Security Policy
Version: v3.0.0 Last updated: February 2026
1. Introduction
This Security Policy describes the technical, organizational, and administrative measures implemented by musen (the Company, we, us) to protect the confidentiality, integrity, and availability of data processed through the musen platform, including its website, applications, and associated services (collectively, the Service).
musen is an AI powered radio platform that processes user data to deliver personalized audio experiences, including AI curated radio streams and user generated audio segments. Security is a core operational priority, and this policy outlines how we approach risk management, system protection, access control, and incident response.
This document is intended to provide transparency regarding our security practices. It does not create contractual obligations beyond those defined in the Terms and Conditions or Privacy Policy, nor does it guarantee absolute security.
2. Scope
This Security Policy applies to:
All musen operated systems, infrastructure, and software components
All user data processed in connection with the Service
All employees, founders, contractors, and authorized collaborators with access to musen systems
All third party service providers engaged by musen where they interact with musen data or infrastructure
The policy covers security measures related to:
Application security
Infrastructure and hosting security
Authentication and access control
Data protection and storage
Monitoring and incident response
This policy does not cover third party platforms, services, or applications that are not operated or controlled by musen, even if they integrate with the Service.
3. Security Principles
musen security program is based on the following core principles.
3.1 Confidentiality
Access to systems and data is limited to authorized individuals and services only, based on role and operational necessity. Sensitive data is protected through access controls and encryption where appropriate.
3.2 Integrity
Safeguards are implemented to prevent unauthorized modification, corruption, or deletion of data. System changes are controlled, logged where feasible, and reviewed as part of normal operations.
3.3 Availability
Systems are designed to ensure reasonable availability of the Service, using modern cloud infrastructure, redundancy, and monitoring. While continuous uptime cannot be guaranteed, steps are taken to minimize service disruption.
3.4 Risk Based Approach
musen applies security controls proportionate to the nature of the data processed and the risks involved. As an evolving platform, security measures are periodically reviewed and adjusted based on operational needs, changes in the threat landscape, and business growth.
4. Access Control and Authentication
4.1 User Authentication
Users may access the musen Service through one or more of the following authentication methods:
Email address and password
Third party authentication via Google OAuth
At present, multi factor authentication is not enforced for user accounts. Users are responsible for maintaining the confidentiality of their credentials and for any activity conducted through their accounts.
4.2 Account Security Responsibilities
Users are expected to:
Choose strong passwords
Avoid reusing passwords across services
Notify musen promptly if they suspect unauthorized access to their account
musen reserves the right to suspend or restrict accounts where suspicious activity, abuse, or security risks are detected.
4.3 Internal Access Controls
Access to internal systems, administrative tools, and production environments is restricted to authorized personnel only. Access is granted based on role and operational necessity and is revoked when no longer required.
Internal access is logged and monitored where appropriate. Administrative credentials are protected using industry standard security practices.
4.4 Principle of Least Privilege
musen applies the principle of least privilege, meaning that individuals and systems are granted the minimum level of access necessary to perform their functions. This applies to:
Application services
Internal tools
Cloud infrastructure
5. Data Protection and Encryption
5.1 Data in Transit
musen uses industry standard transport security measures to protect data transmitted between user devices, musen services, and third party providers. Communications are encrypted using secure protocols such as HTTPS and TLS.
This applies to:
Website traffic
Application API requests
Authentication flows
Streaming and content delivery metadata
While encryption significantly reduces risk, no transmission method over the internet can be guaranteed to be completely secure.
5.2 Data at Rest
Where appropriate, data stored within musen controlled systems is protected using encryption at rest mechanisms provided by infrastructure and service providers.
Data at rest may include:
Account identifiers
Usage and interaction data
Personalization signals
System logs and metadata
Encryption standards and implementation details may evolve over time as infrastructure and providers change.
5.3 Data Minimization
musen limits data collection and storage to what is reasonably necessary to operate the Service, improve personalization, ensure security, and comply with legal obligations. Data retention periods are determined based on operational, legal, and security considerations.
6. Infrastructure and Hosting Security
6.1 Hosting Environment
musen operates on modern cloud based infrastructure provided by reputable third party hosting providers. Infrastructure may be geographically distributed and hosted outside Estonia, including within the European Union and other jurisdictions.
Physical security of data centers is managed by hosting providers and typically includes controlled physical access, surveillance and monitoring, and redundant power and environmental controls.
6.2 Network Security
Network level protections are implemented to reduce exposure to unauthorized access and common attack vectors. These may include firewalls and network segmentation, rate limiting and traffic filtering, and separation between production and non production environments.
6.3 System Updates and Maintenance
musen performs updates, patches, and configuration changes as part of ongoing system maintenance. Security related updates are prioritized based on severity and operational impact.
As a fast evolving platform, some updates may be deployed continuously or incrementally.
7. Third Party Services and Vendors
7.1 Use of Third Party Providers
musen relies on third party services to support core functionality, including cloud infrastructure and hosting, authentication providers, analytics and monitoring tools, and payment processors.
These providers may process data on musen behalf under contractual or technical safeguards.
7.2 Vendor Risk Management
musen selects third party providers based on functionality, reliability, and security practices appropriate to their role. While musen makes reasonable efforts to work with reputable providers, it does not control their internal security operations.
musen is not responsible for security incidents originating solely within third party systems outside its control.
7.3 Third Party Terms
Use of third party services may be subject to their own security policies, terms, and privacy practices. Users are encouraged to review those documents where applicable.
8. Monitoring, Logging, and Abuse Prevention
8.1 System Monitoring
musen monitors system performance, availability, and error conditions to ensure operational stability and detect potential security issues.
Monitoring data may include error logs, performance metrics, authentication attempts, and abuse or anomalous usage patterns.
8.2 Logging
Logs may be generated for security, debugging, and operational purposes. Logged data is accessed on a need to know basis and retained for limited periods consistent with operational and legal requirements.
8.3 Abuse and Misuse Detection
musen reserves the right to monitor usage patterns to detect fraudulent activity, automated abuse, unauthorized access attempts, and violations of the Terms and Conditions.
Where abuse or misuse is detected, musen may take corrective action, including restricting access, suspending accounts, or terminating services.
9. Security Incident Response
9.1 Incident Identification
A security incident may include unauthorized access, data exposure, system compromise, or other events that could affect the confidentiality, integrity, or availability of the Service.
musen investigates suspected incidents using available logs, monitoring data, and technical analysis.
9.2 Incident Response
Upon identification of a confirmed security incident, musen may contain and mitigate the incident, restore affected systems or services, assess the scope and impact, and implement corrective measures to reduce recurrence.
9.3 User and Authority Notification
Where required by applicable law, musen will notify relevant users and or supervisory authorities of data breaches or security incidents within legally mandated timeframes.
For users in the European Economic Area, this may include notification to the Estonian Data Protection Inspectorate where appropriate.
10. Data Retention and Deletion
musen retains system logs, security records, and operational metadata only for as long as reasonably necessary to maintain the security and integrity of the Service, detect and respond to incidents or abuse, and comply with legal, regulatory, or contractual obligations.
Where possible, security related data is anonymized or aggregated once it is no longer required in identifiable form.
When personal data is deleted pursuant to user requests or account closure, related security logs may be retained in a limited form where necessary to protect the Service, prevent fraud, or comply with applicable law.
11. User Responsibilities
While musen implements technical and organizational security measures, users also play a role in maintaining the security of their accounts and interactions with the Service.
Users are responsible for maintaining the confidentiality of their account credentials, using secure devices and up to date software, avoiding sharing account access with unauthorized parties, and promptly reporting suspected security incidents or unauthorized access.
musen is not responsible for security incidents resulting from user negligence, compromised devices, or third party account breaches outside the Company control.
12. Limitations and No Guarantee of Absolute Security
musen employs reasonable and proportionate security measures consistent with industry standards. However, no system can be guaranteed to be completely secure.
Security controls may evolve as the platform grows and threat landscapes change. Vulnerabilities may exist despite best efforts, and unauthorized access, misuse, or data compromise cannot be entirely eliminated.
This Security Policy does not constitute a guarantee, warranty, or representation that security incidents will never occur.
13. Changes to This Security Policy
musen reserves the right to update or modify this Security Policy at any time to reflect changes in technology, legal requirements, operational practices, or risk assessment.
Where changes are material, musen will make reasonable efforts to notify users through the Service or other appropriate channels. The Last updated date at the top of this document indicates when the most recent revisions were made.
Continued use of the Service after changes take effect constitutes acceptance of the updated Security Policy.
14. Contact Information
For security related questions, concerns, or incident reports, users may contact musen at:
General inquiries: info@musen.live
Website: https://musenai.live
Reports of potential vulnerabilities or incidents should include sufficient detail to allow investigation. musen appreciates responsible disclosure and good faith reporting.
Last updated