Introduction
Welcome to Muzza (muzza.ai). We are committed to protecting your privacy and ensuring the security of your personal data. This privacy policy explains how we collect, use, and protect your data when you use our platform.
Data We Collect
We strive to collect only the minimum data necessary to provide our services:
- Account data: Email address — used to create your account and log in. When signing in via an external account, we only receive the identifier and username.
- Chat data: Your conversations are end-to-end encrypted. We only store the encrypted text and the platform cannot read the content of your conversations.
- Generated images: Metadata about images you create (date, associated character) — the images themselves are stored securely.
- Payment data: Transaction history, subscription status, and jewel balance. We do not store credit card details or cryptocurrency wallet information — these are processed directly by payment providers.
- Usage data: Anonymized statistics about platform usage (pages visited count, no personal data).
- We do not collect phone numbers or social media accounts.
- We do not log your IP addresses.
AI Memory
The platform uses an AI memory system to improve conversation quality. This system stores anonymized summaries of your interactions with characters to provide a more personalized experience. This memory:
- Is linked to your account only and isolated from other users.
- Does not contain the original text of your conversations.
- Is completely deleted when you delete your account.
Chat Storage
Your conversations are end-to-end encrypted using a key derived from your password. The server stores only the encrypted text and the platform cannot read the content of your conversations. You alone hold the decryption key.
Analytics and Tracking
We use a privacy-friendly analytics tool that does not use cookies and does not collect personal data. We also use device fingerprinting technology to create an anonymous visitor identifier for statistical purposes only — it cannot be linked to your personal identity.
- We do not use Google Analytics.
- We do not use Facebook Pixel.
- We do not use any third-party advertising tracking scripts.
Push Notifications
You can optionally subscribe to push notifications. When you subscribe, we only store your device subscription identifier (no personal data). You can unsubscribe at any time from your account settings. The data sent via notifications is limited to the notification title and body text only.
Third-Party Service Providers
We work with trusted third-party service providers to operate the platform. Each provider only accesses the data necessary to perform its function:
- •Database hosting and authentication — Servers in the European Union
- •Website hosting — Content delivery and global distribution
- •AI model processing — To power character conversations
- •AI memory system — Processing anonymized summaries only to improve conversations
- •Image generation — AI-powered image creation service
- •Payment processing — For processing cryptocurrency transactions
- •Ad network — Displaying ads (without tracking cookies)
- •Anonymous device fingerprinting — For statistical purposes only
- •Privacy-friendly analytics — Without cookies or personal data
- •Email service — For verification emails and password resets
Account Deletion
You can delete your account at any time from your account settings. When you delete your account, all your data is permanently and irreversibly removed from our servers immediately. This includes:
- Your email address and account data
- All encrypted conversations
- Generated images and your collection
- Payment history and jewel balance
- Subscription data
- AI memory linked to your account
- Push notification subscriptions
Your Rights
Under the General Data Protection Regulation (GDPR) and applicable laws, you have the following rights:
- Right of access: You can request a copy of your personal data stored with us.
- Right to rectification: You can request correction of any inaccurate data.
- Right to erasure: You can delete your account and all your data at any time from the settings.
- Right to data portability: You can request an export of your data in a machine-readable format.
- Right to object: You can object to the processing of your data for specific purposes.
- Right to withdraw consent: You can withdraw your consent to data processing at any time.
To exercise any of these rights, contact us at privacy@muzza.ai. We will respond to your request within a maximum of 30 days.
Child Protection
Muzza is intended for adults only (18 years or older). We do not knowingly collect data from minors. If we become aware that a user under 18 has created an account, we will immediately delete the account and all associated data. If you believe a minor is using the platform, please report it to privacy@muzza.ai.
Data Breach Notification
In the event of a security breach affecting your personal data, we will:
- Notify you via email within 72 hours of discovering the breach.
- Report to the relevant regulatory authorities as required by GDPR.
- Explain the nature of the breach, the data affected, and the measures taken to address it.
- Provide recommendations to protect your account.
Security
We implement strict security measures to protect your data:
- TLS encryption for all data in transit.
- End-to-end encryption for conversations.
- Encrypted storage of data on servers in the European Union.
- No logging of personal data in system logs.
- Strict row-level security (RLS) policies at the database level.
Policy Updates
We may update this privacy policy from time to time. We will notify you of any material changes via email or a notification on the platform. We recommend reviewing this page periodically.
Contact
If you have any questions or inquiries about this privacy policy or how we handle your data, you can contact us via email at: privacy@muzza.ai