1. Introduction
Muse In Motion ("Muse," "we," "us," or "our") operates an AI-powered management platform for digital content creators and their agencies. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at museinmotion.io and related services (the "Service").
By using our Service, you consent to the data practices described in this policy. If you do not agree, please do not use our Service.
2. Data Controller
Muse In Motion
Contact: [email protected]
Website: museinmotion.io
For GDPR purposes, Muse In Motion acts as a data processor on behalf of agencies (the data controllers) when processing fan/subscriber data. For agency account data, Muse acts as the data controller.
3. Information We Collect
3.1 Account Information
When you create an account, we collect:
- Name and email address
- Password (stored as a bcrypt hash, never in plaintext)
- Role and team assignments
- Language preference
3.2 Platform Connection Data
When you connect creator platforms (OnlyFans, Fanvue, Fansly), we collect:
- OAuth access and refresh tokens (encrypted with AES-256-GCM at rest)
- Platform usernames and user IDs
- Subscriber/fan lists and metadata
3.3 Chat and Communication Data
To provide AI-assisted chat services, we process:
- Fan messages synced from connected platforms
- AI-generated response suggestions
- Conversation summaries and extracted fan facts (preferences, spending behavior)
- Conversation phase and engagement metrics
3.4 Usage and Technical Data
- IP address, browser type, device information
- Pages visited and features used
- API request logs (sanitized — no sensitive data logged)
4. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Service | Contract performance (Art. 6(1)(b)) |
| Generate AI chat responses | Contract performance |
| Extract fan preferences and behavior | Legitimate interest (Art. 6(1)(f)) |
| Improve AI model quality | Legitimate interest |
| Send service-related communications | Contract performance |
| Prevent fraud and abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
5. AI-Generated Content Disclosure
Important: Our platform uses proprietary AI models to generate chat response suggestions. These responses are AI-assisted, not AI-autonomous — a human operator reviews and sends each message. AI-generated content is provided "as-is" without guarantees of accuracy. Agencies are responsible for reviewing AI suggestions before sending them to fans.
Our AI models are self-hosted on private infrastructure. Fan data used for generating responses is never sent to third-party AI providers (such as OpenAI, Google, or Anthropic). All AI processing occurs within our controlled environment.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of service + 30 days after deletion request |
| Platform tokens | Until platform disconnection or token revocation |
| Chat messages | Duration of service (synced from platform) |
| Fan facts and summaries | Duration of service |
| Audit logs | 90 days |
| Technical/access logs | 30 days |
Upon account termination or deletion request, we delete or anonymize your data within 30 days, except where retention is required by law.
7. Data Sharing and Sub-Processors
We do not sell your personal information. We do not share your data with third parties for their marketing purposes.
We use the following sub-processors:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Vast.ai | GPU compute for AI model hosting | Various (currently Canada) |
| Hosting provider | Application server and database | Europe |
We may disclose data if required by law, court order, or to protect our rights, safety, or property.
8. Data Security
We implement industry-standard security measures including:
- Encryption at rest: AES-256-GCM for platform tokens and sensitive data
- Encryption in transit: TLS 1.2+ for all connections
- Password security: bcrypt hashing with salting
- Access control: Role-based access (owner, admin, chatter) with per-user permissions
- Authentication: JWT with short-lived access tokens, OAuth 2.0 + PKCE for platform connections
- Rate limiting: Protection against brute-force and abuse
- Content safety: Message Guard (banned word detection) and Character Guard (AI behavior monitoring)
- Infrastructure: Dedicated private servers, Docker container isolation, no shared hosting
For more details, see our Trust & Security page.
9. Your Rights
9.1 GDPR Rights (EEA/UK Residents)
Under the General Data Protection Regulation, you have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten")
- Restrict processing of your data
- Data portability — receive your data in a structured format
- Object to processing based on legitimate interest
- Withdraw consent at any time
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
9.2 CCPA/CPRA Rights (California Residents)
Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of your personal information
- Non-discrimination for exercising your rights
We do not sell personal information. To submit a request, email [email protected].
10. Age Restriction
Our Service is available only to users aged 18 and older. We do not knowingly collect data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.
11. International Data Transfers
Your data may be processed in jurisdictions outside your country of residence. When transferring data outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.
12. Cookies
Our platform uses essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Essential cookies cannot be disabled as they are necessary for the Service to function.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending an email. The "Last updated" date at the top indicates when the policy was last revised.
14. Contact Us
For privacy-related inquiries, data subject requests, or complaints:
Email: [email protected]
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.