European Economic Area, the United Kingdom, or Switzerland — your information will be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those in your country. For transfers of personal data from the EEA, the UK, or Switzerland, we rely on appropriate safeguards — the European Commission’s Standard Contractual Clauses (with the UK Addendum where applicable) and, where a provider is certified, the EU-U.S., UK Extension to the EU-U.S., and Swiss-U.S. Data Privacy Framework. Where a school is the controller of the data, we act as its processor and as the data importer for these transfers.

12. Data Retention

We keep information for as long as it is needed to provide the Service and for legitimate, legally required purposes such as recordkeeping, resolving disputes, security, and enforcing our agreements. Because most student and school records are controlled by the school, those records are retained according to the school’s instructions and its agreement with us.

  • Account and school records are kept while the account is active and for a limited period afterward, then deleted or de-identified.
  • Children’s information that we process on a school’s behalf is retained only for as long as reasonably necessary to provide the school’s educational service, or as the school directs — never indefinitely — and is then deleted or de-identified.
  • Financial records such as invoices and transactions may be retained longer where required for tax, accounting, and audit purposes, even after an account is closed.
  • Assistant conversations are retained to give you history and to support and secure the feature; you or your administrator can delete them, and we retain them only as long as needed for these purposes.
  • Security and audit logs are retained for a limited period for security, troubleshooting, and compliance.
  • On-device caches in the mobile apps store recently viewed data so the apps work offline; they are limited in size and age, are removed when you sign out, and are excluded from device backups on both iOS and Android.

When you delete your account (see Section 14), we remove your login and archive or delete your records as described there. Some information may persist for a limited time in encrypted backups before it is overwritten on the normal backup cycle.

13. Security

We take reasonable technical and organizational measures to protect information, including:

  • Encryption in transit and at rest. Traffic is encrypted in transit, and our database (hosted on AWS RDS Postgres) is encrypted at rest.
  • Short-lived signed links. Files such as scores, recordings, and lesson materials are served through short-lived signed URLs, so access is time-limited rather than openly public.
  • Access controls and multi-tenant isolation. Access is gated by role, and the Service is designed so that one school’s data does not cross tenant lines into another school’s.
  • Secret management and abuse protection. Credentials and keys are managed through a secrets manager, and we rate-limit requests to protect the Service.

No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security, but we work continuously to protect your information and to keep the credentials handled by our identity provider safe.

14. Your Rights and Choices

Depending on where you live and your role in a school, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. You can review and update much of your account information directly inside the Service.

Communication choices. You can manage notification preferences in the Service, reply STOP to opt out of text messages, and use the unsubscribe option in marketing emails. You will still receive essential transactional messages (such as security or billing notices) you cannot opt out of while you have an account.

Deleting your account. You can delete your account at any time:

  • In the iOS app, go to Settings → Account & Security → Delete my account, which opens the web Account page to confirm.
  • On the web, use the Account page.

Deleting your account removes your login and archives your enrollments. Because schools control student and enrollment records, some records a school is responsible for may be retained or removed according to the school’s own instructions and obligations, and we may retain limited information where required by law (for example, financial records).

For student records and other information held under a school’s control, please direct access, correction, and deletion requests to your school, which can act on those records. To exercise any right, you may also contact us at privacy@lessoncomplete.com. We will verify your request (for example, by confirming control of the account email) and respond consistent with applicable law, generally within 45 days (extendable by an additional 45 days where reasonably necessary and permitted). You will not be discriminated against for exercising your rights, and you may use an authorized agent where the law permits.

15. U.S. State Privacy Rights (California and Others)

If you are a resident of California or another U.S. state with a comprehensive privacy law (such as Virginia, Colorado, Connecticut, Utah, Texas, and others), you may have rights to know what personal information we collect, to access and obtain a copy of it, to correct or delete it, and to opt out of certain processing. We honor these rights consistent with applicable law.

Over the past 12 months, we have collected the categories of personal information described in Section 3 — including identifiers (such as name, email, and phone), account and customer-records information, commercial and billing information, internet and device activity, approximate or precise location (only when you use the mileage feature), audio and visual content you choose to provide, and education-related information — from you, from your school, and from the service providers listed in Section 10. We use it for the purposes in Section 4.

No sale or sharing. We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under California law (the CCPA/CPRA). We have not done so in the past 12 months, including for consumers under 16. The sensitive personal information we may handle — precise geolocation only during an active mileage route, account log-in credentials, payment information (handled by Stripe), and any health-related notes a school chooses to record — is used only to provide the Service and not to infer characteristics about you. Because we do not use it for purposes that trigger the California “right to limit,” no “Limit the Use of My Sensitive Personal Information” link is required.

To exercise a state-law right, email privacy@lessoncomplete.com. Where the information is a student record or other data controlled by your school, we will refer or coordinate your request with the school as its service provider. If we deny your request, you may appeal by emailing privacy@lessoncomplete.com with “Appeal” in the subject line.

16. European and UK Rights (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR and equivalent laws to access, rectify, erase, restrict, and object to processing of your personal data, to data portability, and to withdraw consent at any time. Where a school is the controller of your data, you should exercise these rights with the school; we will assist the school as its processor.

Where Lesson Complete is the controller, we rely on the following legal bases: contract (to provide the Service you or your school request); legitimate interests (to secure, support, and improve the Service and prevent abuse); consent (for optional features and certain communications, which you can withdraw); and legal obligation (for example, tax and accounting recordkeeping).

You have the right to lodge a complaint with your local data protection authority. To make a request or ask about our processing, contact privacy@lessoncomplete.com.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the Effective Date at the top of this page. For material changes, we will provide additional notice where appropriate — for example, through an in-product notice or by email. Your continued use of the Service after an update takes effect means you accept the updated policy.

18. Contact

If you have questions about this Privacy Policy or about how your information is handled, or if you wish to exercise a privacy right, contact us:

privacy@lessoncomplete.com

Progress Complete LLC (operator of Lesson Complete)
1403 Essex Green, College Station, TX 77845, United States