Skip to content
MusicianOS
Template — pending legal review. This page is a working draft, not lawyer-reviewed final copy, and should not be relied on as legal advice or a finished policy.

Privacy Policy

Last updated: TODO: operator — set the effective date when this page ships

1. Who we are

MusicianOS ("MusicianOS," "we," "us") operates the MusicianOS Pro+ web platform at muos.app and its artist subdomains ({artist}.muos.app) and any connected custom domains. This policy explains what personal information we collect through the web platform, why, how long we keep it, and how you can ask us to delete it.

Operator/legal entity: TODO: operator — legal entity name and registered address. Contact for privacy questions: privacy@muos.app TODO: operator — confirm this mailbox exists and is monitored before launch.

2. What we collect

Artist account data. Artists sign in with Sign in with Apple. We receive Apple's stable user identifier and, if the artist chooses to share it, a name and email address. We do not receive or store an Apple password.

Fan data — booking requests. When a fan submits a booking inquiry through an artist's /book page, we collect the requester's name and email, an optional phone number, event date(s), venue/location, budget, and a free-text message — whichever fields that artist has configured as required or optional.

Fan data — live show requests. When a fan requests a song during an artist's live show (/live), we collect a requester name and an optional note (which may include a location/table, at the fan's choice). If the artist has enabled a PIN gate, the PIN itself is not personal data and is not tied to a submitted request afterward.

Aggregate, non-identifying data. Request counts, top-requested songs, and similar tallies are kept indefinitely because they don't identify any individual fan.

Cookies and sessions. We set a single first-party, HttpOnly session cookie used only to keep an artist signed in to their own account/admin console. We do not use third-party advertising cookies, and we do not sell or share personal information for cross-context behavioral advertising.

Device/browser fingerprinting (Live Show Mode). To let an artist block an abusive or spamming fan from a live request queue, the block feature can key off a device/browser fingerprint in addition to a session or IP address. A fingerprint is tracking technology under GDPR and similar laws, and we treat it as such: it is collected only in the context of an active live session's moderation tooling, is not used for advertising, and is not linked to a fan's identity outside that show. For fans in the EU/EEA/UK, fingerprint collection for this purpose relies on TODO: operator — confirm legal basis — likely legitimate interest for abuse prevention, or consent if counsel determines legitimate interest doesn't hold.

3. Why we collect it

  • To operate the account/subscription an artist has with us.
  • To deliver a booking inquiry or live song request to the artist it was addressed to.
  • To prevent abuse of the live request queue (rate limiting, PIN gating, fingerprint-based blocking).
  • To measure aggregate, non-identifying usage of the platform.

We do not use fan-submitted names, messages, or contact details for our own marketing, and we do not sell them to anyone.

4. How long we keep it — the 30-day retention window

Fan-identifying data — live request names and notes, booking request contact details, and similar fan PII — is retained for 30 days from the relevant event (a live session ending, a booking submission, or an artist account's deletion), after which it is soft-deleted: it disappears from every artist-facing and public read path immediately and cannot be recovered through the product. A second sweep permanently (hard-)deletes the underlying record 30 days after that.

Aggregate, non-identifying statistics (request counts, top songs, tip totals) are not fan PII and may be kept indefinitely.

5. Who we share it with — subprocessors

We use a small set of infrastructure providers ("subprocessors") to run the platform. None of them are permitted to use fan or artist data for their own purposes.

ProviderRole
VercelApplication hosting, edge/CDN, and serverless functions for the entire web platform.
Neon (Postgres)The public/admin database — site configuration, published song/setlist/gig listings, booking requests, and live-show requests.
Upstash (Redis)Short-lived operational data only: rate limiting, live-session hot state, and edit-presence signals. Not a durable store of personal data.
ResendTransactional email — booking notifications, account emails — sent from one shared, platform-owned account (never per-artist).
AI providersServer-side processing of artist-submitted files/text for the lyric and chord import pipeline. Platform provider keys never reach the browser; artist content is not used to train third-party models beyond that provider's own standard processing terms.

6. Your choices — deleting your data

Because of the 30-day retention window above, most fan data deletes itself automatically without any action on your part. If you'd like it removed sooner, or want to confirm it's gone, email privacy@muos.app with the artist's page you submitted to and roughly when you submitted it, and we'll locate and delete the record. Artists can request deletion of their own account and all associated data the same way.

7. International users

MusicianOS is operated from TODO: operator — country/region of operation, and the providers in §5 may process data in the United States and other countries. If you are in the EU/EEA/UK, you have rights under GDPR (access, correction, deletion, portability, and objection) — contact us at privacy@muos.app to exercise them. TODO: operator — confirm whether a Standard Contractual Clauses / international transfer mechanism is needed for any subprocessor.

8. Children's privacy

MusicianOS is not directed to children under 13, and we do not knowingly collect personal information from them. Live show requests and booking inquiries ask for a name and, optionally, contact details or a message — this is not a service designed for children to use unsupervised.

9. Changes to this policy

We'll update this page when what we collect or how we handle it changes, and update the "Last updated" date above.

Questions?

Email privacy@muos.app — see also our Terms of Service and DMCA Policy.