Muse Privacy Policy
Last Updated: July 16, 2026
1. Introduction
Welcome to Muse ("we," "our," or "us"). Muse is a social discovery and dating platform that helps users find like-minded people through music — both within the app and at live music events. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and App Clip.
By using Muse, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our application.
2. Information We Collect
2.1 Personal Information You Provide
We collect information that you voluntarily provide to us when you:
- Create an Account: Name, age, date of birth, email address (optional). Note: Name and age are permanent and cannot be changed after account creation for safety and identity verification purposes.
- Build Your Profile: Profile photos, biography, gender identity, sexual orientation, ethnicity, height, political and religious beliefs.
- Capture Event Selfies: When you attend a live event, the front-camera selfies and any optional captions you choose to post to that event's photo wall (see Section 2.7).
- Complete Prompts: Text responses to profile prompts and selected songs for prompt responses
- Use Communication Features: Messages sent to matched users, likes, comments, and feedback
- Provide Invite Codes: Invite codes you create or redeem
2.2 Information Collected Automatically
- Location Data: We collect your precise location (with your permission) for two purposes: (1) to match you with nearby users, and (2) to confirm you are physically at a live event venue when you check in ("geofencing"). For matching, you can update your location manually at any time from Settings, and we only show your distance to other users — never your exact coordinates. For event check-in, your device location is used momentarily to confirm you are within the venue area and is then discarded; we store only a "verified at venue" indicator, never your event coordinates.
- Device Information: Device type, operating system version, unique device identifiers, mobile network information
- Device Integrity Signals: We use Apple's App Attest / DeviceCheck to generate a device attestation that helps us prevent bots, fake accounts, and abuse. It is used for security and does not personally identify you.
- Usage Data: App interactions, features used, time spent in the app, cards viewed, matches made
- In-App Music Playback: Songs you choose to play within the Muse app (for our "Top Tracks of the Day" and "Recently Played" carousel features)
2.3 Spotify Integration - Important Clarifications
What We DO Collect:
- Basic Spotify account authentication (to verify you have a Spotify account)
- Playback events when you play songs through Spotify while using Muse
- OAuth tokens to enable Spotify integration and playback control
What We DO NOT Collect:
- ❌ Your Spotify listening history outside of Muse
- ❌ Your saved playlists or libraries from Spotify
- ❌ Your top artists or tracks from Spotify's servers
- ❌ Your Spotify followers or who you follow
- ❌ Your personal Spotify data beyond basic authentication
Technical Detail: We use the Spotify iOS SDK to integrate with Spotify's player. When you play music through Spotify while using Muse, we receive and store playback events from the SDK. This data powers your "Recently Played" carousel (visible on your profile to matches) and our "Top Tracks of the Day" feature (showing what Muse users are listening to in aggregate). We do not use Spotify's Web API to access your personal listening history, saved playlists, or other account data outside of active playback within Muse.
2.4 Information from Third Parties
- Apple Sign In: If you sign in with Apple, we receive your name and email (if you choose to share it)
2.5 Information We Do NOT Collect
- ❌ Microphone or audio recordings (we don't request microphone access)
- ❌ Video recordings (we capture still photos only — event-wall selfies and the photos you choose for your profile — never video)
- ❌ Contacts from your address book
- ❌ Browsing history outside of Muse
- ❌ Health or fitness data
2.6 Sensitive Information and User Control
Some profile fields may include information considered sensitive under certain privacy laws (such as ethnicity). Please note:
- Optional: All profile fields are completely optional to fill out
- User-Controlled Visibility: You have full control over which profile information is shown publicly to other users
- No Requirement: You can use Muse without providing any sensitive personal information
- Edit Anytime: You can update or remove most profile information at any time from Settings. Name and age cannot be changed after account creation for safety and verification purposes
2.7 Event Participation & Photo Walls
Muse hosts experiences at live music events. When you take part in an event, we collect:
- Check-In: When you scan an event QR code, your device location is used momentarily to confirm you are at the venue (see Section 2.2). We store only that you checked in — not your coordinates.
- Event Selfies & Captions: Front-camera photos and any optional caption you choose to post to an event's photo wall.
- Wall Interactions: Likes and views on event photos.
Public by design: Photos you post to an event wall are visible to other attendees viewing that event's wall — they are not limited to your matches. You can delete a photo you posted at any time.
Automated content moderation: To keep walls safe, every photo is automatically screened by an image-classification system before it appears. This system analyzes image content to detect policy-violating material; it is not facial recognition and does not identify individuals. Photos that fail screening are rejected and never published.
Event photos are stored using Cloudflare R2 object storage (see Section 4.2).
2.8 Anonymous Event Accounts (App Clip)
You can preview a live event and post to its photo wall through the Muse App Clip without first creating a full account. When you do, we automatically create an anonymous account so you can check in and post. Tied to an anonymous account are your event selfie(s) and caption, your check-in, your wall interactions, and a device-integrity attestation (Section 2.2). An anonymous account contains no name, date of birth, or gender.
If you later download the full Muse app on the same device, your anonymous account and its event activity are carried over so you keep the same identity. If you never convert to a full account, we automatically delete unclaimed anonymous accounts and their photos after a retention period (currently 31 days). See Section 5.3.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Core App Functionality
- Create and manage your account
- Display your profile to other users based on matching preferences
- Match you with compatible users based on location, preferences, and music taste
- Enable communication between matched users
- Power discovery features like Main Discovery, Music Feed, and Live Mode
- Power live-event experiences, including event check-in and photo walls
- Show daily "Top Tracks" based on what Muse users are playing in-app
3.2 Personalization & Recommendations
- Suggest compatible matches based on your preferences and music taste
- Show relevant content in your Music Feed
- Provide music-based insights (if applicable)
- Customize your experience based on your settings
3.3 Safety & Security
- Detect and prevent fraud, abuse, spam, and violations of our Terms of Service
- Automatically screen user-generated content — the text you write (your bio and profile prompts), your profile photos, and event-wall photos — for policy-violating material before it is published
- Verify device integrity (App Attest) to prevent bots and duplicate accounts
- Process and respond to user reports and blocking
- Maintain the security and integrity of our platform
3.4 Communication
- Send you push notifications about new matches, likes, and messages (you can opt out)
- Respond to your support requests and feedback
- Send important service updates and policy changes
3.5 Analytics & Improvement
- Analyze usage patterns to improve app performance and user experience
- Test new features and functionality
- Understand which features are most valuable to users
- Fix bugs and technical issues
3.6 Legal & Compliance
- Comply with legal obligations and law enforcement requests
- Enforce our Terms of Service and Community Guidelines
- Protect our rights, property, and safety, and that of our users
4. How We Share Your Information
4.1 With Other Muse Users
Your profile information is visible to other users for the purpose of matching and connection. What other users can see includes:
- Always Visible: Name, age, profile photos, biography, prompts, and music selections
- Approximate Distance: Your approximate distance from other users (e.g., "5 miles away"). We never show your exact location coordinates or address
- Optional Visibility (Your Control): You can choose to show or hide additional profile information including school, work/occupation, education, religion, ethnicity, political views, and other lifestyle preferences using visibility toggles in Settings
- Event Walls: Photos you post to a live event's wall are visible to other attendees viewing that event
You have full control over which optional profile fields are visible to others. Required fields (name, age, photos) cannot be hidden while actively using the app.
4.2 Service Providers & Third-Party Data Processors
We share information with trusted third-party service providers who help us operate Muse. Below is a detailed list of each processor, the data shared, and the purpose:
- Supabase: Backend infrastructure — stores all user profile data, messages, matches, and app data in secure, encrypted databases. Supabase Privacy Policy
- Cloudflare: CDN, serverless worker, and object storage. Processes API request metadata and stores your profile pictures and event-wall selfies in Cloudflare R2 object storage. Cloudflare Privacy Policy
- OpenAI: Automated content moderation. When you save a bio, a profile prompt, a profile photo, or an event-wall selfie, that content is sent to OpenAI's Moderation API to screen it for policy-violating material (such as hate, harassment, threats, self-harm, or sexual content involving minors) before it is published. OpenAI processes the content only to return a safety classification and, under its API data-usage policy, does not use content submitted through the API to train its models. OpenAI does not receive your messages, your Spotify data, or other profile information. OpenAI Privacy Policy · Usage Policies
- OneSignal: Push notification service — receives device tokens and user IDs for notification delivery. Does not receive profile data or messages. OneSignal Privacy Policy
- PostHog: Analytics service — collects usage data (screen views, feature interactions) linked to user identity for product improvement. Not used for cross-app tracking or advertising. PostHog Privacy Policy
- RevenueCat: Subscription management — processes purchase data and subscription status linked to user ID for managing in-app purchases and subscriptions. Does not receive profile data or messages. RevenueCat Privacy Policy
- Spotify: Music integration — Muse receives OAuth access tokens and playback state data to enable music features. Muse does not store Spotify credentials. Spotify does not receive your personal Muse data beyond OAuth authentication. Spotify Privacy Policy
- Apple: Sign in with Apple (an identity token and, if you choose to share it, your name and email), App Attest / DeviceCheck (device attestation for anti-fraud), and the Apple Push Notification service (notification delivery). Apple Privacy Policy
- Resend: Transactional email delivery — receives your email address and a one-time verification code when you verify a school (.edu) email. Resend Privacy Policy
- Vercel: Hosting for our web properties, including the business/organizer portal. Vercel Privacy Policy
- Google: Used for organizer sign-in (Google OAuth) on our business portal and to serve fonts on our websites (Google Fonts). Google Privacy Policy
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, law enforcement).
4.4 Business Transfers
If Muse is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the app before your information is transferred and becomes subject to a different privacy policy.
4.5 What We DO NOT Do
- ❌ We DO NOT sell your personal information to third parties
- ❌ We DO NOT share your data with advertisers or data brokers
- ❌ We DO NOT use your data for advertising targeting outside of Muse
- ❌ We DO NOT share your Spotify listening data with anyone
5. Data Storage & Security
5.1 Where Your Data is Stored
Your data is stored securely in Supabase's cloud infrastructure, which uses industry-standard encryption both in transit (HTTPS/TLS) and at rest (AES-256). Database servers are located in secure data centers with physical and digital access controls.
5.2 Security Measures
- Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
- Authentication: Industry-standard JWT (JSON Web Token) authentication with secure token storage
- Access Controls: Strict row-level security (RLS) policies ensure users can only access data they're authorized to see
- Password Protection: Passwords are hashed using bcrypt before storage
- Secure Token Storage: OAuth tokens stored in iOS Keychain (device-level encryption)
- Regular Security Audits: Ongoing monitoring and security assessments
5.3 Data Retention
- Active Accounts: We retain your information for as long as your account is active
- Deleted Accounts: When you delete your account, we permanently delete your personal data — including your profile information, messages, and the photos you have posted (profile pictures and event-wall selfies). Limited records may be retained only as described below.
- Unclaimed Anonymous Accounts: Anonymous accounts created through the App Clip that are never converted to a full account, together with their event photos, are automatically deleted after a retention period (currently 31 days).
- Reported Users: If your account is reported for violating our Terms of Service or Community Guidelines, we may retain chat history and relevant account information for moderation, safety review, and ban assessment purposes
- Content Moderation Records: When content you submit is blocked by our automated moderation, we keep a limited record of the event — a short excerpt of the blocked text or a reference to the blocked image, plus the reason — for safety, abuse-prevention, and review purposes
- Analytics Data: Aggregated, anonymized usage data (with no personal identifiers) may be retained indefinitely for analytics purposes
- Backup Systems: Data may persist in backup systems for up to 30 days after deletion but is not accessible or used
6. Your Privacy Rights & Choices
6.1 Account Information
- Access: View and update your profile information any time in Settings
- Correction: Edit any incorrect information directly in the app
- Deletion: Delete your account permanently from Settings → Account → Delete Account
6.2 Location
- Grant or revoke location permissions in iOS Settings → Muse → Location
- Update your location manually anytime from within the app
- Your exact coordinates are never shared
6.3 Spotify Connection
- Disconnect your Spotify account anytime from Settings
- Revoke Muse's Spotify access at spotify.com/account/apps
- Disconnecting Spotify removes music playback features but does not delete your Muse account
6.4 Communications
- Manage push notification preferences in iOS Settings → Muse → Notifications
- Turn all notifications on or off at the system level
6.5 Your Data Rights
You have the right to:
- Access: Request a copy of all personal data we have about you
- Portability: Receive your data in a machine-readable format (JSON)
- Deletion: Request complete deletion of your personal data
- Rectification: Correct inaccurate or incomplete data
- Object: Object to certain types of data processing
- Restrict: Request restriction of processing in certain circumstances
To exercise these rights, email us at privacy@museapp.co with your request. We will respond within 30 days.
6.6 California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information held by businesses
- Right to opt-out of sale of personal information (Note: Muse does not sell personal information)
- Right to non-discrimination for exercising CCPA rights
6.7 Canadian Privacy Rights (PIPEDA / Québec Law 25)
If you are in Canada, you have the right to access and correct your personal information, to withdraw consent (subject to legal or contractual restrictions), and to data portability. You may file a complaint with the Office of the Privacy Commissioner of Canada or, if you are in Québec, the Commission d'accès à l'information du Québec. Our Privacy Officer (Section 12) is your point of contact for these requests.
6.8 Mexican Privacy Rights (LFPDPPP — ARCO)
If you are in Mexico, you may exercise your ARCO rights — Access, Rectification, Cancellation, and Opposition — with respect to your personal data, and you may revoke consent or limit the use or disclosure of your data. This Privacy Policy serves as your privacy notice (aviso de privacidad). To exercise these rights, contact our Privacy Officer at privacy@museapp.co.
7. Children's Privacy
Muse is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If we discover that a user under 18 has provided us with personal information, we will immediately delete that account and all associated data.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@museapp.co.
8. International Data Transfers
Muse is offered in the United States, Canada, and Mexico. Your information is stored and processed in the United States, so if you use Muse from Canada or Mexico your information is transferred to and processed in the U.S., which may have different data protection laws than your country of residence.
We take appropriate safeguards to ensure your personal data remains protected in accordance with this Privacy Policy, including:
- Using secure, encrypted connections for all data transfers
- Partnering with service providers that comply with applicable data protection laws
- Implementing contractual protections for international data transfers
9. Third-Party Links & Services
Muse may contain links to third-party websites or services (e.g., Spotify). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information to them.
Spotify: Your use of Spotify's services is governed by Spotify's Privacy Policy, available at spotify.com/legal/privacy-policy.
10. Analytics & Cookies
10.1 Analytics
We use internal analytics to understand how users interact with Muse. This helps us improve features and fix bugs. All analytics data is anonymized and aggregated—we don't track individual user behavior for advertising purposes.
10.2 Cookies & Similar Technologies
Muse uses local storage and device preferences (UserDefaults on iOS) to:
- Remember your preferences and settings
- Keep you logged in
- Cache data for better performance
We do not use cookies for cross-site tracking or advertising.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you through the app or via email for significant changes
- Request your consent if required by law
We encourage you to review this Privacy Policy periodically. Your continued use of Muse after changes are posted constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Officer: privacy@museapp.co
Support: support@museapp.co
General Inquiries: hello@museapp.co
Muse Labs Inc. has designated a Privacy Officer accountable for its handling of personal information (including for the purposes of Québec's Law 25 and Mexico's LFPDPPP). You can reach the Privacy Officer at the email above.
13. Additional Information for Specific Regions
13.1 California Residents
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers (name, email, device ID)
- Demographics (age, gender, location)
- Photos and visual information
- Internet activity (app usage, interactions)
- Geolocation data
We collect this information from you directly and automatically through your use of the app. We use and disclose this information for the business purposes described in Section 3.
We do not "sell" personal information as defined by CCPA.
13.2 Nevada Residents
Nevada residents may opt-out of the sale of personal information. Muse does not sell personal information as defined by Nevada law. If you have questions, contact us at privacy@museapp.co.
13.3 Canadian Residents
Accountability: Muse Labs Inc. is responsible for the personal information under its control and has designated a Privacy Officer (Section 12).
We process your information to provide the Muse service (contract), with your consent (for example, location), and for our legitimate interests (safety, fraud prevention, and product improvement). You may access or correct your information, withdraw consent subject to legal or contractual limits, and lodge a complaint with the Office of the Privacy Commissioner of Canada or, in Québec, the Commission d'accès à l'information. We retain data only as long as necessary for the purposes in this policy or as required by law.
13.4 Mexican Residents
This Privacy Policy constitutes our privacy notice (aviso de privacidad) under the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP). You may exercise your ARCO rights (Access, Rectification, Cancellation, Opposition), revoke your consent, and limit the use or disclosure of your data by contacting our Privacy Officer at privacy@museapp.co.