← Back to Home

Privacy Policy

Muse Creative, Inc. · Effective March 1, 2026 · Last Updated March 1, 2026

1. Who We Are

Muse Creative, Inc. (“Muse,” “we,” “us,” “our”) provides an AI meeting intelligence platform (the “Service”) that joins video meetings, processes audio, and generates structured meeting artifacts including transcripts, summaries, decisions, and action items.

Contact: privacy@musecreative.ai

For GDPR purposes, where your organization uses Muse, your organization is the data controller and Muse is the data processor. Where an individual uses Muse on a free or personal plan, Muse acts as a joint controller with that individual.

2. Data We Collect

2.1 Account Data

Information you provide when creating an account:

• Email address, display name, avatar
• Organization name and slug
• Authentication credentials (passwords are hashed using Argon2; we never store plaintext passwords)
• OAuth tokens (encrypted at rest) for calendar and meeting platform integrations
• Profile preferences (timezone, locale, working style)

2.2 Meeting Data

• Audio: Real-time audio streams from meeting participants, processed for transcription. Raw audio is deleted within 24 hours of transcription.
• Transcripts: Text transcriptions of meeting audio, attributed to speakers.
• Artifacts: AI-generated summaries, decisions, action items, key outputs.
• Meeting metadata: Title, date, duration, platform, participant names and count, calendar event identifiers.

2.3 Calendar Data

When you connect a calendar integration: event titles, times, participant lists, and meeting links (read-only). We do not read event descriptions, attachments, or non-meeting entries.

2.4 Usage Data

• Pages visited, features used, and interaction patterns
• Device type, browser, operating system, and IP address
• Error logs and performance metrics

2.5 Billing Data

Payment processing is handled by Stripe. We do not store credit card numbers, CVVs, or full payment credentials. We receive only a payment reference, last four digits, and billing address from Stripe.

3. How We Use Your Data

Purpose	Data Used	Legal Basis (GDPR)
Provide the Service	Meeting data, account data	Contract (Art. 6(1)(b))
Authenticate and secure accounts	Account data, usage data	Contract; legitimate interest (Art. 6(1)(b), (f))
Calendar integration	Calendar data	Contract (Art. 6(1)(b))
Billing and subscriptions	Billing data, account data	Contract (Art. 6(1)(b))
Product analytics	Usage data (aggregated)	Legitimate interest (Art. 6(1)(f))
Security monitoring	Usage data, account data	Legitimate interest (Art. 6(1)(f))

We do not sell your personal data, use meeting content for advertising, train AI models on your data, or share meeting content with other customers.

4. AI Processing and Transparency

4.1 How AI Processes Your Meetings

Muse uses third-party large language models (LLMs) to generate transcripts, summaries, and artifacts from your meeting audio. Audio is transcribed using speech-to-text models, then processed by LLMs to extract decisions, action items, and summaries.

4.2 No Model Training

Your meeting data is never used to train, fine-tune, or improve any AI model. This applies to both our internal models and any third-party AI providers. We contractually require our AI sub-processors to delete input data after processing.

4.3 Speaker Identification

Muse attributes transcript segments to speakers using meeting platform participant metadata (display names). Muse does not create, store, or process voiceprints, voice embeddings, or biometric identifiers. Speaker attribution is based solely on the audio channel and participant name from the meeting platform’s API.

4.4 Automated Decision-Making

Muse generates AI-produced outputs as informational aids. These do not constitute automated decisions that produce legal or similarly significant effects on individuals. Users review and approve all AI-generated content before acting on it.

5. Meeting Recording Consent

5.1 Your Responsibility

Recording laws vary by jurisdiction. In some jurisdictions (including California, Illinois, Florida, and other US states), all participants must consent to being recorded. As the account holder, you are responsible for ensuring you have the necessary consent or legal basis to record meetings using Muse.

5.2 Tools We Provide

• Recording disclosure: Bot identifies itself with a recording indicator
• Chat notification: Disclosure message sent to all participants on join
• Consent acknowledgment: Required before enabling the bot
• Per-meeting control: Enable or disable on a per-meeting basis
• Opt-out mechanism: Participants can request exclusion

5.3 Participant Rights

If you are a meeting participant (not a Muse account holder) and your meeting was processed by Muse, you can request removal of your contributions by contacting the meeting organizer or emailing privacy@musecreative.ai.

6. Data Sharing

We share data only with:

• Your organization: Per visibility settings (private, org-wide, or arc-scoped)
• Sub-processors: Cloud infrastructure, AI providers, Stripe, email delivery, meeting platform APIs
• Legal requirements: When required by law or regulation
• Business transfers: In the event of a merger or acquisition, with prior notice

7. Data Retention

Data Type	Default Retention	Notes
Raw audio	24 hours	Deleted after transcription
Transcripts	90 days (configurable)	Org admins can adjust
Meeting artifacts	90 days (configurable)	Summaries, decisions, action items
Account data	Duration of account	Deleted within 30 days of closure
Audit logs	1 year	Security and compliance

8. Data Security

• Encryption in transit: TLS 1.3 for all connections
• Encryption at rest: AES-256 for stored data
• Access controls: RBAC with multi-factor authentication
• Audit logging: All data access and modifications logged
• Multi-tenant isolation: Logical separation via per-request scoping
• Incident response: Breach notification within 72 hours

9. Your Rights

All Users

You may access, correct, delete, and export your personal data through the application or by contacting us.

EEA, UK, and Switzerland (GDPR)

You also have the right to restrict processing, object to processing, data portability, withdraw consent, and lodge a complaint with your supervisory authority. We respond within 30 days.

California (CCPA/CPRA)

You have the right to know, delete, and opt out of the sale/sharing of personal information. We do not sell or share personal information. We honor Global Privacy Control signals.

Other US States

We comply with applicable state privacy laws including Colorado, Connecticut, Virginia, Utah, and others. Contact privacy@musecreative.ai to exercise your rights.

10. International Data Transfers

For EEA/UK to US transfers, we rely on Standard Contractual Clauses (SCCs) supplemented by additional technical and organizational measures.

11. Children’s Privacy

Muse is a business application not directed at children under 16. We do not knowingly collect data from children under 16.

12. Government and Public Sector

Organizations subject to FISMA, FedRAMP, CJIS, ITAR, or GovRAMP/StateRAMP requirements should contact government@musecreative.ai for our Government Addendum covering data residency, personnel security, enhanced audit rights, and NIST 800-53 alignment.

13. Data Processing Agreement

Enterprise and Team plan customers may request a DPA including GDPR Article 28 obligations, SCCs, sub-processor management, audit rights, and breach notification procedures.

14. Changes to This Policy

Material changes will be communicated via email, in-app notification, and an updated date at the top. Continued use after notification constitutes acceptance.

15. Contact Us

Email: privacy@musecreative.ai
Data Protection Officer: dpo@musecreative.ai
Data subject requests: Email privacy@musecreative.ai with subject “Data Subject Request.”