Data Security

All sites that are created and hosted by Da Capo abide by strict security in storage and transfer methods.

Da Capo Web Development takes data privacy and security very seriously.

Contact us for more information.

  • All web pages and forms are served over HTTPS with a strong, 2048 bit encryption key. Information that is sent between your computer and our server is always encrypted. We recommend that you use a browser capable of TLS v1.2 or 1.3 to ensure the highest levels of encrypted communication.
  • Each client database is stored separately from databases of other clients who use Da Capo Web Development services.
  • All database tables containing student personally identifiable information (PII) (student name) are encrypted on the server.
  • All database backups are encrypted with a strong 2048 bit Public/Private (PGP) encryption key and securely transferred to a private facility using SFTP.
  • All servers are hosted in a secure facility with 24×7 physical and electronic security, and redundant backup systems (Liquid Web US Central Data Center).
  • Access to Da Capo’s systems are logged and all accounts are password protected. Passwords are secured using best-practice encryption (hash) methods.
  • A student’s PII will never be sold or used for any commercial purposes.

  • For NYSSMA Festivals (Da Capo Music Festivals), the following people have access to student PII (student name, only):
    • the teacher of the student,
    • the director of music in that student’s school district,
    • the festival host who is responsible to schedule that student (Normally a director of music at the student’s school district or another local school district),
    • the NYSSMA Executives in charge of solo festivals,
    • and the developer / administrator of the website.
    • In some cases, a scheduling assistant is used by festival hosts to help complete the schedule for the festival. This scheduling assistant is a New York State certified in-service music teacher.

  • For County Music Festivals (SCMEA, NYSCAME/Suffolk, LISFA), the following people have access to student PII (student name, only):
    • the teacher of the student,
    • the director of music in that student’s school district,
    • the festival chairperson who is responsible select students from the list of nominated students,
    • the Executive Board Members on the festival team,
    • and the developer / administrator of the website.

  • Parents Bill of Rights for Data Privacy and Security
    • A student’s personally identifiable information cannot be sold or released for any commercial purposes
    • Parents have the right to inspect and review the complete contents of their child’s education record
    • State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, are be in place when data is stored or transferred
    • A complete list of all student data elements collected by the State is available for public review at https://www.dacapowebdevelopment.com or by writing to patrickhait at gmail dot com
    • Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed to patrickhait at gmail dot com.
    • The data collected will be used to manage State, County, and School music program data.
    • Da Capo Web Development does not use subcontractors and data will not be shared with other companies.
    • Data will be deleted within 15 days of the close of the completion of a festival.
    • With regard to NYSSMA scores, a parent can contact the music teacher or administrator of the NYSSMA festival to discuss any relevant scoring information. Da Capo simply records the data entered.
    • Data is stored in encrypted databases at a secure facility. Backups are further encrypted with 2048 bit private key encryption at a separate secure facility.