MUSEIN AI PRIVACY POLICY

1. Introduction and Scope of This Policy

Welcome to Musein AI! The musein.ai website, mobile applications, and associated AI-powered visual creation, animation, and multi-modal digital art engine (collectively, the “Services”) are provided and operated by MUSEIN AI PTE. LTD., a company registered in Singapore. In this Privacy Policy, MUSEIN AI PTE. LTD. is collectively referred to as “Musein AI,” “we,” “our,” or “us.”

We recognize that as an artificial intelligence platform, the trust you place in our handling of your data is paramount. We are steadfastly committed to protecting your privacy and ensuring that your personal information is processed transparently, securely, and in strict accordance with premier global data protection frameworks, including the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

This Privacy Policy comprehensively explains how Musein AI collects, uses, discloses, and safeguards your personal data when you interact with our Services. It further enumerates your statutory rights regarding your personal information and provides explicit instructions on how you may exercise those rights.

By accessing, registering for, or utilizing the Musein AI Services, you acknowledge that you have read, understood, and comprehend the data processing practices detailed in this Privacy Policy. If you fundamentally disagree with these practices, you must immediately discontinue your use of the Services.

2. Categories of Information We Collect

To engineer our sophisticated AI visual creation tools and fulfill our service obligations, Musein AI must process specific categories of personal information. We rigorously adhere to the principle of data minimization, collecting exclusively what is technologically and legally necessary for the specified operational purpose.

A. Information You Voluntarily Provide Directly to Us

• Account and Identity Information: Upon account registration, we collect your designated name, email address, password credentials, date of birth (strictly utilized for mandatory age verification and compliance with state-level minor protection laws), and profile metadata.
• User-Generated Content (UGC) and AI Prompt Inputs: As the core functionality of our Services, we collect the creative data you actively input into the Musein AI engine. This encompasses text prompts, reference images, audio files, video clips, parameter adjustments (e.g., cinematic controls, lighting environments), and structural 3D spatial manipulations.
• Payment and Financial Data: Should you subscribe to premium tiers or enterprise services, our PCI-compliant third-party payment processors collect essential billing details, transaction history, and truncated credit card information. Musein AI does not retain complete credit card numbers within our internal databases.
• Communications and Support: Information you voluntarily provide when initiating contact with our customer support teams, participating in the Musein AI creator community, or engaging with platform surveys.

B. Information Collected Automatically via Technical Means

• Device and Telemetry Data: Upon accessing the Services, our infrastructure automatically captures operational metadata. This includes your Internet Protocol (IP) address, device type, operating system version, unique mobile device identifiers (e.g., IDFA, AAID), browser specifications, and chronological navigation paths.
• Cookies and Tracking SDKs: We employ cookies, web beacons, and mobile Software Development Kits (SDKs) to authenticate your sessions, memorize your workspace preferences, and aggregate analytics regarding site traffic. You retain full autonomy to manage cookie preferences through your device settings or our integrated cookie consent manager.

C. Information Acquired from Third Parties

• Federated Authentication Partners: If you elect to authenticate your Musein AI account utilizing third-party Single Sign-On (SSO) services (e.g., Apple, Google), we receive basic profile parameters (such as your verified email address and public name) as explicitly authorized by your privacy settings with that specific provider.

3. Purpose and Lawful Basis for Processing Your Information

Musein AI processes your personal data to execute the following operational objectives. Where the GDPR applies, we base our processing activities on recognized lawful bases:

• Service Provision and Contractual Execution (Contractual Necessity): To instantiate and maintain your account, authenticate your identity, process financial transactions, and deliver the computational AI-generated visual outputs you specifically request.
• Generative AI Model Training and Product Enhancement (Legitimate Interest / Consent): We analyze anonymized and aggregated interaction metrics to enhance the stability, latency, and feature matrix of the Services. Subject to your explicit consent and our highly visible opt-out mechanisms (detailed thoroughly in Section 6), we may utilize your User-Generated Content (UGC) to train, fine-tune, and optimize our proprietary generative AI models.
• Platform Personalization (Legitimate Interest): To algorithmically tailor your user interface, suggest relevant community templates of Musein AI, and persistently remember your complex creative parameters.
• Marketing and Strategic Communications (Consent / Legitimate Interest): To dispatch promotional updates, newsletters, and specialized feature announcements. You maintain the absolute right to opt out of non-transactional marketing communications at any time.
• Security, Integrity, and Fraud Prevention (Legitimate Interest / Legal Obligation): To proactively monitor for anomalous or malicious activity, enforce our Terms of Service, defend against distributed denial-of-service (DDoS) attacks, and preserve the operational integrity of the Musein AI engine.
• Regulatory Compliance (Legal Obligation): To satisfy applicable statutory requirements, adhere to law enforcement subpoenas, and execute our obligations under global age verification mandates.

4. Information Disclosure and Sub-Processor Architecture

Musein AI unequivocally does not sell your personal information to third-party data brokers. However, operating a planetary-scale AI infrastructure necessitates the strategic sharing of data with the following categories of verified entities:

• Cloud Infrastructure and Operational Service Providers: We contract with elite third-party vendors to execute critical operational functions, including hyperscale cloud computing (e.g., AWS, Google Cloud), payment gateway processing, and application telemetry analytics.
• Third-Party Frontier AI Model Providers: To provide a comprehensive creative canvas, Musein AI integrates external, state-of-the-art AI models via Application Programming Interfaces (APIs). When routing your complex prompts or reference architecture through these external providers, we enforce rigid Data Processing Agreements (DPAs). These agreements contractually prohibit third-party model providers from utilizing your specific data to train their independent foundational models, enforcing Zero Data Retention (ZDR) protocols wherever technically feasible.
• Corporate Restructuring: In the event of a merger, acquisition, corporate reorganization, bankruptcy proceeding, or asset liquidation, your personal information may be securely transferred to an acquiring entity, subject to the unyielding continuity of the protections delineated in this Privacy Policy.
• Legal Necessity and Harm Prevention: We may disclose your information if we hold a good-faith belief that such action is imminently necessary to comply with a judicial proceeding, protect the intellectual property rights and operational property of Musein AI, defend against catastrophic legal liability, or guarantee the personal safety of our user base or the general public.

5. International Data Transfers and European Safeguards

As a global platform, Musein AI's primary AI processing clusters and database infrastructure are geographically located within the United States and Singapore. Consequently, your personal information may be transferred to, stored, and computed in jurisdictions outside your country of domicile. We recognize that data protection statutes in these destination jurisdictions may lack the stringency of those in your home nation.

For Users Domiciled in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland:

To legitimize the transfer of your personal data outside the EEA, UK, or Switzerland to third countries, Musein AI relies strictly on legally validated transfer mechanisms. Primarily, we have incorporated and executed the modernized Standard Contractual Clauses (SCCs) as approved by the European Commission, augmented by stringent supplementary technical encryption measures. These SCCs legally bind our data importers to guarantee that your personal data continues to benefit from an impregnable level of protection analogous to European standards. By utilizing our Services, you are acknowledging the cross-border transfer of your data as governed exclusively by these SCCs.

6. AI Transparency, UGC, and Model Training Opt-Out Rights

The intersection of artificial intelligence and privacy demands absolute transparency. Musein AI believes creators must retain ultimate sovereignty over how their artistic inputs interface with machine learning networks.

• Algorithmic Data Processing: When you submit a creative prompt or upload reference media, our AI matrix analyzes this input to probabilistically generate the requested visual output. We actively deploy advanced data de-identification and Data Loss Prevention (DLP) algorithms engineered to identify and strip sensitive Personally Identifiable Information (PII) from your inputs prior to their interaction with core processing layers.
• Model Training & Your Sovereign Choice: To continually elevate the quality of our generative outputs, Musein AI may process de-identified, aggregated subsets of User-Generated Content (UGC) to refine our algorithms. However, you possess the unconditional, non-negotiable right to opt out of having your data utilized for AI model training.
• Executing Your Opt-Out Right: You may dynamically configure your AI training data permissions directly within the Musein AI App interface or on the musein.ai website by navigating to Settings > Privacy & AI Data > Model Training Authorization. Toggling this setting to “Off” initiates an immediate Zero Data Retention (ZDR) workflow for your future generations; your inputs will be processed strictly in volatile memory to deliver your immediate request and will be instantly purged, never to be logged or ingested into future model development cycles.
• Enterprise and Confidential Tiers: Accounts executing under Musein AI Enterprise or specialized confidential commercial licenses are protected by default Zero Data Retention protocols. Data processed via our Enterprise APIs is cryptographically isolated and strictly prohibited from cross-tenant model training.

Regulatory Warning: Users are contractually and strictly prohibited from inputting sensitive personal data (e.g., PHI, PCI data, government-issued IDs) or unauthorized, copyrighted third-party intellectual property into the Musein AI generation engine.

7. Your Global Privacy Rights and Controls

Depending on your geographic jurisdiction, you are empowered with specific, statutory rights regarding your personal data. Musein AI respects these rights unconditionally and provides frictionless, in-app mechanisms to exercise them.

A. GDPR Rights (EEA, UK, Switzerland)

If you reside within the EEA, UK, or Switzerland, you retain the right to:

1. Access: Request an exhaustive copy of the personal data we process concerning you.
2. Rectification: Mandate the immediate correction of factually inaccurate or incomplete data profiles.
3. Erasure (“Right to be Forgotten”): Request the permanent deletion of your personal data. You may initiate this complete account and data eradication directly via our in-app automated deletion protocol.
4. Restriction: Request the temporary or permanent limitation of processing your data under defined legal conditions.
5. Data Portability: Receive your generated data in a structured, commonly utilized, and machine-readable format.
6. Object: Object to data processing predicated upon legitimate interests or targeted direct marketing.
7. Automated Decision-Making: Contest decisions executed solely via automated processing that yield legal or equally significant effects, and formally request human intervention.

B. CCPA/CPRA Rights (California Residents - 2026 Standards)

If you are a resident of California, pursuant to the CCPA as amended by the CPRA 2026 regulations, you possess the right to:

1. Right to Know/Access: Request formal disclosure of the categories and specific elements of personal information collected, the originating sources, the specific business purpose, and the categories of third parties with whom it has been shared.
2. Right to Delete: Request the deletion of personal information collected directly from you, subject to narrow statutory exceptions.
3. Right to Correct: Demand the correction of verified inaccurate personal information.
4. Right to Opt-Out of Sale or Sharing: Direct Musein AI to cease the selling or sharing of your personal information for cross-context behavioral advertising. Our systems are engineered to automatically recognize and honor Global Privacy Control (GPC) HTTP header signals as a legally binding opt-out request.
5. Right to Limit Use of Sensitive Personal Information: Restrict the processing of sensitive data strictly to essential operational parameters.
6. Right to Non-Discrimination: Receive entirely equal service functionality and pricing structures regardless of your decision to exercise your privacy rights.
7. Right to Opt-Out of Automated Decision-Making Technology (ADMT): You hold the right to opt out of our utilization of ADMT for decisions producing significant effects concerning you, alongside the right to access comprehensive information regarding the operational logic of such ADMT processes.

CCPA Notice at Collection: We actively collect the categories of personal information enumerated in Section 2 for the precise business purposes documented in Section 3. For comprehensive details regarding our data retention timelines, please refer to Section 9.

Mechanism for Exercising Rights: You may execute these rights instantaneously by navigating to the designated “Privacy Center” within your account settings menu, utilizing our automated in-app account deletion tool, or by submitting a formal request via email to privacy@musein.ai. We commit to verifying your request and executing a response strictly within the timeframes mandated by applicable statutory law.

8. Children's Privacy and Age Verification

The Musein AI platform is structurally engineered for a sophisticated general audience comprising professional creators, developers, and adult hobbyists. We strictly do not direct our Services toward, nor do we knowingly collect or solicit personal information from, children under the age of 13 (or the corresponding legal age of digital consent within your specific jurisdiction, which extends to 16 in select EU member states).

In stringent compliance with the Children's Online Privacy Protection Act (COPPA) and the newly enacted 2026 state-level age verification legislative mandates (including regulations active in Texas, Utah, Louisiana, and California), Musein AI deploys commercially reasonable age-gating and age-categorization mechanisms during the initial account onboarding sequence. If you are a parent or legal guardian and discover that your minor child has transmitted personal information to us absent verified parental consent, we urge you to contact us immediately. Upon verification of the claim, our engineering team will execute commercially reasonable protocols to promptly and permanently purge such data from our active processing environments.

9. Data Security Infrastructure and Retention Policies

Musein AI implements formidable, industry-standard technical, administrative, and physical security countermeasures meticulously designed to defend your personal data against unauthorized access, malicious alteration, unlawful disclosure, or accidental destruction. Our security posture incorporates AES-256 encryption for data at rest, TLS 1.3 encryption for data in transit, continuous vulnerability auditing, and zero-trust internal access controls. However, acknowledging the inherent vulnerabilities of global network architectures, no method of transmission over the Internet or mechanism of electronic storage is mathematically flawless. Therefore, while we deploy commercially elite resources to safeguard your personal information, we cannot warrant its absolute, impenetrable security, and any transmission is fundamentally at your own risk.

We retain your personal information strictly for the duration necessary to satisfy the specific purposes delineated within this Privacy Policy, unless a more prolonged retention period is legally compelled or permitted by overriding law (e.g., for fiscal auditing, tax compliance, or active legal holds). Upon your successful execution of an account deletion request, your user profile and associated raw UGC will be permanently erased or cryptographically anonymized within a maximum of 30 days. Critical Limitation: Please be advised that data already aggregated, synthesized, and mathematically integrated into the weights of our fully trained AI models cannot be retroactively extracted, decoupled, or “unlearned.” This technical reality deeply underscores the paramount importance of exercising your pre-training opt-out rights as detailed in Section 6.

10. Third-Party Integrations and External Links

Within the Musein AI ecosystem, our Services may feature integrations, plugins, or hypertext links connecting to third-party websites, mobile applications, or community repositories that are neither operated nor controlled by Musein AI. This Privacy Policy is strictly inapplicable to the data processing practices of these independent third entities. We strongly implore you to meticulously review the privacy policies of any third-party services you elect to engage with. Musein AI unequivocally disclaims any responsibility or legal liability for the content, privacy protocols, or commercial practices of any third-party platforms.

11. Modifications to This Privacy Policy

The technological frontier of artificial intelligence and the corresponding global privacy legislative landscape are characterized by unprecedented dynamism. Musein AI expressly reserves the right to amend, update, or comprehensively modify this Privacy Policy at our sole discretion to accurately reflect advancements in our algorithmic practices, operational shifts, or newly enacted legal obligations. When material modifications are executed, we will notify our user base by prominently broadcasting a notice within the Musein AI app dashboard, updating the “Last Updated” timestamp at the apex of this document, and, where mandated by statutory law, aggressively seeking your renewed, affirmative consent prior to implementation. We encourage proactive, periodic review of this policy.

12. Contacting Our Privacy Operations

Should you possess any inquiries, legal concerns, or formal requests regarding this Privacy Policy, our model training practices, or our data governance protocols, please direct your communication to our Data Protection Officer (DPO) and dedicated Privacy Team at: