Privacy Policy for Legato

Effective Date: 29/09/2025
Last Updated: 29/09/2025

Introduction

ProximityLabs ("we," "us," or "our") develops the Legato mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App on iOS and Android devices.

We are committed to protecting your privacy and ensuring you have a positive experience using Legato. This policy applies to all users of our App and complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

Information We Collect

Information Stored Locally on Your Device

The following data is stored exclusively on your device using our local Isar database and is NOT uploaded to our servers:

• Practice Session Data: Duration, goals, progress tracking, and completion status
• User Preferences: Instrument type, daily practice goals, onboarding preferences
• Audio Recordings: Practice session recordings in M4A format (44.1kHz)
• PDF Files: Sheet music files you import into the App
• User-Generated Content: Practice notes, annotations, and custom content
• Performance Statistics: Progress tracking and achievement data

Information Collected Through Third-Party Services

We use Firebase services (operated by Google) which automatically collect certain information:

Firebase Analytics

• Screen views and navigation patterns
• User interaction events
• App usage statistics
• Session duration and frequency
• Device information (model, OS version)
• General location (country/region level)
• Anonymous user identifiers

Firebase Crashlytics

• Crash reports and stack traces
• Device state at time of crash
• App version information
• Performance metrics
• Error logs

Firebase Cloud Functions

• Timer notification scheduling data
• Function execution logs

This information is processed according to Google's Privacy Policy.

How We Use Your Information

We use the information we collect to:

• Provide Core Functionality: Enable practice tracking, progress monitoring, and access to practice tools
• Improve App Performance: Identify and fix bugs, optimize features, and enhance user experience
• Deliver Notifications: Send timer reminders for practice sessions (processed through Firebase)
• Analytics: Understand how users interact with our App to improve features
• Customer Support: Respond to user inquiries and provide technical assistance
• Legal Compliance: Comply with applicable laws and enforce our Terms of Service

Device Permissions

Legato requests the following device permissions:

Microphone Access

• Purpose: Enable tuner functionality and voice recording features
• Usage: Audio is processed locally for real-time tuning feedback and saved recordings
• Control: You can revoke this permission in your device settings

Storage Access

• Purpose: Import and manage PDF sheet music files and audio recordings
• Usage: Read and write files to designated app storage areas
• Control: You can manage this permission in your device settings

Internet Access

• Purpose: Connect to Firebase services for analytics and crash reporting
• Usage: Limited to Firebase service communication only
• Note: Your personal practice data is NOT transmitted over the internet

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share information only in the following circumstances:

• Service Providers: Firebase/Google for analytics and crash reporting services
• Legal Requirements: If required by law, court order, or governmental authority
• Protection of Rights: To protect our rights, privacy, safety, or property
• Business Transfers: In connection with a merger, sale, or acquisition of our company
• With Your Consent: When you explicitly agree to sharing for a specific purpose

Data Security

We implement appropriate technical and organizational measures to protect your information:

• Local Storage: Your practice data remains on your device, reducing exposure to network vulnerabilities
• Encryption: We use industry-standard encryption for data transmission to Firebase services
• Access Controls: Limited internal access to Firebase analytics data
• Regular Updates: Security patches and updates to address potential vulnerabilities

While we strive to protect your information, no method of electronic storage or transmission is 100% secure.

Data Retention

Local Device Data

• Stored indefinitely until you delete the App or clear app data
• You maintain full control over this data through your device

Firebase Analytics Data

• Retained according to Google's data retention policies
• User-level data: 14 months
• Event-level data: 2 months
• Aggregated data: No expiration

Crash Reports

• Retained for 90 days in Firebase Crashlytics

Your Privacy Rights

Depending on your location, you may have the following rights:

GDPR Rights (European Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Restriction: Limit processing of your personal data
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Automated Decision-Making: Opt-out of automated decision-making

CCPA Rights (California Residents)

• Know: What personal information we collect, use, and share
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
• Non-Discrimination: Equal service regardless of exercising privacy rights

To exercise these rights, contact us at legal@proximitylabs.dev.

Children's Privacy (COPPA Compliance)

Legato is designed for musicians of all ages. For users under 13:

• We do not knowingly collect personal information from children under 13 without parental consent
• Parents/guardians may review and request deletion of their child's information
• We do not require children to provide personal information to use core app features
• Analytics data is collected in aggregate form only, without personally identifying children

If we discover we have collected personal information from a child under 13 without parental consent, we will delete it immediately. Parents who believe we have information about their child should contact us at legal@proximitylabs.dev.

Premium Subscription Features (LegatoPlus)

LegatoPlus enables seamless integration of tools within your practice sessions:

• In-practice metronome
• In-practice drones
• In-practice audio recording
• In-practice notes and annotations
• In-practice PDF sheet music access

Note: These tools (metronome, drones, recordings, PDFs) are available for free use outside of practice sessions. LegatoPlus provides the convenience of accessing them seamlessly during active practice without interruption.

Subscription processing is handled through the respective app stores (Apple App Store or Google Play Store), which have their own privacy policies governing payment processing.

International Data Transfers

Firebase services may process data outside your country of residence. Google implements appropriate safeguards for international data transfers, including:

• Standard Contractual Clauses
• Compliance with Privacy Shield frameworks (where applicable)
• Adequate security measures

Updates to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date
• Sending an in-app notification for significant changes

Continued use of the App after changes constitutes acceptance of the updated policy.

Contact Information

For questions, concerns, or to exercise your privacy rights, contact us at:

ProximityLabs
Email: legal@proximitylabs.dev
Privacy Inquiries: legal@proximitylabs.dev

For GDPR concerns, EU residents may also contact their local Data Protection Authority.

Additional Information for Specific Jurisdictions

California Residents

Under California Civil Code Section 1798.83, California residents may request information about disclosure of personal information to third parties for marketing purposes. We do not share personal information for marketing purposes.

European Economic Area

Our legal bases for processing under GDPR:

• Consent: For optional features like analytics
• Contract: To provide App services you requested
• Legitimate Interests: For improving our App and ensuring security
• Legal Obligation: When required by law

Nevada Residents

Nevada residents may opt-out of the sale of personal information. We do not sell personal information, but you may register your preference by emailing legal@proximitylabs.dev.

---

By using Legato, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.