Account Security¶
Access: Settings → Security
Password Management:
Change Password: 1. Enter current password 2. Enter new password 3. Confirm new password 4. Save 5. Logged out of all sessions 6. Email confirmation sent
Password Requirements: - Minimum 8 characters - At least one number - At least one special character - At least one uppercase letter - Cannot match email - Cannot be common password
Two-Factor Authentication (2FA):
Enable 2FA: 1. Go to Security → Two-Factor Auth 2. Choose method: - Email-based (free) - SMS-based (Premium) - Authenticator app (Premium) 3. Verify with one-time code 4. Generate backup codes (save these!) 5. 2FA enabled
Using 2FA: 1. Login with email/password 2. Receive 2FA code 3. Enter code 4. Access granted
Backup Codes: - 10 single-use codes - Use if can't access 2FA method - Download and store securely - Regenerate if running low
Active Sessions:
View All Sessions: - Current device - Other logged-in devices - Location - Browser/device type - Last active time
Manage Sessions: - View all active sessions - Log out specific session - Log out all other sessions - Revoke all sessions (emergency)
Login Alerts: - Email on new device login - Alert on suspicious login - IP address tracking - Location changes
Account Recovery:
Recovery Email: - Add backup email - Used for password reset - Verify backup email
Security Questions: (optional) - Set 3 security questions - Used if email compromised
Trusted Devices: - Mark device as trusted - Skip 2FA on trusted devices - Remove trusted status anytime
9.3 Privacy Settings¶
Access: Settings → Privacy
Data Collection:
What We Collect: - Account information - Practice session data - Usage analytics - Device information - Communication content - Payment information - Cookies
How We Use It: - Provide service - Improve features - Personalize experience - Send notifications - Process payments - Analytics and reporting - Comply with legal requirements
Third-Party Sharing:
We share data with: - Payment processors (Stripe, PayPal, Safaricom) - Email service (for notifications) - Analytics tools (anonymized) - Cloud storage (encrypted)
We never sell your data.
Privacy Controls:
Profile Privacy: - Who can find you in search? - Everyone - Only organization members - Only people I invite - Nobody (unlisted)
Practice Data: - Who can see your practice stats? - Public - Teachers only - Private - Show on leaderboards? - Share achievements publicly?
Activity Visibility: - Show online status? - Show last active time? - Show currently practicing piece? - Show practice streak?
Communication Privacy: - Who can message you? - Anyone - Teachers/students only - Organization members only - Nobody (disable messaging) - Who can see you're typing? - Show read receipts?
Search & Discovery: - Appear in search results? - Show recommended teachers? - Allow teacher requests? - Allow student requests?
9.4 Data Rights (GDPR)¶
Your Rights:
Right to Access: - View all data we have about you - See how data is used - Know who has access
Right to Portability: - Download your data - Receive in machine-readable format - Transfer to another service
Right to Rectification: - Correct inaccurate data - Update incomplete data - Edit any personal information
Right to Erasure ("Right to be Forgotten"): - Request account deletion - Permanent data removal - Some data retained for legal compliance
Right to Restrict Processing: - Limit how we use your data - Object to certain processing - Opt out of marketing
Data Export:
Request Data Export: 1. Settings → Privacy → Export Data 2. Confirm request 3. Processing begins (may take 24-48 hours) 4. Download link emailed 5. Download ZIP file
What's Included: - Profile information (JSON) - Practice history (CSV) - Recordings (MP3/MP4 files) - Uploaded pieces (MusicXML) - Messages (JSON) - Comments (JSON) - Achievements (JSON) - Subscription history (PDF)
Account Deletion:
Delete Your Account: 1. Settings → Privacy → Delete Account 2. Read deletion information 3. Confirm with password 4. Optional: Feedback 5. Final confirmation 6. Account marked for deletion
What Happens: - Immediate logout - Account deactivated - Personal data deleted within 30 days - Practice data anonymized - Financial records retained (legal requirement) - Confirmation email sent - Cannot be undone after 30 days
Data Retained: - Transaction records (7 years, legal requirement) - Anonymized analytics - Backup data (deleted after 90 days)
30-Day Grace Period: - Change your mind? - Login within 30 days - Click "Reactivate Account" - All data restored
Cookie Consent:
Cookie Settings: - Essential cookies (always on) - Analytics cookies (optional) - Marketing cookies (optional) - Preference cookies (optional)
Manage Cookies: 1. Settings → Privacy → Cookies 2. Toggle each category 3. Save preferences 4. Clear existing cookies
Cookie Types: - Session cookies - Authentication cookies - Preference cookies - Analytics cookies (Google Analytics) - Advertising cookies (if applicable)
9.5 Notification Preferences¶
Access: Settings → Notifications
Notification Channels:
In-App Notifications: - Bell icon badge count - Dropdown notification center - Real-time updates - Mark as read/unread - Delete notifications
Email Notifications: - Sent to registered email - HTML formatted - Unsubscribe link included - Frequency control: - Instant - Hourly digest - Daily digest - Weekly summary - Off
Push Notifications: (Mobile/PWA) - Browser push (desktop/mobile) - Requires permission - Lock screen notifications - Sound and vibration
SMS Notifications: (Premium only) - Critical alerts only - Payment failures - Security alerts - Verification codes - Charges may apply
Notification Types:
Configure each individually:
Practice & Progress: - ✅ Daily practice reminder - ✅ Practice streak milestone - ✅ Goal completed - ✅ Achievement unlocked - ⬜ Weekly practice summary
Assignments: - ✅ New assignment - ✅ Assignment due soon - ✅ Assignment graded - ⬜ Assignment overdue
Messages: - ✅ New message - ⬜ Message read receipt - ⬜ Typing indicator
Social: - ✅ New follower - ✅ Comment on your content - ⬜ Like on comment - ⬜ Mention in comment
Subscription: - ✅ Payment successful (email only) - ✅ Payment failed (email + SMS) - ✅ Subscription expiring (email + SMS)
Organization: - ✅ Invitation received - ✅ Added to class - ✅ Organization announcement
Marketing: - ⬜ Product updates - ⬜ Feature announcements - ⬜ Tips & tricks - ⬜ Special offers - ⬜ Newsletter
Quiet Hours: - Enable/disable - Start time (e.g., 10:00 PM) - End time (e.g., 7:00 AM) - Time zone - Except critical alerts
Do Not Disturb: - Temporary silence - Set duration (1 hour, 4 hours, until tomorrow) - Still receive, but muted - Emergency bypass available