Privacy Policy

Last updated: April 16, 2026

Effective Date: April 16, 2026 | Last Updated: April 16, 2026

YOUR PRIVACY MATTERS TO US

This Privacy Policy explains how MUSEPULSE TECHNOLOGIES PTE. LTD. ("MUSE," "we," "us," or "our"), a Singapore-registered company, collects, uses, shares, and protects your personal information when you use our AI assistant services available through https://museai.im, our desktop applications, mobile applications, and related services (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

KEY PRIVACY COMMITMENTS

Before you read the full policy, here are our core commitments to you:

✅ We do NOT sell your personal information
✅ We do NOT use your private content to train AI models without your explicit consent
✅ You can delete your account and data at any time
✅ We comply with GDPR, CCPA, and Singapore PDPA
✅ We use encryption and security measures to protect your data
✅ We are transparent about what data we collect and why

INFORMATION WE COLLECT
HOW WE USE YOUR INFORMATION
HOW WE SHARE YOUR INFORMATION
DATA RETENTION
DATA STORAGE AND SECURITY
YOUR PRIVACY RIGHTS
COOKIES AND TRACKING TECHNOLOGIES
THIRD-PARTY SERVICES AND INTEGRATIONS
AI TRAINING AND MODEL IMPROVEMENT
CHILDREN'S PRIVACY
INTERNATIONAL DATA TRANSFERS
CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
EUROPEAN PRIVACY RIGHTS (GDPR)
SINGAPORE PERSONAL DATA PROTECTION
CHANGES TO THIS PRIVACY POLICY
CONTACT US AND DATA PROTECTION OFFICER

1. INFORMATION WE COLLECT

We collect information that you provide directly, information we collect automatically, and information from third parties.

1.1 Information You Provide Directly

Account Information

When you create a MUSE account, we collect:

Email address (required for account creation, login, and communications)
Password (encrypted using industry-standard hashing; we never store passwords in plain text)
Display name (optional; may be visible in shared content or public areas)
Profile picture (optional)
Account preferences and settings

Payment Information

For paid subscriptions, we collect:

Billing name and address
Payment method information (credit/debit card details, PayPal email)
Transaction history

Note: Payment card information is processed and stored by our payment processors (Stripe, PayPal), not by MUSE directly. We only receive and store limited information such as:

Last 4 digits of card number
Card type (Visa, Mastercard, etc.)
Expiration date
Billing postal code

User Content

When you use the Services, we collect and store content you create, upload, or input, including:

Documents and Files:

Text documents (Word, PDF, plain text, etc.)
Spreadsheets and data files
Presentations
Images and graphics
Code files and scripts
Any other files you upload or create using the Services

Conversations and Prompts:

Your text prompts and questions to the AI
AI-generated responses
Conversation history and context
Saved or bookmarked interactions

AI-Generated Content:

Documents created by the AI based on your prompts
Images generated by the AI
Code generated by the AI
Any other content produced by the AI in response to your inputs

Notes and Annotations:

Notes you create within the Services
Tags, labels, and organizational metadata
Comments and annotations on content

Communications with MUSE

Customer support inquiries (including attached files and screenshots)
Feedback and survey responses
Email correspondence with our team
Chat messages with customer support

Profile Information

Professional information (job title, industry, company name - if you choose to provide it)
Usage preferences and settings
Notification preferences
Language and timezone preferences

1.2 Information We Collect Automatically

Device and Browser Information

Device type (computer, smartphone, tablet)
Operating system (Windows, macOS, iOS, Android, Linux) and version
Browser type and version (Chrome, Firefox, Safari, Edge)
Screen resolution and device specifications
Device identifiers (advertising ID, device ID)
Mobile carrier information (if using mobile app)

Usage Data and Analytics

Log data:

IP address (may be anonymized)
Date and time of access
Pages viewed and features used
Actions taken within the Services
Errors and crashes
Referral URLs

Performance data:

Response times
Loading speeds
Feature usage frequency
Session duration
Navigation paths

Interaction data:

Features clicked or accessed
Buttons pressed
Forms submitted
Search queries within the Services
Settings changed

Location Information

Approximate location based on IP address (city/country level, not precise GPS)
Timezone (for scheduling and time-sensitive features)
Language preferences based on device settings

Note: We do not collect precise GPS location data unless you explicitly grant permission for location-based features.

Cookies and Similar Technologies

We use cookies, web beacons, pixel tags, and similar technologies to:

Maintain your logged-in session
Remember your preferences and settings
Analyze usage patterns and service performance
Provide personalized experiences
Detect and prevent fraud and abuse

See Section 7 for detailed information about cookies.

1.3 Information from Third Parties

Third-Party Authentication

If you sign up or log in using third-party services (e.g., "Sign in with Google," "Sign in with GitHub"), we receive:

Basic profile information (name, email, profile picture)
User ID from the third-party service
Email verification status
Any other information you authorize the third-party to share with us

Third-Party Integrations

If you connect MUSE to third-party services (Google Drive, GitHub, Notion, etc.), we may access:

File names and metadata
File contents (as needed to provide the Services)
Folder structures
Sharing and collaboration settings
Activity logs from the integrated service

You explicitly authorize these data accesses when you connect an integration. You can revoke access at any time through your Account settings.

Payment Processors

Our payment processors (Stripe, PayPal) provide us with:

Payment confirmation
Transaction IDs
Subscription status
Billing disputes or chargebacks

AI Service Providers

Third-party AI providers we use (e.g., OpenAI, Anthropic, Google) may provide:

Abuse detection flags (if your content violates their policies)
Performance metrics
Aggregated usage statistics

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

2.1 To Provide and Maintain the Services

Account management: Create, authenticate, and manage your account
Service delivery: Process your requests, generate AI responses, and provide core functionality
Content storage: Store your documents, conversations, and generated content
Payment processing: Process subscription payments and manage billing
Customer support: Respond to your inquiries, troubleshoot issues, and provide assistance
Service communications: Send important updates about your account, subscriptions, or the Services

2.2 To Improve and Develop the Services

Service optimization: Analyze usage patterns to improve performance, features, and user experience
Bug detection and fixing: Identify and resolve technical issues, errors, and crashes
Feature development: Understand which features are used and develop new functionality
Quality assurance: Test and validate new features before public release
Research and development: Conduct internal research to advance AI technology (using aggregated, anonymized data only)

Important: We do NOT use your private content (documents, conversations) for AI training without your explicit consent. See Section 9 for details.

2.3 To Ensure Safety and Security

Fraud prevention: Detect and prevent fraudulent activity, abuse, and unauthorized access
Security monitoring: Monitor for security threats, vulnerabilities, and attacks
Abuse detection: Identify and prevent violations of our Terms of Service and Acceptable Use Policy
Spam prevention: Detect and block spam, malicious content, and automated abuse
Account protection: Implement security measures like multi-factor authentication

2.4 To Comply with Legal Obligations

Legal compliance: Comply with applicable laws, regulations, and legal processes
Law enforcement cooperation: Respond to lawful government requests, court orders, and subpoenas
Rights protection: Enforce our Terms of Service and protect our legal rights
Dispute resolution: Resolve disputes, investigate complaints, and defend legal claims

2.5 To Communicate with You

Service notifications: Send important updates about the Services, policy changes, or security issues
Marketing communications: Send promotional emails about new features, offers, or updates (you can opt out anytime)
Surveys and feedback: Request your feedback to improve the Services
Support follow-up: Follow up on your customer support inquiries

2.6 To Personalize Your Experience

Customization: Tailor the Services based on your preferences and usage patterns
Recommendations: Suggest features or content that may be relevant to you
Interface optimization: Adjust the user interface based on your device and preferences

2.7 For Business Operations

Analytics and reporting: Generate internal business analytics and reports
Business development: Evaluate potential partnerships, acquisitions, or investments
Investor relations: Provide aggregated metrics to investors and stakeholders
Auditing and compliance: Conduct internal audits and ensure regulatory compliance

2.8 With Your Consent

Optional features: Provide additional functionality you explicitly opt into
Third-party sharing: Share data with third parties only with your permission
AI training: Use your content for AI model improvement only if you opt in

3. HOW WE SHARE YOUR INFORMATION

We do NOT sell your personal information. We only share your information in the following limited circumstances:

3.1 Service Providers and Vendors

We share information with trusted third-party service providers who assist us in operating the Services, including:

Cloud Infrastructure Providers:

Amazon Web Services (AWS): Hosting, storage, and computing infrastructure
Google Cloud Platform (GCP): Additional hosting and infrastructure services
Microsoft Azure: Backup and disaster recovery services

AI Technology Providers:

OpenAI: GPT models for text generation
Anthropic: Claude models for AI assistance
Google: Gemini models and AI services
Stability AI: Image generation models

These providers process your content to provide AI responses but are contractually prohibited from using your data for their own purposes (except for limited abuse detection and legal compliance as permitted by their terms).

Payment Processors:

Stripe: Credit card payment processing
PayPal: PayPal payment processing

They receive only the information necessary to process payments and comply with payment card industry standards.

Analytics and Monitoring:

Google Analytics: Website and app usage analytics (anonymized)
Sentry: Error tracking and crash reporting
Mixpanel or Amplitude: Product analytics (anonymized)

Customer Support:

Zendesk or Intercom: Customer support ticketing and live chat

Email Services:

SendGrid or AWS SES: Transactional and marketing email delivery

Security Services:

Cloudflare: DDoS protection and CDN services
Auth0 or similar: Authentication services

All service providers are contractually obligated to:

Use your data only for the purposes we specify
Implement appropriate security measures
Comply with applicable privacy laws (GDPR, CCPA, PDPA)
Delete or return data upon request or contract termination

3.2 Business Transfers

If MUSE is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred to the successor entity. You will be notified via email and/or prominent notice on the Services of any such change in ownership or control of your personal information.

3.3 Legal Requirements and Rights Protection

We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to:

Comply with legal obligations: Respond to subpoenas, court orders, warrants, or other legal processes
Enforce our policies: Enforce our Terms of Service, Acceptable Use Policy, or other agreements
Protect rights and safety: Protect the rights, property, or safety of MUSE, our users, or the public
Prevent illegal activity: Investigate, prevent, or take action regarding illegal activities, fraud, or security threats
Emergency situations: Respond to emergencies involving danger of death or serious physical injury

Government Requests: We will notify you of government data requests unless prohibited by law or court order. We will challenge overbroad or inappropriate requests.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent, such as:

Public sharing: If you choose to make content publicly visible (e.g., shared documents, public profiles)
Third-party integrations: When you authorize connections to services like Google Drive, GitHub, or Notion
Collaboration features: When you share documents or collaborate with others (if such features are available)

3.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot be used to identify you, including:

Usage statistics: Aggregate metrics about Service usage
Performance data: Anonymized data about Service performance and reliability
Industry research: Anonymized data for AI research and industry reports
Business metrics: Aggregate metrics shared with investors, partners, or the public

This anonymized data is not considered personal information and is not subject to this Privacy Policy.

3.6 What We Do NOT Share

We do NOT:

Sell your personal information to third parties
Share your private content (documents, conversations) with advertisers
Use your data for third-party targeted advertising
Share your data with data brokers
Disclose your information for third-party marketing purposes

4. DATA RETENTION

4.1 Retention Periods

We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Accounts:

Account information: Retained for the life of your account
User content: Retained until you delete it or close your account
Conversations: Retained for 90 days by default (you can delete anytime)
AI-generated content: Retained until you delete it
Payment records: Retained for 7 years for tax and accounting purposes
Usage logs: Retained for 12-24 months for security and analytics

Closed Accounts:

When you close your account:

Account deletion: We delete your account information within 30 days
Content deletion: We delete your user content within 30 days
Backup copies: Backup copies are deleted within 90 days
Legal holds: Data subject to legal holds or investigations may be retained longer
Aggregated data: Anonymized, aggregated data may be retained indefinitely

4.2 Data You Can Delete Anytime

You can delete the following at any time through your Account settings:

Individual documents and files
Conversation history
AI-generated content
Profile information
Saved preferences

Deleted content is permanently removed from active systems within 30 days and from backup systems within 90 days.

4.3 Legal and Compliance Retention

We may retain certain data longer when required by law or for legitimate business purposes:

Financial records: 7 years (tax and accounting requirements)
Legal disputes: Until resolution of disputes or expiration of statute of limitations
Fraud prevention: Information about fraudulent or abusive activity may be retained to prevent recurrence
Compliance: Records necessary for regulatory compliance

4.4 Anonymized Data

Data that has been fully anonymized (no longer identifies you) may be retained indefinitely for:

Research and development
Product improvement
Business analytics
Industry research

5. DATA STORAGE AND SECURITY

5.1 Where We Store Your Data

Your data is stored in secure data centers operated by our infrastructure providers:

Primary Storage:

Singapore: Primary data center for Asian users
United States (AWS us-east-1, us-west-2): Primary data center for North American users
Europe (AWS eu-west-1): Primary data center for European users

Backup and Redundancy:

Encrypted backups in multiple geographic regions for disaster recovery
Data replication across availability zones within each region

AI Processing:

Your content may be temporarily processed by AI providers' systems (OpenAI, Anthropic, Google) located in the United States
Processing is done in real-time; content is not permanently stored by AI providers (except for limited abuse detection as per their policies)

5.2 Security Measures

We implement industry-standard security measures to protect your data:

Encryption

Data in transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 or higher
Data at rest: All data stored on our servers is encrypted using AES-256 encryption
End-to-end encryption: Certain sensitive data is encrypted with keys only you control (where feasible)
Password hashing: Passwords are hashed using bcrypt with strong salts

Access Controls

Principle of least privilege: Employees have access only to data necessary for their roles
Multi-factor authentication: Required for all employee accounts with data access
Role-based access control (RBAC): Granular permissions based on job function
Access logging: All data access is logged and monitored for suspicious activity

Infrastructure Security

Firewalls and network segmentation: Protect against unauthorized access
Intrusion detection systems (IDS): Monitor for suspicious activity and attacks
DDoS protection: Cloudflare and AWS Shield protect against denial-of-service attacks
Regular security audits: Third-party penetration testing and security assessments
Vulnerability scanning: Automated and manual scanning for security vulnerabilities
Patch management: Prompt application of security patches and updates

Organizational Security

Security training: All employees receive regular security and privacy training
Background checks: Background checks for employees with data access
Incident response plan: Documented procedures for responding to security incidents
Data breach notification: Procedures for notifying affected users and authorities in case of breaches
Vendor security assessments: All service providers must meet our security standards

5.3 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

Investigate: Promptly investigate the incident and contain the breach
Notify you: Notify affected users via email within 72 hours of discovering the breach
Notify authorities: Report the breach to relevant data protection authorities as required by law
Remediate: Take steps to prevent future breaches
Transparency: Provide information about what data was affected and what actions you should take

5.4 Your Security Responsibilities

You are responsible for:

Strong passwords: Use a strong, unique password for your MUSE account
Account security: Keep your login credentials confidential
Multi-factor authentication: Enable MFA for added security
Suspicious activity: Report any unauthorized access or suspicious activity immediately to admin@museai.im
Phishing awareness: Be cautious of phishing emails claiming to be from MUSE; we will never ask for your password via email

5.5 Limitations

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from circumstances beyond our control (e.g., your failure to protect your password, attacks that bypass current security technology).

6. YOUR PRIVACY RIGHTS

Depending on your location, you have various rights regarding your personal information.

6.1 Rights for All Users

Regardless of your location, you have the following rights:

Access and Portability

Access: View and access your personal information through your Account settings
Data export: Download a copy of your data in a machine-readable format (JSON, CSV)

Request export by emailing admin@museai.im with "Data Export Request"
We will provide the export within 30 days

Correction

Update information: Correct or update your account information through Account settings
Request corrections: Email admin@museai.im to request corrections to data you cannot edit yourself

Deletion

Delete content: Delete individual documents, conversations, and files anytime
Delete account: Close your account and request full data deletion

Go to Account Settings > Delete Account, or
Email admin@museai.im with "Account Deletion Request"
We will delete your data within 30 days (90 days for backups)

Opt-Out

Marketing emails: Unsubscribe using the link in any promotional email
Cookies: Manage cookie preferences through browser settings (see Section 7)
Analytics: Opt out of analytics tracking through Account settings

6.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). See Section 12 for details.

6.3 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). See Section 13 for details.

6.4 Singapore Privacy Rights (PDPA)

If you are located in Singapore, you have rights under the Personal Data Protection Act (PDPA). See Section 14 for details.

6.5 How to Exercise Your Rights

To exercise any of the above rights:

Email: admin@museai.im
Subject Line: Include the type of request (e.g., "Data Export Request," "Account Deletion Request")
Information to Include:

Your full name
Email address associated with your account
Description of your request
Verification information (we may ask for additional verification to protect your privacy)

Response Time: We will respond to your request within 30 days (45 days for complex requests).

No Discrimination: We will not discriminate against you for exercising your privacy rights. You will not be denied service or charged different prices for asserting your rights.

6.6 Verification

To protect your privacy, we may require verification of your identity before fulfilling data requests. Verification may include:

Confirming email address associated with the account
Answering security questions
Providing additional identification documents (in exceptional cases)

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website or use an app. They help the Services recognize your device and remember information about your visit.

7.2 Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the Services to function and cannot be disabled:

Session cookies: Maintain your logged-in state
Authentication tokens: Verify your identity
Security cookies: Detect fraudulent activity and protect your account
Load balancing cookies: Distribute server load for performance

Performance and Analytics Cookies

These cookies help us understand how users interact with the Services:

Usage analytics: Track which features are used and how often
Error tracking: Detect and diagnose technical issues
Performance monitoring: Measure page load times and responsiveness
A/B testing: Test new features with user segments

Providers: Google Analytics, Mixpanel, Amplitude, Sentry

Opt-Out: You can opt out through Account settings or browser settings.

Functional Cookies

These cookies remember your preferences and choices:

Language preferences: Remember your selected language
Timezone settings: Store your timezone for time-sensitive features
Display preferences: Remember theme, layout, or customization choices
Recently viewed: Track recently accessed documents or features

Targeting and Advertising Cookies

We do NOT use third-party advertising cookies on the Services. We do not track you across other websites for advertising purposes.

7.3 Third-Party Cookies

Third-party services we integrate may set their own cookies:

Google Analytics: Analytics tracking (can be blocked with browser extensions)
Payment processors: Fraud detection cookies (Stripe, PayPal)
Support chat: If you use live chat support (Zendesk, Intercom)

These third parties have their own privacy policies governing their use of cookies.

7.4 Managing Cookies

You can control cookies through:

Browser Settings:

Most browsers allow you to block or delete cookies
Visit your browser's help section for instructions
Note: Blocking essential cookies will prevent you from using the Services

Account Settings:

You can disable optional analytics cookies in your MUSE Account settings

Browser Extensions:

Privacy extensions like Privacy Badger or uBlock Origin can block tracking cookies

Do Not Track:

We honor "Do Not Track" browser signals where technically feasible

7.5 Other Tracking Technologies

Web Beacons (Pixel Tags):

Small invisible images embedded in emails or web pages
Used to track email opens and page views
Can be blocked by disabling images in emails

Local Storage:

HTML5 local storage for client-side data caching
Used to improve performance and offline functionality
Can be cleared through browser settings

Mobile App Tracking:

Mobile device identifiers (advertising ID, device ID)
Can be reset or limited through device settings (iOS: Limit Ad Tracking; Android: Opt Out of Ads Personalization)

8. THIRD-PARTY SERVICES AND INTEGRATIONS

8.1 Third-Party Integrations

MUSE integrates with various third-party services to enhance functionality. When you connect an integration, you authorize MUSE to access certain data from that service.

Available Integrations:

Google Workspace (Drive, Docs, Sheets, Gmail, Calendar): Access and process files, emails, and calendar events
Microsoft 365 (OneDrive, Outlook, Word, Excel): Access and process files and emails
GitHub: Access repositories, code files, and project data
Notion: Access pages, databases, and workspace content
Other integrations: May be added over time

Data Access:

When you connect an integration:

You are redirected to the third-party service to authorize access
You can control what data MUSE can access
MUSE receives an access token to retrieve data on your behalf
You can revoke access at any time through Account settings or the third-party service

Data Usage:

Data accessed from integrations is used to:

Provide the Services (e.g., edit a Google Doc, analyze a GitHub repository)
Generate AI responses based on the integrated content
Sync data between the Services and the integration

Data from integrations is subject to the same privacy protections as data you upload directly.

8.2 Third-Party AI Providers

MUSE uses AI models from third-party providers:

Providers:

OpenAI (GPT models)
Anthropic (Claude models)
Google (Gemini models)
Stability AI (Image generation)
Others as we add capabilities

Data Sharing:

When you use AI features:

Your prompts and content are sent to the AI provider to generate responses
AI providers process data in real-time and do not permanently store your content (except for limited abuse detection and legal compliance as permitted by their terms)
Responses are returned to MUSE and stored in your account

AI Provider Policies:

Your use of AI features is subject to the third-party AI provider's terms and privacy policies:

OpenAI: https://openai.com/policies/privacy-policy
Anthropic: https://www.anthropic.com/privacy
Google: https://policies.google.com/privacy

We select AI providers with strong privacy commitments, but we do not control their data practices.

8.3 Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to read their privacy policies before providing any information.

8.4 Social Media Features

The Services may include social media features (e.g., "Share on Twitter" buttons). These features may collect your IP address and set cookies. They are governed by the privacy policies of the respective social media platforms.

9. AI TRAINING AND MODEL IMPROVEMENT

9.1 Our AI Training Policy

WE DO NOT USE YOUR PRIVATE CONTENT TO TRAIN AI MODELS WITHOUT YOUR EXPLICIT CONSENT.

This is a core privacy commitment. Specifically:

What We Do NOT Use for Training:

Your documents and files
Your conversations with the AI
Your prompts and questions
Your AI-generated content
Any content in your account marked as private

What We MAY Use for Training (Only with Your Consent):

If you explicitly opt in to our AI Improvement Program:

De-identified conversations (with personally identifiable information removed)
Aggregated usage patterns
Feedback you provide on AI responses

Opt-In Only: Participation in the AI Improvement Program is entirely optional. You can:

Choose whether to participate during account creation
Change your preference anytime in Account settings
Withdraw consent at any time (future data will not be used; past data already used cannot be retrieved)

How We Use Training Data (If You Opt In):

Improve the accuracy and relevance of AI responses
Reduce biases and errors in AI outputs
Develop new features and capabilities
Research and development

9.2 Anonymization and De-Identification

If you opt in to the AI Improvement Program, we take steps to protect your privacy:

Remove personal information: Names, email addresses, phone numbers, addresses removed
Remove unique identifiers: Account IDs, user IDs, and other identifiers removed
Aggregate data: Combine data from many users so individual users cannot be identified
Review: Human review to ensure no identifying information remains

9.3 Third-Party AI Provider Training

Third-party AI providers (OpenAI, Anthropic, Google) have their own policies regarding AI training:

OpenAI: As of our last review, OpenAI does not use API data (data sent through their API, which is how MUSE uses their models) to train their models, except for limited abuse and misuse detection. Check their current policy at https://openai.com/policies/privacy-policy.

Anthropic: Anthropic has committed to not using customer data to train their models without explicit permission. Check their current policy at https://www.anthropic.com/privacy.

Google: Google's AI services have varying policies. We use Google services that do not use customer data for training. Check their current policy at https://policies.google.com/privacy.

We select AI providers with strong privacy commitments, but we do not control their practices. Please review their policies directly for the most up-to-date information.

9.4 Research and Development

We may use anonymized, aggregated data (that cannot identify you) for:

Internal research and development
Product improvement and feature development
Industry research and publications
Business analytics and reporting

This anonymized data is not considered personal information and is not subject to your consent or deletion requests.

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

The Services are intended for users who are at least 13 years of age. We do not knowingly collect personal information from children under 13.

If you are under 13, do not use the Services or provide any personal information.

10.2 Parental Consent (Ages 13-18)

If you are between 13 and 18 years old (or the age of legal majority in your jurisdiction):

You may only use the Services under the supervision of a parent or legal guardian
Your parent or guardian must agree to these Terms and this Privacy Policy on your behalf
Your parent or guardian is responsible for your use of the Services

10.3 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided personal information to MUSE:

Contact us immediately at admin@museai.im
We will delete the child's account and personal information within 30 days
We will take steps to prevent the child from re-registering

10.4 COPPA Compliance (United States)

We comply with the U.S. Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 without verifiable parental consent.

10.5 Content Restrictions

Users under 18:

May not upload images of themselves or others under 18
May not create or share content inappropriate for their age
Are subject to additional content restrictions to protect minors

11. INTERNATIONAL DATA TRANSFERS

11.1 Cross-Border Data Transfers

MUSE operates globally and may transfer your personal information across international borders, including:

From your location to:

Singapore: Where MUSE is headquartered and primary operations occur
United States: Where many of our service providers and AI providers are located
European Union: Where some infrastructure and services are located

11.2 Adequacy Decisions and Safeguards

When transferring data internationally, we rely on legal mechanisms recognized under applicable laws:

For Transfers from the EU/EEA:

Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with service providers
Adequacy Decisions: We rely on adequacy decisions where the European Commission has determined that a country provides adequate data protection (e.g., Singapore for certain data types)

For Transfers from the UK:

UK Standard Contractual Clauses: We use UK-approved SCCs
UK Adequacy Decisions: We rely on UK adequacy decisions

For Transfers from Singapore:

Transfers to countries with similar data protection laws: Where permitted under PDPA
Contractual protections: We enter into data transfer agreements with service providers

11.3 Data Localization

Where required by law, we store certain data locally:

Singapore residents: Primary data storage in Singapore (with encrypted backups globally)
EU residents: Primary data storage in EU data centers where required
Other jurisdictions: We comply with local data localization laws

11.4 Your Rights Regarding International Transfers

You have the right to:

Request information about where your data is stored and transferred
Object to international data transfers (subject to our ability to provide the Services)
Request a copy of the safeguards we use for international transfers (e.g., SCCs)

Contact admin@museai.im for information about data transfers.

12. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

12.1 Categories of Personal Information We Collect

As described in Section 1, we collect the following categories of personal information:

Identifiers: Name, email address, account credentials, IP address, device IDs
Commercial information: Subscription details, purchase history, payment information
Internet activity: Browsing history on the Services, usage data, interactions
Geolocation data: Approximate location based on IP address
Professional information: Job title, industry (if provided)
User-generated content: Documents, conversations, AI-generated content
Inferences: Preferences and characteristics derived from usage patterns

12.2 Business and Commercial Purposes

We collect and use personal information for the purposes described in Section 2, including:

Providing the Services
Improving and developing the Services
Security and fraud prevention
Legal compliance
Communications

12.3 Categories of Third Parties We Share With

As described in Section 3, we share personal information with:

Service providers (cloud hosting, AI providers, payment processors, analytics)
Law enforcement and government authorities (when legally required)
Business transaction parties (in case of merger or acquisition)

12.4 Sale and Sharing of Personal Information

We do NOT sell your personal information.

We do NOT share your personal information for cross-context behavioral advertising.

For purposes of CCPA/CPRA:

"Sale" means disclosing personal information for monetary or other valuable consideration
"Sharing" means disclosing personal information for cross-context behavioral advertising

We have not sold or shared personal information in the past 12 months and do not intend to in the future.

12.5 Sensitive Personal Information

Under CCPA/CPRA, "sensitive personal information" includes account passwords, precise geolocation, and certain other categories.

We do NOT use or disclose sensitive personal information for purposes other than providing the Services and as permitted by CCPA/CPRA.

You have the right to limit the use of sensitive personal information, but because we do not use it for additional purposes, exercising this right would have no practical effect.

12.6 Your California Privacy Rights

As a California resident, you have the following rights:

Right to Know

You can request information about the personal information we collected, used, disclosed, or sold about you in the past 12 months, including:

Categories of personal information collected
Sources of personal information
Business purposes for collection
Categories of third parties we shared with
Specific pieces of personal information collected about you

Right to Delete

You can request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, security purposes).

Right to Correct

You can request correction of inaccurate personal information.

Right to Opt-Out

You can opt out of the sale or sharing of your personal information. (Note: We do not sell or share personal information.)

Right to Limit Use of Sensitive Personal Information

You can limit the use of sensitive personal information. (Note: We only use it for permitted purposes.)

Right to Non-Discrimination

You have the right not to be discriminated against for exercising your privacy rights. We will not:

Deny goods or services
Charge different prices or rates
Provide a different level of quality
Suggest you will receive a different price or quality

12.7 How to Exercise Your Rights

Email: admin@museai.im
Subject: "California Privacy Rights Request"
Include:

Your name and email address associated with your account
Description of your request (e.g., "Right to Know," "Right to Delete")

Authorized Agent:

You may designate an authorized agent to make requests on your behalf. The authorized agent must:

Provide written authorization signed by you
Verify their own identity
Provide proof of authorization

Verification:

We will verify your identity before responding to requests:

We may ask you to confirm your email address
We may ask you to provide additional information matching our records
For sensitive requests (e.g., deletion), we may require additional verification

Response Time:

We will respond to verified requests within 45 days (may be extended by an additional 45 days for complex requests, with notice).

12.8 California Shine the Light Law

Under California Civil Code Section 1798.83, California residents can request information about disclosure of personal information to third parties for their direct marketing purposes.

We do NOT disclose your personal information to third parties for their direct marketing purposes.

12.9 California Minors

If you are a California resident under 18 and have registered for an account:

You can request removal of content you posted publicly
Email admin@museai.im with "California Minor Content Removal Request"
Note: Removal may not be complete if the content was shared or reposted by others

13. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with specific rights.

13.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance:

To provide the Services you requested
To process payments and manage subscriptions
Legal basis: Processing necessary to perform our contract with you (Terms of Service)

Legitimate Interests:

To improve and develop the Services
To ensure security and prevent fraud
To conduct analytics and research
To communicate with you about the Services
Legal basis: Our legitimate interests (and those of our users) in providing, improving, and securing the Services

We balance our interests against your privacy rights and do not process your data for legitimate interests where your rights override our interests.

Legal Compliance:

To comply with legal obligations
To respond to lawful government requests
Legal basis: Compliance with legal obligations under EU or member state law

Consent:

To send marketing communications (you can withdraw consent anytime)
For optional data uses (e.g., AI Improvement Program)
Legal basis: Your explicit consent, which you can withdraw at any time

13.2 Your GDPR Rights

As an EEA, UK, or Swiss resident, you have the following rights:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data and information about the processing.

Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data about you.

Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data in certain circumstances:

The data is no longer necessary for the purposes for which it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing based on legitimate interests and there are no overriding legitimate grounds
The data was unlawfully processed
The data must be erased for compliance with a legal obligation

Exceptions apply where we need to retain data for legal compliance, establishment of legal claims, or other specified reasons.

Right to Restriction of Processing (Article 18)

You have the right to restrict processing of your personal data in certain circumstances:

You contest the accuracy of the data (restriction until we verify accuracy)
Processing is unlawful but you prefer restriction instead of erasure
We no longer need the data but you need it for legal claims
You have objected to processing and we are verifying whether our grounds override yours

Right to Data Portability (Article 20)

You have the right to receive personal data you provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller, where:

Processing is based on consent or contract
Processing is carried out by automated means

We provide data export functionality in Account settings (JSON, CSV formats).

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes:

Direct marketing: You can object at any time, and we will stop processing for that purpose
Legitimate interests: You can object on grounds relating to your particular situation, and we will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms

Right to Withdraw Consent (Article 7(3))

Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority in the EU member state of:

Your habitual residence
Your place of work
The place of the alleged infringement

EU Supervisory Authorities: https://edpb.europa.eu/about-edpb/board/members_en
UK Information Commissioner's Office (ICO): https://ico.org.uk
Swiss Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch

We encourage you to contact us first so we can address your concerns.

13.3 How to Exercise Your GDPR Rights

Email: admin@museai.im
Subject: "GDPR Rights Request"
Include:

Your name and email address
The right you wish to exercise
Description of your request

Response Time: We will respond within one month (may be extended by two additional months for complex requests, with notice).

No Fee: We will not charge a fee for exercising your rights unless your request is manifestly unfounded or excessive.

13.4 Data Protection Officer

You can contact our Data Protection Officer (DPO) at:

Email: dpo@museai.im
Mail: Data Protection Officer, MUSEPULSE TECHNOLOGIES PTE. LTD., 6 RAFFLES QUAY, #14-02, SINGAPORE 048580

13.5 Representative in the EU

If required by GDPR, we will appoint an EU representative. Contact information will be provided here when applicable.

13.6 Automated Decision-Making and Profiling

We do NOT use your personal data for automated decision-making that produces legal effects or similarly significantly affects you, including:

Automated credit decisions
Automated employment decisions
Automated insurance underwriting

We may use automated processing for:

Personalization of the Services (non-significant effects)
Spam and abuse detection (necessary for security)
Usage analytics (no individual decisions)

You have the right to object to profiling and request human review of automated decisions where they significantly affect you.

14. SINGAPORE PERSONAL DATA PROTECTION

If you are located in Singapore, the Personal Data Protection Act (PDPA) provides you with specific rights.

14.1 Consent

We collect, use, and disclose your personal data with your consent, except where permitted by law without consent (e.g., legal obligations, legitimate interests as defined by PDPA).

By using the Services, you consent to the collection, use, and disclosure of your personal data as described in this Privacy Policy.

You may withdraw consent by contacting admin@museai.im. Note that withdrawal may affect our ability to provide the Services.

14.2 Purpose Limitation

We collect personal data for the purposes described in Section 2 and will not use your data for other purposes without your consent or as permitted by law.

14.3 Notification Obligations

We will notify you of the purposes for which we collect, use, or disclose your personal data at or before the time of collection, or as soon as practicable.

14.4 Access and Correction Rights

Under PDPA, you have the right to:

Request access to your personal data held by us
Request correction of inaccurate or incomplete personal data

To exercise these rights, contact admin@museai.im with "PDPA Access Request" or "PDPA Correction Request."

Response Time: We will respond within 30 days.

Fees: We may charge a reasonable fee for access requests to cover administrative costs.

Denial: We may deny your request in certain circumstances permitted by PDPA (e.g., legal privilege, ongoing investigation). We will provide reasons for denial.

14.5 Data Protection Officer (Singapore)

You can contact our Singapore DPO at:

Email: dpo@museai.im
Mail: Data Protection Officer, MUSEPULSE TECHNOLOGIES PTE. LTD., 6 RAFFLES QUAY, #14-02, SINGAPORE 048580

14.6 Personal Data Protection Commission (PDPC)

If you have concerns about our data protection practices, you may contact the Personal Data Protection Commission of Singapore:

Website: https://www.pdpc.gov.sg
Email: info@pdpc.gov.sg

15. CHANGES TO THIS PRIVACY POLICY

15.1 Updates and Modifications

We may update this Privacy Policy from time to time to reflect:

Changes in our data practices
New features or Services
Changes in applicable laws
Feedback from users or regulators

15.2 Notice of Changes

When we make changes, we will:

Update the "Last Updated" date at the top of this Privacy Policy
Post the updated Privacy Policy on the Services
Notify you via email if the changes are material (at the email address associated with your account)
Display a prominent notice on the Services for material changes

Material changes will take effect 30 days after notice, except:

Changes required by law (may take effect immediately)
Changes that benefit you (may take effect immediately)

15.3 Your Acceptance

By continuing to use the Services after changes take effect, you accept the updated Privacy Policy. If you do not agree to the changes, you should stop using the Services and close your account.

15.4 Prior Versions

We maintain prior versions of our Privacy Policy for your reference. You can request previous versions by emailing admin@museai.im.

16. CONTACT US AND DATA PROTECTION OFFICER

16.1 General Privacy Inquiries

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: admin@museai.im (Subject: "Privacy Inquiry")
Mail: Privacy Team, MUSEPULSE TECHNOLOGIES PTE. LTD., 6 RAFFLES QUAY, #14-02, SINGAPORE 048580

16.2 Data Protection Officer

For data protection matters, GDPR inquiries, or PDPA inquiries:

Email: dpo@museai.im
Mail: Data Protection Officer, MUSEPULSE TECHNOLOGIES PTE. LTD., 6 RAFFLES QUAY, #14-02, SINGAPORE 048580

16.3 Technical Support

For account issues or technical support:

Email: tech@museai.im

16.4 Response Time

We will respond to privacy inquiries within:

General inquiries: 5-10 business days
Data requests (access, deletion, etc.): 30 days (45 days for complex requests)
GDPR requests: 1 month (may be extended by 2 months for complex requests)

16.5 Complaints

If you have a complaint about our privacy practices:

Contact us first: We will work to resolve your concern
Supervisory authority: You can lodge a complaint with your local data protection authority:

EU/EEA/UK: See Section 13.2 for supervisory authority contact information
Singapore: Contact the Personal Data Protection Commission (https://www.pdpc.gov.sg)
California: Contact the California Attorney General (https://oag.ca.gov/privacy)

END OF PRIVACY POLICY

Last Updated: April 16, 2026 | Effective Date: April 16, 2026 | Version: 1.0

Company: MUSEPULSE TECHNOLOGIES PTE. LTD. | Registration: Singapore | Website: https://museai.im

Email: admin@museai.im | Address: 6 RAFFLES QUAY, #14-02, SINGAPORE 048580