Last updated: July 15, 2020
  1. Introduction

    Artusi, Inc. (“Artusi”, “we”, “us”, “our”) is committed to protecting our Users’ (“you”, “your”) privacy. As educators ourselves, we seek to collect only the information crucial to creating an excellent learning experience—and we guard it ferociously.

    This Privacy Policy applies with respect to the information that we collect through our websites, located at artusimusic.com and MacGAMUT.com (“our Sites”), our MacGAMUT product, the MFun product we distribute and support, and through the provision of our products and services (collectively, “our Services”).

    Defined terms used herein and not defined elsewhere have the meanings prescribed thereto in the Terms and Conditions posted separately on our Sites. This Privacy Policy is incorporated into and is part of the Artusi Terms and Conditions applicable to your use of our Sites and our Services.

    We are GDPR, FERPA, and CCPA compliant; please see the relevant sections below for more information about our compliance with this legislation.

    If you have any questions about this Privacy Policy, or our use of your information in relation to our Sites and/or our Services, please contact us.

  2. Personally Identifiable Information that we collect

    Personally Identifiable Information (“PII”) is information that can be used to identify you or contact you. We do not collect any PII about you unless you voluntarily submit such information to us, by signing up to use our Services with your actual name and email address that includes PII, or by logging in through a third-party service that you have authorized to share this information with us.

    For the purposes of the GDPR, PII amounts to “personal data”, as defined and used in the GDPR. All references to PII shall be deemed to include personal data as defined and used in the GDPR.

    We collect only the following PII:

    1. Your name
    2. Your email address
    3. A profile photo, if you choose (not required)
    4. Any PII provided by you within comments to instructors or answers to questions
    5. Names and affiliations of any courses you teach or enroll in through Artusi
    6. Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, and add-ons

    That’s it! In fact, we permit you to use pseudonyms and email addresses without any identifying information, if you choose.

  3. How we use your Personally Identifiable Information

    We use your PII in the following ways:

    1. to provide you with our Services
    2. to process any enquiry or expression of interest received from you
    3. to notify you about any changes to our Sites or to our Services
    4. to provide you with marketing communications concerning our Services
    5. to contact you regarding billing
    6. to improve and support our Sites and our Services

    We will only use your PII to the extent that the law allows us to do so.

  4. Disclosure of Personally Identifiable Information

    We take the privacy of your data very seriously, and we do not, under any circumstances, sell, rent or lease your data to third parties for any purposes.

    We disclose the following PII to instructors in whose courses students are enrolled:

    1. name (or pseudonym)
    2. Email address
    3. Profile photo
    4. Any PII provided by you within comments to instructors or answers to questions

    We share PII with a small number of sub-processors, for the specific purposes described herein:

    Sub-processorPurpose
    auth0 User authentication
    HubSpot Customer support and customer relationship management
    Sentry Bug tracking
    SendGrid Marketing communications
    Stripe Billing

    We will disclose your PII to third parties in the following circumstances:

    1. in the event that we buy or sell any business or assets or receive funding, in which case we may disclose your PII to the prospective buyer or seller of such business or assets or investor providing such funding;
    2. if Artusi or substantially all of its assets are acquired by a third party, in which case PII held by us will be one of the transferred assets;
    3. we may employ independent contractors, vendors and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to our Sites and our Services, such as hosting and maintaining our Sites and/or our Services, providing credit card processing and fraud screening and developing applications for our Sites and/or our Services. In the course of providing products or services to us, these Outside Contractors may have access to information collected through our Sites and/or our Services, including your PII. We use reasonable efforts to ensure that these Outside Contractors are capable of (1) protecting the privacy of your PII consistent with this Privacy Policy, and (2) not using or disclosing your PII for any purpose other than providing us with the products or services for which we contracted or as required by law;
    4. if we are under any duty to disclose or share your PII in order to comply with any legal obligation, including to respond to any lawful request of public authorities or to meet national security or law enforcement requirements, or in order to enforce or apply our terms of use in relation to the Services and other agreements, or to protect the rights, property or safety of Artusi, our customers, or others. This includes the sharing of information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

    PII collected and used through our Sites or in the provision of our Services will be stored, and (if applicable) transferred to us in the United States. To the extent that we process PII of individuals located in the European Economic Area or the United Kingdom, this Privacy Policy sets out our practices and obligations under the GDPR (to the extent applicable). By accepting this Privacy Policy you explicitly consent to us storing, and (if applicable) transferring, your personally identifiable information in and to the United States, such transfer being necessary for the purposes of your use of the Sites and the Services.

  5. Storage of Personally Identifiable Information

    At Artusi, we take the security of your data seriously.

    We take every reasonable effort to ensure a high level of security of your personal data, including, but not limited to, using modern best practices in encryption and data security workflows. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.

    All PII that you provide to us is stored on secure Amazon Web Services (AWS) servers. Please note that although we store our data on AWS servers, we do not disclose any PII to AWS. For information about AWS’s state-of-the-art security practices, please visit their Data Privacy FAQ and their Cloud Security page.

    We only work with sub-processors who commit to the highest standard of security and privacy; the security and privacy policies for each of our sub-processors can be found here:

    Sub-processorSecurity PolicyPrivacy Policy
    auth0 Security Policy Privacy Policy
    HubSpot Security Policy Privacy Policy
    Sentry Security Policy Privacy Policy
    SendGrid Security Policy Privacy Policy
    Stripe Security Policy Privacy Policy
  6. Retention of Personally Identifiable Information

    We will only retain your PII for as long as necessary to fulfill the purposes for which we collected it. If you use our Services, we will retain your PII for as long as your account with us remains live. Please note that your account remains live and we retain your PII, even if you do not renew your paid subscription to our Services and your PII is only deleted at your request. If you wish us to delete your PII and/or any other information associated with your account when you stop using our Services, please contact us.

  7. Your Rights over your Data

    We believe that you have the right to control your personal data. You have the right to:

    1. Request access to your PII. This enables you to receive a copy of the personally identifiable information we hold about you and to check that we are lawfully processing it.
    2. Request correction of the personally identifiable information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    3. Request erasure of your PII. This enables you to ask us to delete or remove your PII.
    4. Object to processing of your PII where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
    5. Request the restriction of processing of your PII. This enables you to ask us to suspend the processing of your PII, for example, if you want us to establish its accuracy or the reason for processing it.
    6. Request the transfer of your PII to another party.

    To the extent that this policy applies to individuals located in the European Economic Area or the United Kingdom, you may lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If you have any complaints about the way we handle your PII please do contact us. Alternatively, you may lodge a complaint with the supervisory authority located in your country.

    If you want to review, verify, correct, or request erasure of your PII, object to the processing of your PII, or request that we transfer a copy of your PII to another party, please contact us using the details provided below.

  8. Cookies

    Cookies are small text files that are stored by a computer’s web browser. They help site providers with things like understanding how people use a site, remembering a User’s login details, and storing site preferences. By continuing to browse our Sites, you are agreeing to our use of cookies.

    You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of our Sites.

    For more information about cookies, visit All About Cookies.

  9. Children

    As stated in our Terms, our Sites and our Services are not intended for use by children under the age of 13. We do not knowingly collect information from children under the age of 13.

    Children aged 13 or older should not submit any PII without the permission of their parents or guardians.

    By using our Services, you are representing that you are at least 18 years of age (or the age of majority in your jurisdiction, whichever is older), or that you are at least 13 years old and have your parents’ or guardians’ permission to use our Sites and our Services.

  10. Other Websites; Links.

    Artusi may provide links to other websites or embed content from other websites. Artusi is not responsible for the privacy practices or content on other websites. We strongly suggest that you read a website’s Privacy Policy before submitting personal information or utilizing the resources of that site.

  11. FERPA

    The Family Educational Rights and Privacy Act of 1974 (“FERPA”) is a USA federal law that states that an educational institution must establish a written institutional policy concerning the confidentiality of student education records and the fact that students must be notified of this statement of policy and their rights under the legislation.

    Although Artusi has not been externally verified to be in compliance under FERPA, your student records are protected by FERPA policy and Artusi staff have been trained to follow and enforce this policy. In particular, we will not disclose PII about student users of the site except to officials with a legitimate educational purpose, or as listed above. Students (or parents/guardians of students in the case of students under the age of majority) have the right to inspect records kept here under request; students have the right to request instructors (first) and the operator of this site (second) to correct records which they believe to be inaccurate or misleading. If the instructor or site decline to correct the record, students have the right to place a statement to appear with grades or other information contesting the information stored. Students may ask their instructors to allow them to enroll with a non-identifying e-mail address or a pseudonym.

    For information about your rights under FERPA, please visit the US Department of Education’s Protecting Student Privacy site.

    You have the right to report violations of FERPA to Artusi and any applicable administrative body.

    The name and address of the office that administers FERPA is: Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Avenue, SW., Washington, DC, 20202-4605.

    If you wish to inspect, review or challenge your education records please submit a written request to Artusi at 13 East Avenue, Milford, CT 06460, United States.

  12. General Data Protection Regulation

    To the extent that our Sites and our Services are available to individuals located in the European Economic Area and the United Kingdom, we are bound by and act in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

    If an organization with which you are associated (an “Organization”) signs up to use our Services, we may receive PII about you in connection with our provision of our Services to your Organization. To the extent we process (as defined below) that PII solely in order to provide our Services to your Organization, under the GDPR, to the extent applicable, we will act as a processor (as defined in the GDPR) on behalf of your Organization in respect of that PII; this Privacy Policy will not apply to the processing of that PII and your Organization will act as a controller (as defined in the GDPR) in respect of that PII and is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law.

    To the extent that we process your PII for any other lawful business purpose of ours, under the GDPR, to the extent applicable, we will act as a controller of such PII and this Privacy Policy will apply to the processing of such PII. Notwithstanding the foregoing, and for the avoidance of doubt, with respect to transfer data (as defined below) processed by Artusi solely on behalf of a third-party controller, the provisions of this Privacy Policy specific to transfer data continue to apply in accordance with the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks (as the case may be), but may be limited to working with the respective controller, given our role as a processor.

    Under the GDPR, we rely on the following lawful bases for processing your PII:

    1. where you have given consent to the processing; which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
    2. where it is necessary for the performance of the contract we have entered into, or are about to enter into, with you (whether in relation to the provision of our Services or otherwise); and/or
    3. where it is necessary for the purposes of our legitimate interests (or those of a third party) and your interests or fundamental rights and freedoms do not override those legitimate interests.

    All of our sub-processors are GDPR compliant. Please see their policies regarding GDPR at:

    Sub-processorGDPR compliance statement
    Amazon Web Services GDPR compliance statement
    auth0 GDPR compliance statement
    HubSpot GDPR compliance statement
    Sentry GDPR compliance statement
    SendGrid GDPR compliance statement
    Stripe GDPR compliance statement
  13. Privacy Shield Framework Compliance

    Artusi complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personally identifiable information transferred from the European Economic Area (the “EEA”), the United Kingdom (the “UK”) and Switzerland to the United States (“transfer data”). Artusi has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the Privacy Shield website.

    In compliance with the Privacy Shield Principles, individuals have the right to request, in writing, access to and/or removal of all transfer data. Artusi will respond to lawful requests for transfer data by public authorities, including to meet national security or law enforcement requirements. The Federal Trade Commission (FTC) also has jurisdiction over Artusi’s compliance with the Privacy Shield.

    Artusi commits to resolve complaints about our collection or use of your transfer data. Individuals with inquiries or complaints regarding our Privacy Shield policy should contact us.

    Artusi has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit the American Arbitration Association for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.

    Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Artusi has liability for onward transfers to third parties unless we can prove we were not a party to the events giving rise to the damages. For more information, please visit this page.

  14. Privacy Notice for California Residents

    United States - California residents. This section provides additional details about the personal information we collect about California consumers as well as the rights of California consumers under the California Consumer Privacy Act (CCPA).

    How We Collect, Use, and Disclose your Personal Information. The sections above describe the personal information we may have collected over the last 12 months, the purposes for the collection of this data, and how we disclose this data. We use cookies as described in the Cookies section of this document.

    Your CCPA Rights and Choices. As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information:

    • Exercising the right to know. You may request, up to twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:

      1. the categories and specific pieces of personal information we have collected about you;
      2. the categories of sources from which we collected the personal information;
      3. the business or commercial purpose for which we collected the personal information;
      4. the categories of third parties with whom we shared the personal information; and
      5. the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
    • Exercising the right to delete. You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.
    • Exercising the right to opt-out from a sale. You may request to opt out of any “sale” of your personal information that may take place. As described above, we do not rent or sell your data for any reason whatsoever.

    Non-discrimination. The CCPA provides that you may not be discriminated against for exercising these rights.

  15. Changes to this Privacy Policy

    From time to time, Artusi may use user information for new, innovative, and unanticipated purposes not previously disclosed or described in this Privacy Policy. Any changes to our Privacy Policy will be posted on our Sites. Your continued use of our Sites and our Services following the posting of any modification or change will constitute your acceptance thereof.