1. Introduction
guidio ("the Service") is dedicated to making the beautiful yet complex world of classical music accessible to everyone who wishes to explore it. This Privacy Policy explains what personal information we collect, how we use it, and how we protect it.
The Service complies with the GDPR (General Data Protection Regulation), Japan's Act on the Protection of Personal Information, and relevant US regulations.
2. Service Operator Information
Service Name: guidio
Website: https://classical.guidio.art
Contact: support@guidio.art
3. Information We Collect
3.1 Account Information
- Apple ID Authentication: Unique user ID provided through Apple Sign In
- Email Address: Provided by Apple Sign In (if user chooses to share)
- Authentication Tokens: Access tokens for session management
3.2 Music Library Data
- Search History: Classical music works searched by users
- Saved Pieces: Works added to user's library
- Tag Information: Custom tags assigned by users to pieces
3.3 Automatically Collected Information
- Device Information: iOS version, OS type, app version
- Usage Data: Anonymized app usage patterns, visual interaction flows (via Amplitude)
- Local Storage & Sessions: Secure tokens for session management and app settings
- API Request Logs: Anonymized server logs for performance monitoring and security
3.4 Apple Music Integration Data (Optional)
With your explicit permission, the Service accesses your recently played Apple Music tracks to provide personalized recommendations.
Important:
- This integration is entirely optional.
- You can enable or disable this integration at any time from the Profile menu within the app.
- Your Apple Music listening history is sent to our servers to generate personalized recommendations. We do not store this data on our servers.
- We do not share this data with any third party.
4. Purpose of Information Use
Collected information is used for the following purposes:
- Service Provision: User account management, music metadata delivery
- Personalization: Management of user's music library and tags
- Service Improvement: Improving AI-generated metadata accuracy, bug fixes
- Security: Preventing unauthorized access, maintaining authentication
- Legal Compliance: Responding to lawful information disclosure requests
- Apple Music-Based Recommendations (Optional): Generating personalized recommendations based on your Apple Music listening history
5. Information Sharing and Third-Party Disclosure
5.1 Third-Party Service Providers
The Service uses the following providers to deliver and improve our functionality:
- Supabase: Authentication and secure database management (USA)
- Apple Sign In: Secure authentication service (Apple Inc.)
- groq: AI-generated metadata creation (USA) - Uses specialized Zero Data Retention (ZDR) policy
- LangSmith: LLM monitoring and quality assurance (USA)
- Analytics (Amplitude, Vercel, GTM): Anonymous product usage and flow analysis. Landing page users are presented with a cookie consent banner and may choose to decline non-essential cookies.
- Apple Music (MusicKit): When you grant permission, the Service accesses your Apple Music listening history via Apple's MusicKit framework. The data is transmitted to our servers for recommendation generation only and is not stored. Apple's privacy policy governs Apple Music itself: https://www.apple.com/legal/privacy/
These service providers implement appropriate data protection measures, such as GDPR-compliant Standard Contractual Clauses (SCCs). Personally identifiable information is not transmitted to AI or analytics providers without explicit necessity and encryption.
5.2 Data Sources
The Service obtains metadata from the following public data sources:
- IMSLP (International Music Score Library Project)
- Wikidata
- guidio's original data collection
5.3 No Sale to Third Parties
The Service does not sell, rent, or share user personal information with third parties.
6. Data Storage and Protection
6.1 Storage Location
User data is stored on Supabase's cloud infrastructure (primarily in the USA).
6.2 Security Measures
- Encryption: Data in transit uses TLS/SSL encryption; stored data uses AES encryption
- Access Control: Authentication token-based access management
- Access Management: Access management based on principle of least privilege
6.3 Retention Period
- Account Information: Until account deletion
- Music Library Data: Until account deletion
- Log Data: Maximum 12 months
7. User Rights (GDPR Compliance)
Users residing in the EEA (European Economic Area), UK, Japan, and California have the following rights:
- Right of Access: Request disclosure of stored personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure (Right to be Forgotten): Request deletion of data
- Right to Data Portability: Receive data in a structured format
- Right to Restriction of Processing: Request limitation of data processing
- Right to Object: Object to data processing
To exercise these rights, please contact support@guidio.art.
8. Account Deletion
Users can delete their account at any time via "Settings" → "Delete Account" in the app. After deletion request:
- All personal data will be completely deleted within 30 days
- Data in backups will be deleted within 90 days
- Except for minimal data required to be retained by legal obligations (accounting records, fraud prevention, etc.), all data will be completely deleted
Apple Music Data: Since Apple Music listening history is not stored on our servers, no server-side deletion is needed. To stop the app from accessing Apple Music data, disable the integration via the Profile menu in the app, or revoke permission through iOS Settings.
9. Children's Privacy
The Service is not intended for children under 13 years old (under 15 in Japan). If we become aware that we have unintentionally collected information from children, we will promptly delete it.
10. International Data Transfers
Personal data transfers from Japan and the EEA to the USA are conducted based on the following safeguards:
- Standard Contractual Clauses (SCCs) under GDPR Article 46
- Appropriate technical and organizational security measures
11. Changes to Privacy Policy
If we change this policy, we will notify users via in-app notification or email. For significant changes, we will provide 30 days' advance notice.
12. Contact Us
For privacy-related questions, please contact:
Email: support@guidio.art
Website: https://classical.guidio.art
Legal Basis
GDPR Compliance
- Contract Performance (Article 6(1)(b)): Data processing necessary for service provision
- Legitimate Interest (Article 6(1)(f)): Service improvement, security maintenance
- Consent (Article 6(1)(a)): Use of optional features
Japan APPI Compliance
- Specification of purpose of use (Article 21)
- Restrictions on third-party provision (Article 27)
- Response to disclosure, correction, and deletion requests (Articles 33-39)
California Consumer Privacy Act (CCPA) Compliance
- Disclosure of categories of personal information collected
- Prohibition on sale of personal information
- Guarantee of right to deletion
Version: 1.0
Effective Date: February 17, 2026