COREOFI

Privacy Policy

Coreofi is a choreography analysis tool designed for dance educators and their students. It provides technical features such as waveform visualisation, BPM detection, section annotation, and video synchronisation. This policy explains what information we collect, how we use it, and how we keep it safe. By using Coreofi you agree to the practices described here.

1. Data Controller

The data controller responsible for your personal data is:

Coreofi Admin
Email: support@coreofi.com

2. Information We Collect

We collect only what is necessary to provide the service:

• Account information — your chosen username and a securely hashed password. We never store your password in plain text.
• Media files — audio files (songs) and video files you upload to your projects. These are stored on the server solely to power your analysis sessions.
• Project data — project names, section markers, BPM data, and video sync offsets that you create while working.
• Class membership — if you register with an invite code, your account is linked to that class. This association allows your teacher to share content with you.
• Usage timestamps — when projects were created or last updated, used only for display purposes.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Performance of a contract (Art. 6(1)(b)) — processing your account data, media files, and project data is necessary to provide the Coreofi service to you.
• Legitimate interests (Art. 6(1)(f)) — storing timestamps and class membership is necessary to operate the platform and enable the sharing features that are central to the service.

4. How We Use Your Information

• To provide and maintain the Coreofi service.
• To allow teachers to share projects and analysis content with students in the same class.
• To enable students to share their own projects with classmates or their teacher.
• To display your username and project history within the application.

We do not use your data for advertising, analytics profiling, or any purpose beyond running the service.

5. Your Media Files (Audio and Video)

Files you upload — audio recordings and video recordings — are stored on the server and are accessible only to you and, if explicitly shared, to the class members or individual users you choose to share with. No one outside your designated class or share list can access your files. School owners (teachers) can see the projects they have shared but cannot access files in projects that belong solely to students unless those students share them.

Media files are processed solely to render waveforms, compute BPM, calculate video sync offsets, and play back content within the editor. They are not analysed, indexed, or used for any other purpose. Coreofi does not make uploaded files available to the general public.

6. Sharing and Access Controls

• Teachers can share their projects with an entire class or with individual students they select.
• Students can share their own projects with their teacher or with individual classmates they choose.
• Sharing is always explicit and opt-in — nothing is visible to others until you share it.
• You can revoke sharing at any time from your Projects page.

7. Data Retention

Your data and files are retained for as long as your account exists. If your account is deleted by a school administrator, your account data and associated files are removed from the server within 30 days. You may request deletion of your account by contacting us at support@coreofi.com.

8. Your Rights Under GDPR

As a data subject under the EU General Data Protection Regulation, you have the following rights:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct inaccurate or incomplete data.
• Right to erasure — you may ask us to delete your personal data. We will comply unless we have a legal obligation to retain it.
• Right to data portability — you may request your data in a structured, machine-readable format.
• Right to restriction — you may ask us to restrict processing of your data in certain circumstances.
• Right to object — you may object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@coreofi.com. We will respond within 30 days.

9. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Romanian national data protection authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, București 010336
Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro

10. Data Security

Passwords are stored as one-way cryptographic hashes and are never readable by anyone, including administrators. All communication with the server should be conducted over HTTPS. Access to all API endpoints is protected by token-based authentication.

While we take reasonable precautions, no system is completely immune to security risks. Do not upload files that contain sensitive personal information beyond what is necessary for choreography analysis.

11. Cookies and Local Storage

Coreofi does not use cookies. It stores your session token and username in your browser's localStorage so that you remain logged in between visits. This data stays on your device and is cleared when you log out.

12. Third-Party Services

Coreofi does not share your data with third-party advertisers or analytics providers. All fonts and assets are self-hosted on our server. The application does not load any external resources. No third-party network requests are made by the frontend, and no user data is transmitted to third parties.

13. Children's Privacy

Coreofi may be used by students under the age of 16 under the direct supervision of a school administrator (teacher). We do not collect any additional personal data from minors beyond what is described in this policy. Access for minors is always mediated through the school's invite-code system. It is the responsibility of the school administrator to ensure that appropriate parental or guardian consent has been obtained before registering a student under the age of 16, in accordance with GDPR Article 8.

14. Changes to This Policy

We may update this policy from time to time. When we do, we will update the date at the top of this page. Continued use of Coreofi after changes are posted constitutes acceptance of the updated policy.