Privacy Policy

Noteflight, LLC (“Noteflight”, “we”, “us”, “our”), a wholly-owned subsidiary of Hal Leonard, LLC, is committed to protecting the privacy of our Users' (“you”, “your”) personal information. This privacy policy applies with respect to the information that we collect from our web site, located at www.noteflight.com (“our Website”) and through the provision of our products and services (together with our Website, “our Services”). This privacy policy applies only to Basic and Premium accounts on noteflight.com and does not apply to information subject to Noteflight Learn Student Data Privacy Policy, available at https://www.noteflight.com/legal/education (the "Student Data Privacy Policy").


Defined terms used herein and not defined elsewhere have the meanings prescribed thereto in the Terms of Use posted separately on noteflight.com. This privacy policy is incorporated into and is part of the Noteflight Terms of Use applicable to your use of our Website and our Services.


To the extent that our Website and our Services are available to individuals located in the European Economic Area and the United Kingdom, this privacy policy sets out our practices and obligations under the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This privacy policy includes details of our practices and obligations under GDPR. 


If an organization with which you are associated (an “Organization”) signs up to use our Services, we may receive personally identifiable information about you in connection with our provision of our Services to your Organization. To the extent we process (as defined below) that personally identifiable information solely in order to provide our Services to your Organization, under the GDPR, to the extent applicable, we will act as a processor (as defined in the GDPR) on behalf of your Organization in respect of that personally identifiable information; this privacy policy will not apply to the processing of that personally identifiable information and your Organization will act as a controller (as defined in the GDPR) in respect of that personally identifiable information and is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law. To the extent we process your personally identifiable information for any other lawful business purpose of ours, under the GDPR, to the extent applicable, we will act as a controller of such personally identifiable information and this privacy policy will apply to the processing of such personally identifiable information. For clarification but not limitation, information we process for our lawful business or commercial purposes, such as for product development or sales and marketing, is not processed solely on behalf of your Organization.


1. General Information Collected. 

We collect non-personally identifiable information about you in a number of ways, including tracking your activities through your domain name, aggregate information on what pages consumers access or visit, computer settings or most-recently visited URL. This information cannot be used to identify you.  We may also collect browsing history, search history, information on your interaction with a website, application, or advertisement.


2. Personally Identifiable Information. 

Personally identifiable information is information that can be used to identify you, or contact you. We collect personally identifiable information about you when you voluntarily submit such information to us, by, for example, by signing up to use our Services, filling out a form requesting a quote or product trial, or filling out a survey or registration form. In relation to our Services, we collect personally identifiable information in relation to our public, non-educational services (known as Noteflight Basic and Noteflight Premium), and in relation to purchases made on Noteflight. The information we collect may include your name and contact information (such as address, email address, and phone), username, password, gender, birth date, optional musician indicators (student, teacher, composer, performer, level) , Internet Protocol address, records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, audio information, behavior patterns and inferences reflecting personal preferences and predispositions, and any other information uploaded onto, or made available within, our Services, such as musical scores or content within comments in the Public Areas (as defined below). 


For the purposes of the GDPR, personally identifiable information amounts to “personal data”, as defined and used in the GDPR. All references to personally identifiable information shall be deemed to include personal data as defined and used in the GDPR. 

 

3. Cookies. 

Noteflight makes use of cookies to: (a) store information so that you will not have to re-enter it during your visit or the next time you visit Noteflight; (b) monitor the effectiveness of our marketing campaigns; (c) monitor aggregate metrics such as total number of visitors, pages viewed, etc. 


When users use our Services, third parties (including without limitation third-party analytics service providers and commercial partners) may directly collect personally identifiable and non-personally identifiable information about our users’ online activities over time and across different websites. We also employ Google Analytics Demographics Interest Reporting to help us better understand our audience and our customers. The information inferred or collected by Google Analytics is limited to general information such as gender, age, language and interest categories. You are free to edit this information, or completely opt out of its collection, by visiting Google Ad Settings. This will not interfere with your use of our Website. For more information please see our Cookies Policy below.


4. Children. 

The public, non-educational versions of our Services (known as Noteflight Basic and Noteflight Premium) are not intended for use by children under 13, and we do not knowingly collect information from children under the age of 13. Children aged 13 or older should not submit any personally identifiable information without the permission of their parents or guardians. By using our Services, you are representing that you are at least 18, or that you are at least 13 years old and have your parents' permission to use our Services. 


This privacy policy does not apply to information subject to the Student Data Privacy Policy for Noteflight Learn. Noteflight Learn provides private sites that are suitable for children of any age and are fully COPPA and FERPA compliant. For more information on Learn, please visit https://www.noteflight.com/legal/education.  


5. Use of Information Collected. 


5.1. Use of General Information. 

We collect non-identifying, general, generic and aggregate information in order to better design our Website and our Services, and share the aggregate data with advertisers and other third parties. 


5.2. Use of Personally Identifiable Information. 

We use your personally identifiable information in the following ways: 

  • to provide you with our Services; 
  • to process any enquiry or expression of interest received from you;
  • to notify you about any changes to our Website or to our Services; 
  • to provide you with our monthly newsletters concerning our Services; 
  • to contact you regarding billing and account renewal; 
  • to improve and support our Website and our Services; 
  • to provide you with information about products and services which we think may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, we will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, you will be able to withdraw your consent by editing your Account Notification Preferences

We will only use your personally identifiable information to the extent that the law allows us to do so. Under the GDPR, we rely on the following lawful bases for processing your personally identifiable information: 

  • where you have given consent to the processing; which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
  • where it is necessary for the performance of the contract we have entered into, or are about to enter into, with you (whether in relation to the provision of our Services or otherwise); and/or 
  • where it is necessary for the purposes of our legitimate interests (or those of a third party) and your interests or fundamental rights and freedoms do not override those legitimate interests. 


6. Disclosure of Personally Identifiable Information.

You agree that we have the right to share your personally identifiable information with selected third parties including business partners, suppliers and sub-contractors in relation to the provision of our Website and our Services. 

  • We will disclose your personally identifiable information to third parties in the following circumstances: 
  • in the event that we buy or sell any business or assets or receive funding, in which case we may disclose your personally identifiable information to the prospective buyer or seller of such business or assets or investor providing such funding;
  • if Noteflight or substantially all of its assets are acquired by a third party, in which case personally identifiable information held by us will be one of the transferred assets;
  • we may employ independent contractors, vendors and suppliers (collectively, "Outside Contractors") to provide specific services and products related to our Website and our Services, such as hosting and maintaining our Website and/or our Services, providing credit card processing and fraud screening and developing applications for our Website and/or our Services. In the course of providing products or services to us, these Outside Contractors may have access to information collected through our Website and/or our Services, including your personally identifiable information. We use reasonable efforts to ensure that these Outside Contractors are capable of (1) protecting the privacy of your personally identifiable information consistent with this privacy policy, and (2) not using or disclosing your personally identifiable information for any purpose other than providing us with the products or services for which we contracted or as required by law; 
  • we may disclose information (including personally identifiable information) about you to our Corporate Affiliates. "Corporate Affiliate" means any person or entity which directly or indirectly controls, is controlled by or is under common control with Noteflight or its parent company Hal Leonard LLC, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this privacy policy;  or 
  • if we are under any duty to disclose or share your personally identifiable information in order to comply with any legal obligation, including to respond to any lawful request of public authorities or to meet national security or law enforcement requirements, or in order to enforce or apply our terms of use in relation to the Services and other agreements, or to protect the rights, property or safety of Noteflight, our customers, or others. This includes the sharing of information with other companies and organizations for the purposes of fraud protection and credit risk reduction. 

Personally identifiable information collected and used through our Website or in the provision of our Services will be stored, and (if applicable) transferred to us in the United States. To the extent that we process the personally identifiable information of individuals located in the European Economic Area or the United Kingdom, this privacy policy sets out our practices and obligations under the GDPR (to the extent applicable). By accepting this privacy policy you explicitly consent to us storing, and (if applicable) transferring, your personally identifiable information in and to the United States, such transfer being necessary for the purposes of your use of the Website and the Services. 


Our Services may feature various community areas and other public forums (the "Public Areas") where our Services users can share information or where members can post questions for others to answer or, in connection with Noteflight Music, where our Services users can buy or sell Scores (as defined in the Noteflight Music Purchasing and Selling terms available at https://www.noteflight.com/legal/music) from or to other Services users. These Public Areas are open to the public and should not be considered private. We cannot prevent such information from being used in a manner that may violate this privacy policy, the law, or your personal privacy. We are not responsible for the results of such postings or for the accuracy of any information contained in those postings.

Any information you share in a Public Area (including personally identifiable information) is by design open to the public and is not private. You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot regulate or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google, Yahoo, MSN, and Bing. If you mistakenly post personally identifiable information in a Public Area you can send us an e-mail to request that we remove it by contacting us at support@noteflight.com. You should understand that in some cases, we may not be able to remove your information.

Any information shared in the Public Areas (as defined above) of our Services is available to the public, including to all users. Such information is not protected or treated as confidential, can be used in any manner, and is not subject to this privacy policy. If you wish to keep any information private or proprietary, do not submit it to the Public Areas of our Services. NOTWITHSTANDING THE FOREGOING, WE HAVE NO RESPONSIBILITY OR LIABILITY IF A USER’S INFORMATION OR IDENTITY IS MISUSED OR STOLEN, OR IF A USER SUFFERS HARM AS A RESULT OF VOLUNTARY DISCLOSURES.


7. Storage of Personally Identifiable Information.

All personally identifiable information that you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personally identifiable information, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. 


8. Retention of Personally Identifiable Information. 

We will only retain your personally identifiable information for as long as necessary to fulfill the purposes for which we collected it. If you subscribe to our Services, we will retain your personally identifiable information for as long as your account with us remains live. Please note that your account remains live and we retain your personally identifiable information, even if you do not renew your paid subscription to our Services and your personally identifiable information is only deleted at your request. If you wish us to delete your personally identifiable information and/or any other information associated with your account when you stop using our Services, please use your delete account page


9. Your Rights. 

Under certain circumstances and in compliance with the GDPR, you have the right to: 

  • Request access to your personally identifiable information (commonly known as a ‘subject access request’). This enables you to receive a copy of the personally identifiable information we hold about you and to check that we are lawfully processing it. Request correction of the personally identifiable information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. 
  • Request erasure of your personally identifiable information. This enables you to ask us to delete or remove your personally identifiable information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personally identifiable information in certain circumstances. 
  • Object to processing of your personally identifiable information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. 
  • Request the restriction of processing of your personally identifiable information. This enables you to ask us to suspend the processing of personally identifiable about you, for example if you want us to establish its accuracy or the reason for processing it. 
  • Request the transfer of your personally identifiable information to another party. 

To the extent that this policy applies to individuals located in the European Economic Area or the United Kingdom, lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If you have any complaints about the way we handle your personally identifiable information please do contact us. Alternatively, you may lodge a complaint with the supervisory authority located in your country. 


If you want to review, verify, correct or request erasure of your personally identifiable information, object to the processing of your personally identifiable information, or request that we transfer a copy of your personally identifiable information to another party, please contact support@noteflight.com using the details provided below. 


10. Changes in Use of Information. 

From time to time, Noteflight may use user information for new, innovative and unanticipated purposes not previously disclosed or described in this privacy policy. Any changes to our privacy policy will be posted on our Website. If you are concerned about how we are using your information, please check our Website periodically. Your continued use of our Website and our Services following the posting of any modification or change will constitute your acceptance thereof. 


11. Other Web Sites; Links.

Noteflight provides links to other web sites. Noteflight is not responsible for the privacy practices or content on other web sites. We strongly suggest that you read a web site's privacy policy before submitting personal information or utilizing the resources of that site. 


12. Contacting the Website. 

If you have any questions about this privacy policy, or our use of your information in relation to our Website and/or our Services, please contact us.


13. Privacy Notice for California Residents.

This Section 13 shall apply only to the extent that we are regulated as a business (as defined in the California Consumer Privacy Act of 2018 (collectively with any regulations promulgated thereunder, the "CCPA")) under the CCPA. This Section 13 shall apply to you only if you are a California resident.


If an Organization with which you are associated purchases any of our Services, we may receive consumer information (as defined below) about you in connection with our provision of our Services to your Organization. To the extent we process such consumer information solely in order to provide our Services to your Organization, under the CCPA, to the extent applicable, we will act as a service provider (as defined in the CCPA) on behalf of your Organization in respect of that consumer information; this privacy policy will not apply to the processing of that consumer information and your Organization will act as a business (as defined in the CCPA) in respect of that consumer information. The business is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law. To the extent we process your consumer information for any other lawful business or commercial purpose of ours, under the CCPA, to the extent applicable, we will act as a business with respect to such consumer information and this privacy policy will apply to the processing of such consumer information. For clarification but not limitation, information we process for our lawful business or commercial purposes, such as for product development or sales and marketing, is not processed solely on behalf of your Organization.

As used in this Section 13, “sell” (including any grammatically inflected forms thereof) means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, consumer information (as defined below) to another business or a third party for monetary or other valuable consideration.

“Selling” does not include (i) disclosing consumer information to a third party at your direction, provided the third party does not sell the consumer information except in accordance with the “CCPA, (ii) where you intentionally interact with a third party through our Services, provided the third party does not also sell the consumer information, (iii) using or sharing your consumer information with a service provider as necessary to perform business purposes, provided that such service provider provides its services on Noteflight’s behalf and provided that the service provider does not further collect, sell or use the consumer information except as necessary to perform the business purpose, or (iv) transfers of your consumer information to a third party as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of Noteflight, provided that information is used or shared consistently with the CCPA.

Where noted in this privacy policy, until the applicable date specified in the CCPA, the CCPA exempts consumer information reflecting a written or verbal business-to-business communication ("B2B consumer information") from some its requirements, provided that such exemptions shall not apply from and after such date specified by the CCPA.


13.1. Consumer Information Collected: We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with particular California residents, devices or households ("consumer information"). Consumer information does not include deidentified or aggregated information, publicly available information from government records, or any other information that is excepted from the definition of "personal information" under the CCPA, or any information that is otherwise not regulated by the CCPA. In particular, we have collected the following categories of consumer information from California residents, households or devices within the last twelve (12) months:


A. Identifiers: Name, email address, billing address, phone, username, password, date of birth, Internet Protocol address, and any other such information uploaded onto, or made available within, our Services.

  • To provide you with our Services;
  • To process any enquiry or expression of interest received from you;
  • To notify you about any changes to our Website or to our Services;
  • To provide you with our monthly newsletters concerning our Services;
  • To contact you regarding billing and account renewal;
  • To improve and support our Website and our Services; and/or
  • To provide you with information about products and services which we think may interest you.

B. Personal information categories listed in the California Customer Records statute(Cal. Civ. Code § 1798.80(e)): Name, address, phone, and any other such information uploaded onto, or made available within, our Services.

  • To provide you with our Services;
  • To process any enquiry or expression of interest received from you;
  • To notify you about any changes to our Website or to our Services;
  • To provide you with our monthly newsletters concerning our Services;
  • To contact you regarding billing and account renewal;
  • To improve and support our Website and our Services; and/or
  • To provide you with information about products and services which we think may interest you.

C. Commercial information: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, and any other such information uploaded onto, or made available within, our Services.

  • To provide you with our Services;
  • To process any enquiry or expression of interest received from you;
  • To notify you about any changes to our Website or to our Services;
  • To provide you with our monthly newsletters concerning our Services;
  • To contact you regarding billing and account renewal;
  • To improve and support our Website and our Services; and/or
  • To provide you with information about products and services which we think may interest you.

D.  Internet or other similar network activity: Information obtained through tracking your activities through your domain name (but not your e-mail address), aggregate information on what pages you may access or visit, computer settings or most-recently visited URL, browsing history, search history, information on a consumer's interaction with a website, application, or advertisement, and any other such information uploaded onto, or made available within, our Services.

  • To provide you with our Services;
  • To process any enquiry or expression of interest received from you;
  • To notify you about any changes to our Website or to our Services;
  • To provide you with our monthly newsletters concerning our Services;
  • To contact you regarding billing and account renewal;
  • To improve and support our Website and our Services; and/or
  • To provide you with information about products and services which we think may interest you.

E. Sensory data: Audio information, and any other such information uploaded onto, or made available within, our Services.

  • To provide you with our Services.

F. Professional or employment-related information: Whether you are a student or a teacher (optionally), and any other such information uploaded onto, or made available within, our Services.

  • To provide you with our Services;
  • To process any enquiry or expression of interest received from you;
  • To notify you about any changes to our Website or to our Services;
  • To provide you with our monthly newsletters concerning our Services;
  • To contact you regarding billing and account renewal;
  • To improve and support our Website and our Services; and/or
  • To provide you with information about products and services which we think may interest you.

G.  Inferences drawn from other personal information: Behavior patterns and inferences reflecting personal preferences and predispositions.

  • To provide you with our Services;
  • To process any enquiry or expression of interest received from you;
  • To notify you about any changes to our Website or to our Services;
  • To provide you with our monthly newsletters concerning our Services;
  • To contact you regarding billing and account renewal;
  • To improve and support our Website and our Services; and/or
  • To provide you with information about products and services which we think may interest you.

13.2. Use of Consumer Information; Categories of Sources: We use consumer information for the business or commercial purposes described in Section 13.1 above and in the manner described in Sections 3, 5, 7 and 8 of this privacy policy with respect to personally identifiable information.


Regarding the categories of sources from which consumer information is collected, we collect consumer information that you submit to us. We also receive information that is otherwise collected when you use our website, including as described in Sections 1 and 3. Additionally, we work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers and search information providers) who may provide information to us regarding our services to you. Such information may include delivery tracking data, delivery confirmations, and transaction IDs, and whether your payment card is approved or declined.


13.3. Disclosures of Consumer Information for a Business or Commercial Purpose: Noteflight may disclose your consumer information described in the table above to a third party for a business or commercial purpose, as described in Section 6 of this privacy policy with respect to personally identifiable information. In the preceding twelve (12) months, Noteflight has disclosed the following categories of consumer information for a business or commercial purpose to the following categories of third parties:


     13.3.1. Identifiers have been disclosed to the following categories of third parties:


     (a) Outside Contractors; and

     (b) Corporate Affiliates.


     13.3.2.  Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) have been disclosed to the following categories of third parties:

    

     (a) Outside Contractors; and

     (b) Corporate Affiliates.


     13.3.3. Commercial information has been disclosed to the following categories of third parties:

  

     (a) Outside Contractors; and

     (b) Corporate Affiliates.


     13,3,4,  Internet or other similar network activity has been disclosed to the following categories of third parties:

  

     (a) Outside Contractors; and

     (b) Corporate Affiliates.


    13.3.5. Sensory data has been disclosed to the following categories of third parties:

  

     (a) Outside Contractors; and

     (b) Corporate Affiliates.


     13.3.6. Professional or employment-related information has been disclosed to the following categories of third parties:

  

     (a) Outside Contractors; and

     (b) Corporate Affiliates.


     13.3.7 Inferences drawn from other personal information has been disclosed to the following categories of third parties:


     (a) Outside Contractors; and

     (b) Corporate Affiliates.


Any information posted to the Public Areas in the preceding twelve (12) months has been publicly available as described in Section 6.


13.4. Sales of Consumer Information: In the preceding twelve (12) months, Noteflight has not sold, and Noteflight does not and will not sell, consumer information.


13.5. California Residents’ Rights and Choices: The CCPA provides California residents with specific rights regarding their consumer information. This Section 13.5 describes your CCPA rights (to the extent applicable to you) and explains how to exercise those rights.


13.5.1. Access to Specific Information and Data Portability Rights: You may have the right to request that Noteflight disclose certain information to you about our collection and use of your consumer information over the past 12 months. Once we receive and confirm your verifiable consumer request (in the manner described in Section 13.6 below), to the extent required by the CCPA, we will disclose to you:


      13.5.1.1. The categories of consumer information we collected about you.


      13.5.1.2. The categories of sources for the consumer information we collected about you.


      13.5.1.3. Our business or commercial purpose for collecting that consumer information.


      13.5.1.4. The categories of third parties with whom we share that consumer information.


      13.5.1.5. The specific pieces of consumer information we collected about you (also called a data portability request).


      13.5.1.6. If we disclosed your consumer information for a business or commercial purpose, a list disclosing disclosures for a business or commercial purpose, identifying the consumer information categories that each category of recipient obtained.

We will not provide the foregoing access and data portability rights for B2B consumer information prior to such date required by the CCPA.


 13.5.2. Deletion Request Rights: You have the right to request that Noteflight delete any of your consumer information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable request from you (if you are a California resident) in the manner described in Section 13.6 below (“verifiable consumer request”), we will delete (and direct our service providers to delete) your consumer information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:


       13.5.2.1. Complete the transaction for which we collected the consumer information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.


      13.5.2.2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.


      13.5.2.3. Debug products or services to identify and repair errors that impair existing intended functionality.


      13.5.2.4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.


      13.5.2.5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).


      13.5.2.6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.


      13.5.2.7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.


      13.5.2.8. Comply with a legal obligation.


      13.5.2.9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.


We will not provide the foregoing deletion rights for B2B consumer information prior to such date required by the CCPA.


13.6. Exercising Access, Data Portability, and Deletion Rights.

13.6.1. To exercise the access, data portability, and deletion rights described in Section 13.5 above, please submit a verifiable consumer request to us by either: (1) calling us toll free at 1-833-668-3358; (2) Submitting a Support Request; or (3) contacting us in accordance with Section 12. Only you, or someone legally authorized to act on your behalf (such as an authorized agent), may make a verifiable consumer request related to your consumer information. You may also make a verifiable consumer request on behalf of your minor child. You may make a verifiable consumer request for access or data portability no more than twice within a 12-month period. The verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected consumer information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with consumer information if we cannot verify your identity or authority to make the request and confirm the consumer information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use consumer information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. We use the following process to verify consumer requests: 

  • Username Verification
  • Email Verification
  • Additional account identification questions if needed (name a musical score, create a score)

13.6.2. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your consumer information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. If your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request and notify you of the reason for refusing the request.


13.7 Non-Discrimination. 

We will not discriminate against you for exercising any of your CCPA rights, including, unless permitted by the CCPA, by:


     13.7.1. Denying you goods or services.


     13.7.2. Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.


     13.7.3. Providing you a different level or quality of goods or services.


     13.7.4. Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.



14. Do Not Track.

The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to automated Do Not Track requests. However, if you wish to stop such tracking, please contact us with your request, using our contact details provided in Section 12.



COOKIES POLICY



Information About Our Use of Cookies. 


Our website www.noteflight.com (“our website”) uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse our website, you are agreeing to our use of cookies. 


A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. 


We use the following cookies: 


Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services. 

Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. 

Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. 


Here are the individual cookies we use, the purposes for which we use them, and their durations:



  •  _noteflightSite_session: A session cookie and it matches the user session to our database. Duration is 2 weeks for regular users. The cookies are cleared on log out. 
  • nfouid: An origin tracker and we use this to track the IP address and user agent of visiting users. This enables us to understand the visit path of users who do not log in. Duration is 20 years.
  • premiumTrial: Used to determine whether a user should be redirected to our premium trial page on log in. This is set when a user hits our premium trial webpage. This expires when _noteflightSite_session expires. 
  • omni_referring_hostname: Used to redirect users who have login in with OmniAuth back to their origin. This is only set when a user logs in through Facebook or Google from somewhere other than the Noteflight homepage. This expires when _noteflightSite_session expires.
  • _stripe_mid. Used to help examine users’ on-site behavior, to identify behavior patterns similar to those used by those committing fraud. Duration is 18 months. 
  • _stripe_sid: Used to help examine users’ on-site behavior and to identify behavior patterns similar to those used by those committing fraud. Duration is 1 year.
  • instapage-vist<number>: This is an InstaPage analytics and conversion tracker. Duration is 1 year. 
  • _ga: Used by Google Analytics. Duration is 2 years. 
  • xuid: RichRelevance id for Noteflight suggested products. Duration 120 days.
  • hstc: Used by AppCues to display in-site messages. Duration 1 year.
  • G_ENABLED_IDPS: Used to verify a Google ID. No expiration.
  • noteflight1-_zldp: Identifies users for Zoho SalesIQ features. Duration is 2 years. 
  • Fbq(‘track’, ‘PageView’): Facebook Tracking Pixel. This helps tracks clicks from Facebook ads to the Noteflight site. Duration is 28 days.
  • Google AdWords Tracking Pixel. This helps tracks clicks from Google ads to the Noteflight site. Duration is 90 days. 
  • Qp(‘track’, ‘ViewContent’): Quora Tracking Pixel. This helps tracks clicks from Quora ads to the Noteflight site. Duration is 28 days.
  • Uteq Bing Tracking Pixel. This helps tracks clicks from Bing ads to the Noteflight site. Duration is 90 days.


You can find more information about cookies at: www.aboutcookies.org. You can find more information about Google Analytics and how to reject or delete these cookies at: www.google.com/intl/en/privacypolicy.html. 


Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. 


If your browser enables you to, you can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) your access to our website will be restricted. You will not be able to access our website without the “_noteflightSite_session” and the “nfouid” cookies. 





Noteflight, LLC 


Last updated 01/21/21