Upbeat Privacy Policy

The privacy of our users is a priority. Upbeat will not sell, trade, or assign any customer information to third parties.

To manage user accounts and improve the product, Upbeat collects your email address and name. This is the only personal data Upbeat will ever collect about you. Payment information, such as credit card numbers, are handled by a bank-grade third-party service and never pass through our servers.

You may at any time request that we delete your user account, email address, and any recorded videos by emailing us at support@upbeatmusicapp.com.

Consent

Upon creating account, you must consent to Upbeat's Terms of Service and information collection as outlined in this Privacy Policy. If you are under the age of 13, you must have parental consent, and parents are required to affirm this consent by providing their name and contact information. If we are in any doubt over the validity of this permission, it may be confirmed by asking for a digital signature. Upbeat reserves the right to deactivate an account for any reason, including apparent invalid consent.

Protecting your Information

No data transmissions over the internet can be guaranteed to be 100% secure, and, therefore, Upbeat cannot completely ensure or warrant the security of any information you transmit to us.

As a third-party contractor to educational institutions, Upbeat has adopted and will continue to align its practices with the National Institutes of Standards and Technology’s Cybersecurity Framework ("NIST CSF"), as well as federal and state laws including laws referenced in this policy, and New York State Education Law § 2-d and its implementing regulations. Internal access to PII is strictly limited to those Upbeat employees or subcontractors who require it to provide the contracted services. We will:

  • maintain reasonable administrative, technical and physical safeguards to protect the security, confidentiality and integrity of PII,
  • use encryption technology to protect data while in motion or in our custody from unauthorized disclosure, using controls as specified by the Secretary of HHS in guidance issued under Public Law 111-5, § 13402(h)(2).

More specifically, we have taken the following measures to protect the data from loss, misuse or alteration of information under our control.

  • Data in transit: All browser/server communications utilize HTTPS/TLS 1.1 protocol currently. Browser/server communication protocols are reviewed and updated on a monthly basis.
  • Data at rest: Passwords are stored using a hashing algorigthm specifically designed for this purpose. Passwords are never stored or transmitted in an unencrypted format such that even Upbeat does not have the ability to un-encrypt them.
  • Production environment access is limited to two site owners.
  • Industry best practices are leveraged when coding the site and emphasis is placed on preventing attacks such as SQL injection.
  • If a data breach occurs that results in an unauthorized release of user data, Upbeat is responsible for notifying all users via email in a timely fashion.

Children’s Online Privacy Protection Act

Upbeat has implemented practices consistent with the guidelines provided by the Federal Trade Commission to date. Upbeat will never knowingly request, obtain, use or disclose personally identifiable information or private content from anyone under the age of 13 without parental consent, except to request parental consent. Information that has been provided to Upbeat by users who have not provided parental consent will be deleted in a timely fashion.

If you are a parent or legal guardian of a user under 13 you may, at any time, revoke your consent to allow your student to use Upbeat’ website, refuse to allow Upbeat to further use or collect your student’s personal information, or direct Upbeat to delete all identifiable information regarding your student that you have provided. To do so, please contact our Privacy Officer at support@upbeatmusicapp.com. For administrative officials of our School Customers, to the extent that Upbeat collects, uses, or discloses personal information from children under the age of 13, it is done in strict accordance with this Privacy Policy and for the sole purpose of providing services to the School Customer and student user.

The Family Educational Rights and Privacy Act

Upbeat helps our school district administrators be compliant with FERPA. Specifically:

  • Any sensitive online information is transmitted over secure channels
  • All student data is stored in ways such that it is not publicly accessible
  • Security audits are performed to ensure data integrity

Upbeat does not share information with any third parties that could be used to personally identify students.

Privacy Policy