Privacy Policy

Data Controller: Ilisiri is the data controller responsible for personal data collected through the Service.

Privacy Contact: For all privacy-related queries, requests, or concerns, please contact us at:

Email: Contact@ilisiri.com

We will endeavour to acknowledge your query and provide a substantive response within a reasonable timeframe.

We collect the following categories of personal data:

• Account data: Name, email address, and any other information you provide when creating or updating your account (e.g. occupation, profile preferences).
• Chat data: The content of messages you send to and receive from the ili AI assistant, including conversation history and session metadata (timestamps, message IDs).
• Uploaded files: Documents, sheet music, scores, audio recordings, images, or other files you upload to the Service. You are solely responsible for ensuring you have the right to upload any such content.
• Usage data: Information about how you interact with the Service, including features accessed, actions taken, token consumption, request frequency, and session duration.
• Technical & log data: IP address, browser type and version, device type, operating system, referring URLs, error logs, and authentication events. This data is collected automatically when you use the Service.

We do not collect payment card data directly — any payment processing is handled by third-party payment processors under their own privacy policies.

We use your personal data for the following purposes:

• Service delivery: To operate, maintain, and provide all features of the Service, including processing your chat messages and uploaded files through our AI pipeline.
• Authentication: To create and manage your account, verify your identity, and maintain session security.
• Usage limits & billing: To track token consumption, enforce daily budgets, rate limits, and concurrent-session caps, and to manage any subscription entitlements.
• Security & fraud prevention: To detect, investigate, and prevent unauthorised access, abuse, and other harmful or unlawful activity.
• Support & debugging: To diagnose technical issues, respond to support requests, and investigate errors.
• Communications: To send transactional notices (account changes, security alerts), product updates, and — with your consent — marketing communications and feedback requests. See Section 9 for full details.
• Legal compliance: To meet our obligations under applicable law, respond to lawful requests from authorities, and enforce our Terms of Service.
• Service improvement: To analyse aggregated, anonymised usage trends and improve the platform. We do not use your personal chat data or uploaded files to train AI models without your explicit consent.

We do not sell your personal data. We share data only with trusted third-party service providers who process it on our behalf, subject to contractual data protection obligations. Current service providers include:

• Amazon Web Services (AWS): Cloud infrastructure (compute, storage, networking) and the AWS Bedrock inference platform through which AI models are accessed. Data may be stored and processed in AWS regions.
• Anthropic: Provider of the Claude family of AI models, accessed via AWS Bedrock, for generating AI responses to your chat messages.
• Moonshot AI (Kimi): Provider of additional AI model capabilities, accessed via AWS Bedrock.
• Amazon Simple Email Service (SES): Used to deliver transactional and marketing email communications to the address associated with your account.

We may also disclose personal data: (a) to comply with applicable law, regulation, or valid legal process (such as a court order or subpoena); (b) to protect the rights, property, or safety of Ilisiri, our users, or the public; or (c) in connection with a merger, acquisition, or sale of assets, in which case we will notify you of any change in data controller.

Ilisiri operates globally and your personal data may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your home jurisdiction.

Where such transfers occur, we take steps to ensure that your data is afforded an appropriate level of protection through applicable transfer safeguards, including contractual protections with our service providers. By using the Service you acknowledge and consent to the transfer of your data as described in this Section.

We retain personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained until you close your account or submit a verified deletion request.
• Chat data & uploaded files: Retained for the duration of your account. Upon account closure or a deletion request, this data is deleted within a reasonable timeframe, subject to any legal retention obligations.
• Log & technical data: Retained for a limited period (typically 90 days) for security and debugging purposes, then deleted or anonymised.

We may retain certain data after account closure where required by law, to resolve disputes, enforce our agreements, prevent fraud, or protect the integrity of the Service. Due to the nature of distributed systems, complete deletion may take additional time to propagate across all backups and caches, but we will not actively use such residual data.

To request deletion of your data, contact us at Contact@ilisiri.com.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access: Request a copy of the personal data we hold about you.
• Export / Portability: Request your data in a structured, machine-readable format where technically feasible.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request erasure of your personal data, subject to legal retention obligations.
• Objection: Object to processing of your personal data carried out on the basis of legitimate interests.
• Withdraw consent: Where processing is based on consent (e.g. marketing emails), withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at Contact@ilisiri.com. We will respond within a reasonable period and may need to verify your identity before processing your request.

To provide AI-generated responses, the content of your chat messages and any files you upload are transmitted to third-party AI model providers (AWS Bedrock, Anthropic, and Moonshot/Kimi — see Section 4). These providers process your submitted content on our behalf and are bound by contractual data protection obligations.

You should not submit sensitive personal data through the Service. This includes, but is not limited to: government identification numbers, financial account details, health or medical information, biometric data, or any special categories of personal data as defined under applicable law.

You should also avoid uploading content that includes personally identifiable information belonging to third parties (such as your students) unless you have a lawful basis to do so and have ensured appropriate consents or authorisations are in place. See Section 10 for obligations relating to student data.

We do not use your personal chat data or uploaded files to train, fine-tune, or otherwise develop AI models without your explicit, affirmative consent.

Transactional communications: We will send you service-related notices (account confirmations, security alerts, billing updates, and material changes to these policies) as necessary to operate the Service. These cannot be opted out of while your account is active.

Marketing communications: With your consent, we may use your contact information to send product updates, feature announcements, educational resources, and promotional offers. You may opt out at any time by clicking the unsubscribe link in any marketing email or by emailing Contact@ilisiri.com. Opting out does not affect transactional communications.

Feedback: We may contact you to request voluntary feedback through surveys or interviews to improve the Service. Participation is entirely optional. Feedback you provide may be used by Ilisiri without restriction or compensation to develop and improve the platform.

The Service is intended for adult music teachers (18 years of age or older) and is not directed at minors. We do not knowingly collect personal data directly from individuals under the age of 18.

If you use the Service to upload, discuss, or process information relating to your students — including minors — you, as the teacher and data controller for that student data, are solely responsible for: (i) ensuring you have a valid lawful basis for processing that data; (ii) obtaining any required parental or guardian consent; and (iii) complying with all applicable laws governing the collection and use of children's personal data (including COPPA and applicable state laws where relevant).

Ilisiri acts only as a data processor with respect to student data you submit, and processes it solely on your instructions to provide the Service.

If you believe a child has submitted personal data to the Service directly, please contact us immediately at Contact@ilisiri.com and we will take appropriate steps to remove it.

We implement commercially reasonable technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• Password hashing: Account passwords are hashed using a strong, salted algorithm (Argon2) and are never stored in plaintext.
• Authentication: Access to the Service requires authenticated sessions managed via short-lived JWTs and refresh token rotation.
• TLS encryption: All data in transit between your browser and our servers is encrypted using TLS.
• Access controls: Access to production systems and personal data is restricted to personnel with a need-to-know basis, enforced through role-based access controls.

No security system is impenetrable. We cannot guarantee that unauthorised third parties will never be able to defeat our security measures. You are responsible for maintaining the secrecy of your account credentials and for using a strong, unique password.

The Service does not use cookies to store authentication tokens or session data. Instead, authentication tokens (access token and refresh token) are stored in your browser's local storage. This means they persist across browser tabs and sessions until you explicitly log out or clear your browser storage.

We may use limited first-party cookies or similar technologies for essential platform functionality (such as preserving UI preferences). We do not use third-party advertising cookies or tracking pixels.

You can clear local storage at any time through your browser's developer tools or settings. Doing so will log you out of the Service.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by email to the address associated with your account at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the date of the most recent revision.

Your continued use of the Service after the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should stop using the Service and may request deletion of your account.

While we take every reasonable precaution to protect the data you provide, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. We shall not be liable for any loss or damage sustained by reason of inadvertent disclosure of data if such disclosure: (a) was required for legitimate purposes described in this Policy; or (b) occurred through no fault, act, or omission on our part.

BY USING THE SERVICE, YOU EXPLICITLY ACCEPT, WITHOUT LIMITATION OR QUALIFICATION, THE COLLECTION, USE, AND TRANSFER OF YOUR DATA IN THE MANNER DESCRIBED IN THIS PRIVACY POLICY.