Privacy Policy
Version: v3.0.0 Last updated: February 2026
1. Introduction and Scope
This Privacy Policy explains how musen OÜ processes personal data in connection with the musen platform and related services. It applies to all individuals who access or use musen, whether they interact anonymously or through a registered account.
The Service covered by this Privacy Policy includes all musen operated digital properties and functionalities, including the musen websites, the web application, mobile applications, and all core features such as the AI DJ, Segments, Live AI Radio, creator tools, and application programming interfaces.
This Privacy Policy applies to the following categories of users. Guests who access musen without creating an account. Registered users who create and use an account. Premium and Creator users who subscribe to paid plans or access advanced creation and broadcasting features.
musen is established in the European Union and operates with an EU first regulatory posture. This Privacy Policy is designed primarily to comply with the General Data Protection Regulation and related EU data protection laws. Where musen processes personal data of individuals located outside the European Union, this Privacy Policy also reflects applicable local data protection requirements to the extent required by law.
2. Data Controller and Contact Details
musen OÜ is the legal entity responsible for the processing of personal data under this Privacy Policy. musen OÜ is established in the Republic of Estonia and acts as the data controller within the meaning of the General Data Protection Regulation.
Users may contact musen regarding privacy and data protection matters using the following details.
Legal entity name musen OÜ Registered jurisdiction Republic of Estonia Role data controller
Privacy contact email info@musen.live Security contact email security@musen.live
musen operates its technical infrastructure using a combination of European Union based and non European Union based service providers. Personal data may therefore be processed or stored in multiple locations depending on the service component involved. Details and safeguards related to international data transfers are described in a dedicated section of this Privacy Policy.
3. Legal Bases for Processing
musen processes personal data only where a valid legal basis exists under Article 6 of the General Data Protection Regulation. Depending on the specific feature, context, and user interaction, processing may rely on one or more of the following legal bases.
Consent
musen relies on user consent where required by law, in particular for processing activities that are not strictly necessary for the provision of the Service. This includes optional personalization settings, marketing communications, and the use of cookies or similar tracking technologies that are not strictly necessary for the operation of the platform. Where consent is required, it is requested in a clear, specific, and granular manner, and may be withdrawn at any time through available controls.
Audio playback and personalization are initiated through explicit user actions within the interface. musen does not rely on implied or bundled consent for optional processing activities.
Contractual necessity
musen processes certain personal data where processing is necessary for the performance of a contract with the user or to take steps at the user’s request prior to entering into a contract. This includes the creation and management of user accounts, the delivery of core listening and creation features, subscription management, credit purchases, billing, and customer support.
Without this processing, musen would not be able to provide the requested services or fulfill contractual obligations toward users.
Legitimate interests
musen may process limited personal data where necessary for its legitimate interests, provided that such interests are not overridden by the fundamental rights and freedoms of users. Legitimate interests include ensuring the security and integrity of the platform, preventing fraud, abuse, and misuse, maintaining system reliability, and performing basic analytics to understand service performance and usage trends.
Where processing is based on legitimate interests, musen applies safeguards and proportionality assessments to minimize impact on users and to ensure transparency.
Legal obligations
musen may process personal data where required to comply with applicable legal obligations. This includes obligations related to accounting, tax reporting, regulatory compliance, and lawful requests from competent public authorities.
4. Categories of Personal Data Collected
musen collects and processes personal data in a limited and proportionate manner, depending on how users access and use the Service. The categories of personal data processed are described below.
Guest users
Individuals who access musen without creating an account may have the following data processed.
IP address
Approximate location derived from IP address
Device information, such as device type, operating system, and browser
This data is used primarily to enable basic functionality, ensure security, and adapt the Service to technical constraints.
Registered users
Users who create an account may have the following additional data processed.
Account identifiers, such as username and email address
Authentication data required for login, such as encrypted passwords or authentication tokens
Profile information voluntarily provided by the user, such as display name, language preference, or profile description
Premium and Creator users
Users who subscribe to paid plans or access Creator features may have the following additional data processed.
Subscription status and plan information
Billing and transaction metadata provided by payment service providers, such as payment status, timestamps, and transaction identifiers
musen does not store or process raw payment card numbers, bank account details, or other full payment instrument data.
Usage and interaction data
When users interact with the Service, musen processes usage related data, which may include.
Listening behavior, such as session duration and continuity
Interactions with Segments, Live AI Radio, and other features
Signals used by the AI DJ and personalization systems to adapt the listening experience
This data is processed to operate the Service, improve radio flow, and support personalization in accordance with this Privacy Policy.
Explicit exclusions
musen does not collect or process biometric data, including voiceprints, facial recognition data, or similar identifiers.
5. Autoplay, Entry Consent, and User Action
musen is designed to respect both technical browser requirements and data protection principles regarding user consent and control.
Audio playback on musen is initiated only after an explicit user action within the interface. Depending on the context, this may include clicking an entry or play control, interacting with the player, or performing another clear action intended to start listening. musen does not initiate audio playback automatically without such user interaction.
The initial entry action into the Service is treated as an expression of intent to access and use the listening functionality. Acceptance of the Terms and Conditions governs the contractual relationship between the user and musen, while playback initiation remains a separate, user controlled action. musen does not treat the mere acceptance of the Terms as consent to optional data processing activities.
Users remain in control of playback at all times. Audio can be paused, stopped, or adjusted through available controls, and users may modify personalization settings or withdraw consent for optional processing through the appropriate settings interfaces.
This approach ensures that audio playback and related processing are based on clear user actions and do not rely on implied or bundled consent.
6. Personalization and AI DJ Processing
musen uses personalization mechanisms to adapt radio experiences over time based on how users interact with the Service. Personalization is designed to support continuous listening and improve relevance without producing legal or similarly significant effects on users.
Data used for personalization
Personalization may take into account listening sessions, duration of listening, interactions with Segments and Live AI Radio, expressed preferences such as likes or re tune actions, and contextual signals such as time of day or device type. These signals are processed to shape radio flow and content sequencing rather than to evaluate users as individuals.
Long horizon listening memory and session based signals
musen operates a long horizon listening memory that is session based rather than click based. Signals are derived from patterns of listening over time, such as continuity and tolerance for certain types of content, and are intentionally decayed to avoid permanent or rigid user profiles. Memory is used to adapt future listening experiences gradually and remains responsive to change.
Nature of the AI DJ system
The AI DJ is a non conversational system. It does not engage in dialogue with users, does not provide explanations, advice, or recommendations intended to influence decisions outside the context of listening, and does not operate as a chatbot or assistant. Its role is limited to selecting, sequencing, and adapting audio content within the radio experience.
No automated decision making with legal effects
Personalization and AI DJ processing do not constitute automated decision making that produces legal effects concerning users or similarly significantly affects them within the meaning of applicable data protection laws. These processes are used exclusively to provide entertainment and creative audio experiences.
Explicit exclusions
musen does not use personalization systems for biometric processing, social scoring, or profiling that has legal, economic, or comparable impacts on users. No decisions related to eligibility, pricing, access to essential services, or legal rights are made through personalization mechanisms.
7. Analytics, Cookies, and Tracking
musen uses limited analytics and similar technologies to understand how the Service is used, to maintain reliability, and to improve overall performance. These activities are designed to be proportionate, privacy conscious, and aligned with data minimization principles.
Analytics
musen collects basic usage analytics to understand how users interact with the Service, such as feature usage, session duration, and general performance metrics. Wherever possible, analytics data is aggregated and anonymized or pseudonymized to reduce the ability to identify individual users. Analytics are used to monitor service stability, diagnose technical issues, and guide product improvements rather than to track users across unrelated services.
Cookies and similar technologies
musen uses cookies and similar technologies to enable core functionality, maintain sessions, remember preferences, and support analytics. Some cookies are strictly necessary for the operation of the Service and do not require user consent. Other cookies, such as those used for optional analytics or measurement, are used only where permitted by applicable law.
Controls and preferences
Users can manage cookie preferences and consent choices through available controls, including browser settings and, where provided, in app or website preference tools. Users may withdraw or adjust consent for non essential cookies at any time, without affecting access to core features of the Service.
musen does not use cookies or tracking technologies for intrusive cross site tracking or unrelated advertising purposes.
8. Communications and User Preferences
musen communicates with users for different purposes, and clearly distinguishes between service related communications and optional marketing messages.
Transactional communications
musen may send transactional or service related communications that are necessary to provide the Service or to fulfill contractual or legal obligations. These communications may include messages related to account creation and management, authentication, billing and subscription status, credit purchases, security notifications, and important changes affecting the operation of the Service.
Transactional communications are considered essential to the use of musen and cannot be opted out of while an account remains active.
Marketing communications
Marketing or promotional communications, such as updates about new features, offers, or events, are optional. musen sends marketing communications only where users have provided explicit opt in consent, where required by applicable law. Marketing consent is not pre selected and is requested separately from acceptance of the Terms or use of the Service.
Users may withdraw consent for marketing communications at any time through available unsubscribe links or account preference settings.
Preference management
Users can manage communication preferences through their account settings or through mechanisms provided within communications. Changes to preferences are applied promptly and do not affect access to core features of the Service.
9. Data Retention
musen retains personal data only for as long as necessary to fulfill the purposes for which it was collected, to provide the Service, and to comply with applicable legal obligations. Retention decisions are guided by principles of purpose limitation, data minimization, and proportionality.
Retention principles
Personal data is retained only where it remains relevant to an identified purpose. When data is no longer needed for service delivery, security, analytics, or legal compliance, it is deleted, anonymized, or aggregated. musen periodically reviews stored data to ensure that retention remains justified.
Example retention periods
Account related data is retained for the duration of an active account and for a limited period thereafter to allow for account recovery, dispute resolution, or compliance with legal obligations.
Subscription and billing related records are retained for periods required by accounting and tax laws.
Security and access logs are retained for limited periods necessary to investigate incidents, prevent abuse, and maintain platform integrity.
Retention periods may vary depending on the nature of the data, the context of processing, and applicable legal requirements.
Anonymization and aggregation
Where possible, musen converts personal data into anonymized or aggregated forms so that it can no longer be associated with an identifiable individual. Such data may be retained for longer periods for statistical analysis, service improvement, and research purposes.
Deletion after inactivity
musen may delete or anonymize personal data associated with inactive accounts after a reasonable period of inactivity, subject to legal retention requirements and user rights. Users may request deletion of their account and associated personal data at any time in accordance with this Privacy Policy.
10. Account Deletion and Data Erasure
musen provides users with the ability to request deletion of their account and the erasure of associated personal data in accordance with Articles 17 and 19 of the General Data Protection Regulation.
Account deletion process
Users may request deletion of their account through available account settings or by contacting musen using the contact details provided in this Privacy Policy. Account deletion requests are processed without undue delay and within the timeframes required by applicable law.
Identity verification
To protect users from unauthorized deletion or data access, musen may take reasonable steps to verify the identity of the requesting individual before completing a deletion or erasure request. Verification measures are proportionate to the nature of the request and the sensitivity of the data involved.
Scope of deletion
When an account is deleted, musen deletes or irreversibly anonymizes personal data associated with the user account, including account identifiers, profile information, and personalization data, unless retention is required for a legitimate and lawful purpose.
Public content and limited retention
Where users have made content publicly accessible within the Service, such as public segments or public live radio streams, musen may retain such content in a non attributable form where necessary to preserve the integrity of the Service, respect the rights of other users, or comply with legal obligations. Any retained public content is dissociated from the deleted account and no longer linked to the individual as an identifiable person.
musen may also retain limited data where required to comply with legal obligations, resolve disputes, enforce agreements, or protect the security and integrity of the platform. Such data is retained only for as long as necessary for these purposes and is subject to appropriate safeguards.
11. User Rights Under GDPR
Users whose personal data is processed by musen have the rights granted under the General Data Protection Regulation. These rights apply subject to the conditions, limitations, and exceptions set out in applicable law.
Right of access
Users have the right to request confirmation as to whether musen processes their personal data and, where this is the case, to access such data and receive information about how it is processed.
Right to rectification
Users have the right to request correction of inaccurate or incomplete personal data concerning them.
Right to erasure
Users have the right to request deletion of their personal data in certain circumstances, including where the data is no longer necessary for its original purpose or where consent has been withdrawn, subject to lawful retention grounds.
Right to restriction of processing
Users have the right to request restriction of processing in specific situations, such as where the accuracy of the data is contested or where processing is unlawful but erasure is opposed.
Right to data portability
Where processing is based on consent or contractual necessity and carried out by automated means, users have the right to receive their personal data in a structured, commonly used, and machine readable format, and to transmit that data to another controller where technically feasible.
Right to object
Users have the right to object to processing based on legitimate interests, including processing for direct marketing purposes. Where an objection is upheld, musen will cease the relevant processing unless compelling legitimate grounds exist.
Right to withdraw consent
Where processing is based on consent, users have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
12. Exercising Your Rights
Users may exercise their data protection rights by contacting musen using the contact details provided in this Privacy Policy or through available account settings where applicable.
Submitting requests
Requests to exercise data protection rights may be submitted by email or through designated in service tools where available. Users should provide sufficient information to allow musen to understand and process the request efficiently. musen may request additional information where necessary to clarify the scope of a request.
Response timelines
musen responds to valid data protection requests without undue delay and in any event within the timeframes required by applicable law. Under the General Data Protection Regulation, responses are generally provided within one month of receipt, although this period may be extended where permitted by law due to the complexity or volume of requests. Where an extension applies, users will be informed accordingly.
Verification safeguards
To protect user data and prevent unauthorized access or disclosure, musen may take reasonable steps to verify the identity of the individual making a request. Verification measures are proportionate and are used solely to ensure that personal data is disclosed or modified only at the request of the rightful data subject.
13. Data Sharing and Processors
musen may share personal data with third parties only where necessary to operate the Service, comply with legal obligations, or protect the security and integrity of the platform. Personal data is not sold to third parties.
Categories of processors
musen uses carefully selected service providers that act as data processors on its behalf. These may include providers of:
Hosting and cloud infrastructure services
Analytics and monitoring services used to understand service performance and reliability
Payment processing services for subscriptions and credit purchases
These processors process personal data only in accordance with musen’s instructions and for the purposes described in this Privacy Policy.
Contractual safeguards
musen enters into data processing agreements or equivalent contractual arrangements with its processors where required by law. These agreements include obligations relating to confidentiality, security, data protection, and compliance with applicable data protection legislation.
musen does not authorize processors to use personal data for their own purposes.
No sale of personal data
musen does not sell, rent, or trade personal data to third parties. Personal data is shared only to the extent necessary to provide and operate the Service or to comply with legal obligations.
14. Security Measures
musen implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. Security measures are designed to be proportionate to the nature of the data processed and the risks associated with processing activities.
Technical measures
Technical safeguards may include access controls, encryption in transit and where appropriate at rest, monitoring of system activity, secure authentication mechanisms, and measures to protect infrastructure against unauthorized intrusion or misuse. Security controls are reviewed and updated as systems evolve.
Organizational measures
Organizational safeguards include internal policies and procedures governing data access, employee and contractor confidentiality obligations, role based access limitations, and security awareness practices. Access to personal data is restricted to individuals who require it for legitimate operational purposes.
Residual risk
While musen takes reasonable steps to protect personal data, no system can be guaranteed to be completely secure. Users acknowledge that the transmission and storage of data over the internet involves inherent risks, and musen cannot eliminate all potential security threats. In the event of a security incident, musen follows established procedures as described in this Privacy Policy.
15. International Data Transfers
musen may process personal data in countries outside the European Economic Area where this is necessary to operate the Service and where service providers or infrastructure are located outside the EEA.
Where personal data is transferred outside the EEA, musen ensures that such transfers are carried out in accordance with Chapter V of the General Data Protection Regulation and are subject to appropriate safeguards.
Safeguards for international transfers
Depending on the destination country and the nature of the transfer, musen relies on one or more of the following safeguards.
Adequacy decisions adopted by the European Commission, where the recipient country is recognized as providing an adequate level of data protection.
Standard Contractual Clauses approved by the European Commission, together with additional technical or organizational measures where required.
musen assesses international transfers on a case by case basis and applies safeguards designed to ensure that personal data remains protected in line with EU data protection standards.
16. Data Breach Notification
musen maintains procedures to detect, assess, and respond to personal data breaches in a timely and responsible manner.
Detection and response
musen monitors its systems for potential security incidents and investigates suspected breaches involving personal data. Where a personal data breach is identified, musen takes prompt steps to contain the incident, assess its scope and impact, and mitigate potential harm.
Notification to authorities
Where a personal data breach is likely to result in a risk to the rights and freedoms of individuals, musen will notify the competent supervisory authority without undue delay and, where required by law, within seventy two hours of becoming aware of the breach, in accordance with applicable data protection legislation.
Notification to users
Where a personal data breach is likely to result in a high risk to the rights and freedoms of affected individuals, musen will notify affected users without undue delay, providing information about the nature of the breach and recommended steps to mitigate potential adverse effects, as required by law.
17. Children’s Data
musen is not intended for use by children and is available only to individuals who are at least eighteen years of age.
musen does not knowingly collect or process personal data relating to individuals under the age of eighteen. If musen becomes aware that personal data of a child has been collected or processed inadvertently, it will take reasonable steps to delete such data without undue delay.
Where required, musen may take proportionate measures to verify age or restrict access in order to comply with applicable laws and to protect children’s privacy.
18. Changes to This Privacy Policy
musen may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or data processing practices.
Where changes materially affect how personal data is processed or impact users’ rights, musen will provide appropriate notice, such as by posting the updated Privacy Policy within the Service or through other reasonable communication channels. The updated version will indicate the date of its most recent revision.
Continued use of the Service after an updated Privacy Policy becomes effective constitutes acknowledgment of the updated terms, subject to applicable legal requirements.
19. Supervisory Authority
musen is established in the Republic of Estonia and is subject to the supervision of the Estonian Data Protection Authority.
Users have the right to lodge a complaint with the Estonian Data Protection Authority or with another competent supervisory authority in the European Union, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they believe that the processing of their personal data infringes applicable data protection laws.
20. Relationship with Terms and Conditions
This Privacy Policy governs only the collection and processing of personal data in connection with the Service.
The Terms and Conditions govern access to and use of the Service, including contractual rights, obligations, limitations of liability, and dispute resolution. Nothing in this Privacy Policy is intended to modify, override, or replace any provisions of the Terms and Conditions.
In the event of an apparent conflict between this Privacy Policy and the Terms and Conditions, the documents shall be interpreted in a manner that gives effect to both, with this Privacy Policy applying solely to matters of personal data processing and the Terms and Conditions applying to all other aspects of the contractual relationship, subject to applicable law.
21. Contact Information
musen provides clear contact channels to ensure accessibility, transparency, and trust.
General contact
For general questions about the Service or this Privacy Policy, users may contact musen at:
Email info@musen.live
Privacy contact
For questions, requests, or concerns specifically related to personal data processing or data protection rights, users may contact:
Email info@musen.live
Security contact
For reporting security vulnerabilities, suspected data breaches, or other security related issues, users may contact: Email security@musen.live 22. Final Provisions
Language precedence
This Privacy Policy is drafted in English. Where this Privacy Policy is translated into other languages, the English version shall prevail in the event of any inconsistency or interpretation dispute, to the extent permitted by applicable law.
Severability
If any provision of this Privacy Policy is held to be invalid, unlawful, or unenforceable by a competent authority or court, such provision shall be severed or limited to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.
Data Protection Officer
musen has not appointed a Data Protection Officer, as it is not required to do so under applicable data protection law based on the nature and scale of its processing activities. Where this position changes, musen will update this Privacy Policy accordingly.
Last updated