Privacy Policy

• Email address and password (or OAuth credentials)
• Name, display name, and profile photo
• Phone number (optional, for account recovery and Telegram integration)
• Account preferences and settings
• Role designation (musician, fan, venue)

• Artist/band name, bio, genre, and location
• Profile images, cover photos, and press photos
• Spotify, Apple Music, and other streaming platform identifiers
• Social media handles and links
• Electronic Press Kit (EPK) content

When you connect third-party accounts, we may access:

• Instagram: Profile info, follower counts, posts, insights, and story metrics
• TikTok: Profile info, video metrics, audience demographics
• YouTube: Channel stats, video performance, subscriber counts
• Twitter/X: Profile info, engagement metrics
• Spotify for Artists: Streaming data, playlist placements, listener demographics

Through our analytics partners (SoundCharts, Songstats), we collect:

• Stream counts across platforms (Spotify, Apple Music, Amazon Music, etc.)
• Monthly listener statistics and trends
• Playlist additions and radio airplay data
• Geographic distribution of listeners
• Audience demographics (age, gender, location)
• Charting positions and viral content detection

• Messages exchanged with Muse (our AI manager)
• Conversation history and context
• Preferences and goals inferred from conversations
• Tool usage and workspace interactions

• Audio files (songs, masters, stems)
• Images and videos uploaded for posts or videos
• Documents (contracts, press materials, lyrics)
• Scheduled social media content and drafts
• AI-generated music video assets

For artists using our Fan CRM features:

• Fan email addresses (from pre-saves, newsletter signups, events)
• Email engagement metrics (opens, clicks)
• Fan support transactions and donation history
• Event RSVP and attendance records

• Billing address and payment method details (processed via Stripe)
• Subscription plan and billing history
• Stripe Connect account information (for collaboration escrow)
• Credit purchase and usage history

• IP address and device identifiers
• Browser type, operating system, and device information
• Usage patterns, features accessed, and session duration
• Referral URLs and navigation paths
• Crash reports and performance data

• Operating your account and delivering core functionality
• Syncing analytics from connected platforms
• Processing scheduled posts and automated actions
• Generating AI-powered insights and recommendations
• Creating and rendering music videos and visualizers
• Facilitating collaborations and escrow payments

• Powering Muse conversations with relevant context
• Learning your preferences to improve recommendations
• Generating personalized playlist pitches and booking emails
• Creating tailored content suggestions based on your analytics
• Building your AI video assets library for consistent output

• Sending transactional emails (receipts, alerts, confirmations)
• Delivering notifications via web push, email, or Telegram
• Providing customer support and responding to inquiries
• Sending product updates and new feature announcements (with opt-out)

• Preventing fraud, abuse, and unauthorized access
• Enforcing our Terms of Service and Community Guidelines
• Complying with legal obligations and responding to lawful requests
• Resolving disputes and enforcing agreements

• Understanding usage patterns to improve features
• Generating aggregated, anonymized industry insights
• Conducting research to enhance AI capabilities
• A/B testing new features and improvements

Your conversations with Muse are processed by large language model (LLM) providers to generate responses. We use multiple providers including Anthropic (Claude), OpenAI, Google AI, and DeepSeek, selecting based on capability and availability.

• Conversations are sent to LLM providers to generate responses
• We include relevant context (your analytics, preferences, recent activity)
• Conversation history may be stored to improve future interactions
• LLM providers process data per their respective privacy policies

Muse learns your preferences over time to provide better assistance:

• Preferred posting times, platforms, and content styles
• Communication preferences (formal vs. casual tone)
• Career goals and milestones you've mentioned
• Facts about your music (genre, influences, collaborators)

You can view and delete learned preferences in your Settings, and you can start fresh conversations at any time.

For Pro and Studio tier users who enable autonomous mode, Muse may take actions on your behalf based on detected opportunities:

• Drafting social media posts for milestone celebrations
• Creating playlist pitch campaigns when songs go viral
• Scheduling content based on your preferences

Autonomous actions are logged and can be reviewed. You can disable autonomous mode at any time in Settings.

When using AI features (music videos, pitch generation, content suggestions), your inputs and the generated outputs may be processed by third-party AI services:

• Replicate: For AI video generation (Kling, Seedance models)
• LLM Providers: For text generation and analysis

We do not use your content to train AI models without explicit consent.

Muse has access to a curated knowledge base of music industry information to provide accurate guidance. Your conversations may be used to improve Muse's helpfulness, but personal data is not added to the shared knowledge base.

• SoundCharts: Streaming analytics, playlist tracking, audience intelligence
• Songstats: Supplemental streaming data and playlist curator information

These services receive your artist identifiers to fetch analytics data.

• Stripe: All payment processing, subscriptions, and collaboration escrow

We never store full credit card numbers. Stripe handles all payment data per PCI-DSS compliance standards. See Stripe's Privacy Policy.

• Amazon Web Services (AWS): Servers, databases, file storage (S3), and CDN

Your data is stored in AWS US regions with encryption at rest.

• Anthropic: Claude models for AI conversations
• OpenAI: GPT models for AI conversations and embeddings
• Google AI: Gemini models for AI conversations
• DeepSeek: DeepSeek models for AI conversations
• Replicate: AI video generation (Kling, Seedance)

• Telegram: Optional bot integration for notifications
• Email Providers: Transactional email delivery

When you connect accounts, we access APIs provided by:

• Meta (Instagram, Facebook)
• TikTok
• Google (YouTube)
• Twitter/X
• Spotify

We only request permissions necessary for our features. You can revoke access at any time through your connected platform's settings.

We share information when you direct us to, such as when posting to connected social media accounts or sharing your EPK publicly.

We share data with vendors who help operate our Services (hosting, analytics, payment processing, email delivery). These providers are contractually bound to use data only for providing services to us.

When you participate in collaborations, certain information is shared with collaborators:

• Your display name, profile photo, and artist profile
• Messages exchanged within the collaboration
• Milestone deliverables and payment status
• Review ratings and feedback (publicly visible)

Certain information is publicly accessible:

• Your Smart Link page (if published)
• Community posts and interactions
• Event listings you create
• Collaboration reviews and ratings

We may disclose information if required by law, subpoena, or legal process, or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If Musuni is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

We may share aggregated, anonymized data that cannot reasonably identify you for industry research, marketing, analytics, or other business purposes.

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Secure password hashing (bcrypt)
• Regular security audits and penetration testing
• Access controls and authentication for all systems
• DDoS protection and rate limiting

• Employee access limited to job-necessary data
• Background checks for employees with data access
• Security training for all team members
• Incident response procedures

• Data stored in AWS with SOC 2 Type II compliance
• Regular automated backups with encryption
• Geographic redundancy for disaster recovery
• Monitoring and alerting for anomalous activity

We retain your account and profile data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except as required for legal compliance.

Streaming and social analytics are retained for up to 3 years to enable historical trend analysis and career tracking.

• Active conversation history: Retained until you start a new conversation
• Conversation summaries: Retained for up to 1 year
• Learned preferences: Retained until you delete them or your account

Uploaded files remain in your cloud storage until you delete them. Deleted files are permanently removed within 30 days.

Transaction records, invoices, and payment history are retained for 7 years as required by tax and financial regulations.

If data is subject to a legal hold or investigation, it may be retained beyond normal retention periods until the matter is resolved.

You can access your data through your account Settings. You can export your data in standard formats (JSON, CSV) at any time.

You can update or correct your profile information at any time through your account settings or by contacting support.

You can delete your account and associated data through Settings. Some data may be retained as described in Section 8 (Data Retention).

• Unsubscribe from marketing emails via the link in each email
• Manage notification preferences in Settings
• Disconnect Telegram notifications at any time
• Disable push notifications in your browser settings

You can disconnect any connected platform (Instagram, Spotify, etc.) at any time through your Integrations settings. Disconnecting will stop data syncing but won't delete previously collected data.

• Clear Muse's learned preferences in Settings
• Disable autonomous actions (Pro/Studio tiers)
• Delete conversation history by starting a new conversation

Required for basic functionality: authentication, security, and core features. These cannot be disabled.

Remember your preferences such as theme (dark/light mode), language, and workspace layouts.

Help us understand how you use Musuni so we can improve. We use privacy-focused analytics that do not track you across websites.

• Browser settings allow you to block or delete cookies
• Blocking essential cookies may prevent you from using Musuni
• We do not use third-party advertising or tracking cookies

We use browser local storage to persist your workspace state, draft content, and preferences between sessions.

Essential communications about your account, transactions, and service status. These cannot be opted out of while you have an active account.

• Account verification and password reset
• Payment receipts and subscription updates
• Security alerts and important notices
• Collaboration and escrow notifications

Notifications about new features, improvements, and service changes. You can opt out via email preferences or Settings.

AI-generated notifications about your career (viral content, milestones, opportunities). Configure in Settings → Notifications.

Occasional promotional content about Musuni features or partnerships. Always optional with easy unsubscribe.

You can request information about the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.

You can request deletion of your personal information, subject to certain exceptions (legal obligations, completing transactions, security).

You can request correction of inaccurate personal information.

We do not sell your personal information. We do not share your information for cross-context behavioral advertising.

You can limit how we use sensitive personal information. Contact us to exercise this right.

We will not discriminate against you for exercising your CCPA rights.

We process your data based on:

• Contract: Necessary to provide Services you've subscribed to
• Legitimate Interests: Analytics, security, service improvement
• Consent: Marketing communications, optional features
• Legal Obligation: Tax records, fraud prevention

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Request deletion (“right to be forgotten”)
• Restriction: Limit processing in certain circumstances
• Portability: Receive data in machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: For consent-based processing

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

For GDPR-related inquiries, contact our Data Protection team at dpo@musuni.io.