Liszt Data Privacy Policy

Effective Date: October 3, 2025

Last Updated: May 28, 2026

Liszt is a scheduling and administration platform designed for schools of music. We respect the privacy of all users and are committed to protecting institutional and student information.

1. Information We Collect

Liszt is intentionally designed to collect only the minimum information necessary to provide scheduling, administrative, reporting, and institutional support functions. Typical information may include:

• Name
• Institutional email address
• Institutional ID number
• Role, such as faculty, staff, student, or administrator
• Scheduling information, such as rehearsals, events, room assignments, lessons, or meetings
• Administrative records used by the institution, such as attendance, competencies, inventory assignments, or related program information

Liszt is not designed to collect or process:

• Social Security Numbers
• Financial or payment information
• Health or medical information
• Sensitive personal information unrelated to institutional administration

2. How Information Is Used

Information collected or stored in Liszt is used only to provide and support platform functionality, including:

• Scheduling rehearsals, lessons, meetings, rooms, and events
• Tracking student competencies, attendance, or institutional requirements
• Supporting calendar integrations, including Microsoft Outlook and Microsoft Graph where enabled
• Supporting administrative reporting and communications
• Maintaining platform security, reliability, and availability
• Troubleshooting errors and providing technical support

Liszt does not sell, rent, or use institutional or student data for advertising purposes.

Institutional or student data submitted to Liszt is not used to train artificial intelligence or machine learning models.

3. Authentication, Cookies, and Integrations

Liszt may support institution-managed authentication systems, including OAuth-based authentication through providers such as Microsoft. Where enabled, calendar and identity integrations are used only to provide requested platform functionality.

Liszt may use limited session cookies, authentication tokens, or similar technologies necessary for login, security, session management, and platform functionality.

Liszt does not use advertising trackers or sell user behavioral data.

4. Data Sharing and Third-Party Providers

Liszt does not sell, rent, or disclose institutional or student data to third parties for marketing or advertising purposes.

Liszt may rely on trusted infrastructure, hosting, storage, authentication, email, or integration providers as necessary to operate the platform. These providers may include services such as DigitalOcean and Microsoft, depending on the institution’s configuration and enabled features.

Third-party providers are used only as necessary to provide, secure, maintain, or support the Liszt platform.

5. Data Security

Liszt uses administrative, technical, and operational safeguards intended to protect institutional and student information. These safeguards include:

• Encrypted transmission of data using TLS/HTTPS
• Restricted administrative access
• Least-privilege access principles
• Secure authentication practices
• Regular system patching and monitoring
• Database backups for recovery purposes

Infrastructure is hosted in secure cloud environments. DigitalOcean maintains industry certifications including SOC 2 Type II and ISO/IEC 27001.

Additional information about Liszt’s technical and operational safeguards may be provided in the Liszt Information Security Policy.

6. FERPA and Educational Records

Liszt is designed for higher education environments and supports institutional compliance with the Family Educational Rights and Privacy Act (FERPA).

Institutions retain ownership and administrative control over data entered into the platform. Access to institutional data is restricted to authorized institutional users and authorized administrative personnel as necessary to provide support, maintain platform operations, and protect platform security.

Liszt does not determine institutional FERPA obligations, access policies, or educational record classifications. Institutions remain responsible for determining how their data is classified and how access should be managed within their institutional environment.

7. Data Ownership, Access, and Control

All institutional data entered into Liszt belongs to the institution. Liszt does not claim ownership of institutional or student information.

Institutions may request data exports, correction, or removal of institutional data, subject to technical feasibility, legal obligations, operational requirements, and reasonable backup retention periods.

Institutional administrators are responsible for managing user access, permissions, and the accuracy of data entered into the platform.

8. Data Retention and Deletion

Liszt retains institutional data only as long as necessary to provide services, maintain operational continuity, comply with legal or contractual obligations, support security, or enable disaster recovery.

Upon termination of service, an institution may request export or deletion of its institutional data. Some information may remain temporarily in backups or system logs until those records are overwritten or expire according to normal operational practices.

Backup copies are maintained for recovery and business continuity purposes and are not used for active processing except when needed for restoration, investigation, or security purposes.

9. Policy Updates

This Data Privacy Policy may be updated periodically to reflect changes in platform functionality, infrastructure, legal requirements, or operational practices.

Material updates may be communicated to institutional contacts when appropriate.

10. Contact

For questions or concerns about data privacy, please contact:

Liszt Support
Email: support@liszt.app