← Back to MuseForge

Privacy Policy

Last updated: April 25, 2026

1. Who we are

MuseForge is a Bring-Your-Own-Key (BYOK) AI music-video studio. You supply your own API keys for AI providers; we orchestrate those providers on your behalf. This policy explains what we collect, why, who we share it with, and what rights you have. The service is intended for users 18 and over.

2. What we collect

  • Account info: name, email, and authentication identifier (via Clerk).
  • Billing info: handled entirely by Stripe — we never see card numbers. Stripe returns a customer ID and subscription status.
  • API keys: encrypted at rest with AES-256-GCM with per-record authenticated additional data (so a stolen ciphertext from one user cannot be replayed against another). Used only to call providers on your behalf, decrypted in memory at the moment of use.
  • Project content: audio you upload, prompts you write, and media generated by your provider keys.
  • Usage events: per-project costs, timestamps, and platform-fee metering for billing and quota enforcement.
  • Diagnostic logs: error traces, request IDs, and event-level telemetry for debugging and abuse prevention. API key values, audio bytes, and full prompts are redacted from logs.

3. How we use it

  • To provide the service: store your projects, run renders, send transactional email.
  • To bill you for your subscription tier (via Stripe).
  • To enforce usage limits and warn you about quota.
  • To investigate abuse, security incidents, and Terms violations.
  • To improve product reliability through aggregated, de-identified analytics.

We do not train AI models on your content. We do not sell your data, share it with advertisers, or use it for behavioural advertising.

4. AI providers and your data

When you connect an API key, MuseForge passes your audio, prompts, and other inputs to that provider on your behalf and receives outputs back. We do not control how AI providers handle your inputs and outputs, including whether they retain or train on them. You should review the data-handling terms of every provider whose key you connect. As of this writing, OpenAI's API and Anthropic's API both default to no-training and short-retention for paid usage; consumer-facing products from the same vendors behave differently.

5. Subprocessors

We share data only with subprocessors required to run the service:

  • Clerk — authentication and identity
  • Stripe — payments and subscription management
  • Cloudflare R2 — file storage (audio, generated media)
  • Managed Postgres — primary database
  • Managed Redis — job queue and ephemeral state
  • Resend — transactional email
  • Sentry — error monitoring (with key/secret redaction)
  • PostHog — product analytics (de-identified at the edge where feasible)

Note: AI providers (OpenAI, Anthropic, fal.ai, Luma, MiniMax, etc.) are not our subprocessors — when you connect a key, you are their direct customer for the model call. We will give at least 30 days' notice by email or in-app banner before adding or replacing a subprocessor that meaningfully changes how we handle your data.

6. Data retention and deletion

  • Active projects: retained while your account is active.
  • Deleted projects: objects in storage (audio, renders, exports) are removed within 24 hours; database rows are removed immediately on cascade.
  • Deleted accounts: all your projects, API keys, usage history, and Personally Identifiable Information are removed from primary systems within 30 days. Backups containing your data are overwritten on the standard backup-rotation cycle (no longer than 90 days).
  • Diagnostic logs: retained for up to 30 days unless required for an open security or abuse investigation.
  • Billing records: retained as required by tax and accounting regulations (typically 7 years), in pseudonymised form where feasible.

7. Your rights

Subject to applicable law, you have the right to:

  • access a copy of the personal data we hold about you;
  • correct inaccurate data;
  • delete your data (this is exposed in-app via account deletion);
  • export your data in a portable format;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your local data-protection authority.

To exercise any of these rights, email hello@museforge.dev. We will respond within 30 days. If you are in the EU/UK, this policy and our practices are designed to comply with the GDPR / UK GDPR. If you are a California resident, you have equivalent rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of "sales" or "sharing" — we do not sell or share personal information for cross-context behavioural advertising.

8. International transfers

We operate from infrastructure that may store or process your data in the United States, the European Union, or other regions where our subprocessors operate. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

9. Cookies and similar technologies

We use cookies only for authentication (managed by Clerk) and a small set of first-party analytics cookies via PostHog to measure product usage. We do not use third-party advertising or cross-site tracking cookies.

10. Security

API keys are encrypted with AES-256-GCM using a per-record data encryption key wrapped by a master key kept outside the database. The encryption binds each record to its owning user, so a ciphertext stolen from one user's row cannot be decrypted into another user's context. Audio and generated media are stored in non-public Cloudflare R2 buckets and served via short-lived signed URLs. All connections to MuseForge are TLS-encrypted. We log, monitor, and rate-limit access to sensitive subsystems and redact keys and secrets from error reports.

No system is perfectly secure. If you discover a vulnerability, report it to hello@museforge.dev.

11. Children

MuseForge is not intended for users under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes

Material changes will be announced by email and reflected in the "Last updated" date above. We will give at least 30 days' notice for changes that meaningfully reduce the privacy commitments in this policy.

13. Contact

Privacy questions, rights requests, or complaints: hello@museforge.dev

Privacy Policy — MuseForge