PRIVACY POLICY

Last Updated: November 19, 2025

MA B.V. (trading as Muze, hereinafter “Muze”, “we”, “us”, or “our”), a company registered in the Netherlands under Chamber of Commerce number 96166649 with its registered office at Van Baerlestraat 126-1, 1071 BD, Amsterdam, is the controller of your personal data when you use the Muze Services (including the website muze.so, mobile and desktop applications, APIs, widgets, embedded features, and any other products or services that link to or reference this Privacy Policy – collectively the “Services”).

If you are resident in India, the controller of your personal data is our affiliate Stroopwafel Private Limited (CIN U62011KA2025PTC209024), registered office 12/1 FE, Lake Shore Homes, Kasavanahalli, Bengaluru 560035, Karnataka, India. All references to “Muze” in this Policy include the relevant controller for your jurisdiction.

This Privacy Policy describes how we collect, use, store, share, and protect your personal data. It also explains the rights and choices you have with respect to your personal data. By accessing or using the Services, you confirm that you have read and understood this Privacy Policy and consent to the processing activities described herein where consent is the applicable legal basis.

We process personal data only where we have a lawful basis under applicable data-protection laws, including the General Data Protection Regulation (GDPR), the EU-US Data Privacy Framework (where applicable), the Digital Personal Data Protection Act 2023 (India), and other relevant legislation.

1.Categories of Personal Data We Collect

1.1.

Data you provide directly

a.Account registration information (username, email address, phone number, password, date of birth)
b.Profile information (display name, bio, profile picture, header image, location, website link)
c.Content you create or upload (posts, replies, direct messages, media files, live streams)
d.Contacts you choose to upload or sync
e.Payment and billing information (when you use paid features)
f.Communications you send us (support requests, feedback, reports)
g.Preferences, settings, and survey responses
1.2.

Data collected automatically

a.Device and browser information (device type, operating system, unique device identifiers, browser type and version, IP address)
b.Log and usage data (pages viewed, interactions, timestamps, referring URLs, search terms)
c.Approximate or precise location data (if you enable location services or if derived from IP address)
d.Cookie and similar technology identifiers (see Section 9)
e.Inferred data (e.g., interests, demographic categories derived from your activity)
1.3.

Data received from third parties

a.Advertising and measurement partners (advertising IDs, campaign performance data)
b.Third-party services you connect (e.g., single sign-on providers)
c.Publicly available data or data from other users (e.g., when you are mentioned or tagged)

We may combine data from these sources to provide and improve the Services

2.Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases:

a.To create and manage your account, deliver content, enable messaging and interactions, and provide core functionality – this processing is necessary for the performance of our contract with you (the Terms of Service).
b.To personalize your experience (recommendations, feeds, suggested accounts, content ranking) – this is based on our legitimate interests in improving user experience or on your consent where required by law.
c.To show relevant advertising and measure advertising effectiveness – this is based on our legitimate interests in funding the free Services or on your consent where required.
d.To develop, train, and improve machine-learning and artificial-intelligence models (including generative features) using your content and interactions – this is based on our legitimate interests in innovation and service enhancement; you may opt out at any time (see Section 6).
e.To ensure safety, security, and integrity (fraud prevention, content moderation, abuse detection) – this is based on our legitimate interests in platform safety and on legal obligations.
f.To conduct research, analytics, and product development – this is based on our legitimate interests in service improvement.
g.To communicate with you (service notifications, policy updates, support, optional marketing) – this is necessary for the performance of our contract, required by legal obligations, or based on your consent.
h.To comply with legal obligations and respond to lawful requests – this is required to meet legal obligations.

3.How We Share Personal Data

We do not sell your personal data. We share personal data only in the following limited circumstances:

a.With your consent or at your direction (e.g., when you share content publicly or connect third-party apps)
b.With service providers acting as processors under strict Data Processing Agreements (e.g., cloud hosting, analytics, payment processors, customer support tools)
c.With affiliated companies within the Muze group for the purposes described in this Policy
d.With advertising and analytics partners (typically in pseudonymized or aggregated form) – you can opt out in settings
e.For legal reasons (to comply with law-enforcement requests, court orders, or to protect rights, property, or safety)
f.In connection with a business transfer (merger, acquisition, or sale of assets) – the successor will be bound by this Policy or provide equivalent protection

Public content you post may be displayed off-platform (e.g., via search engines or embeds) and is visible to anyone.

4.International Data Transfers

Your personal data may be transferred to and processed in the Netherlands, other EEA countries, the United States, India, and other countries where our service providers operate. Whenever we transfer personal data outside the EEA or India, we ensure an adequate level of protection by using:

a.European Commission adequacy decisions
b.Standard Contractual Clauses (SCCs) approved by the European Commission and/or Indian authorities
c.The EU-US Data Privacy Framework (for qualifying transfers to the US)
d.Binding corporate rules or other approved mechanisms where applicable

You may request a copy of the relevant safeguards by contacting privacy@muze.so.

5.Data Retention

We retain personal data only for as long as necessary for the purposes set out in this Policy and to comply with legal obligations.

a.Account data: retained while your account is active + 30 days (reactivation window)
b.Public content: retained until deleted by you or us; copies may remain in backups for up to 180 days
c.Direct messages: retained until deleted or account deactivation
d.Analytics and usage logs: up to 18 months
e.Advertising data: up to 12 months
f.Financial records: up to 7 years (or as required by tax law)
g.Data needed to prevent abuse (e.g., banned account identifiers): retained indefinitely

After the applicable retention period, data is securely deleted or anonymized.

6.Your Rights and Choices

You have the following rights regarding your personal data (subject to local law):

a.Access, rectification, and portability
b.Erasure (“right to be forgotten”)
c.Restriction of processing
d.Objection to processing based on legitimate interests
e.Withdrawal of consent (where processing is consent-based)
f.Opt-out of AI training, personalized ads, and data sharing with business partners (via Settings → Privacy & Data)
g.Non-discrimination for exercising your rights

You can exercise most rights directly in the app/website or by submitting a request at https://muze.so/privacy-request. We verify requests and respond within the statutory timeframes (usually 30 days). Authorized agents may act on your behalf with proof of authorization.

7.Children’s Privacy

The Services are not intended for individuals under 15 years of age. We do not knowingly collect personal data from children under 15. If we learn that we have collected such data, we will delete it promptly. Parents or guardians may contact privacy@muze.so to request removal.

8.Security Measures

We implement robust technical and organizational measures, including encryption (TLS 1.3 in transit, AES-256 at rest), access controls, regular security audits, and incident-response protocols. You are responsible for maintaining the confidentiality of your password and enabling two-factor authentication.

9.Cookies and Similar Technologies

We use cookies and similar technologies for authentication, security, analytics, personalization, and advertising. Detailed information and management options are available in Settings → Privacy → Cookies & Tracking and in our separate Cookie Notice at https://help.muze.so/cookies.

10.Changes to this Privacy Policy

We may update this Policy from time to time. Material changes will be notified at least 14 days in advance via email and in-app notice (except where changes are required immediately for legal, security, or new-feature reasons). Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

11.Contact Information

Data Protection Officer / Privacy Team

Email: privacy@muze.so

Postal address:

Muze B.V.,

Privacy Office,

Van Baerlestraat 126-1,

1071 BD Amsterdam, Netherlands