Legal
This Privacy Policy explains what information Muse collects, how it is used, and the security principles that Muse is built on. It is written to be honest and readable — not buried in legal language.
Muse is operated by Faiz Khan, based in Georgia, United States. If you have any questions, you can reach me directly at hello@usemuse.dev.
Muse is built on one foundational rule: your credentials never leave your machine.
When you connect GitHub, Supabase, Vercel, or any other integration to Muse, those API keys and tokens are stored locally inside the Muse Agent — a lightweight application running on your own workstation. They are never transmitted to, processed by, or stored on Muse servers. The Muse backend never sees them. They never touch the cloud.
This is not a policy choice. It is an architectural one. The system is designed so that credentials cannot be sent to Muse servers even in principle. The agent executes all actions locally using your credentials, and only the result is relayed back.
During the current waitlist phase, Muse collects only:
That is everything collected during the waitlist phase. Nothing else.
When Muse launches, additional data will be collected to operate the service. This section is an honest outline of what that looks like so there are no surprises.
In transit: All communication between the Muse webapp, backend, and desktop agent uses encrypted connections (HTTPS and WSS).
At rest: Waitlist emails and account data are stored in Supabase, which encrypts data at rest. Task records are scoped by user ID with row-level security enforced at the database level — meaning your data is only accessible to you.
Credentials: As described above, your integration credentials are stored in a local configuration file on your own machine. Muse never has access to them. If you uninstall the Muse Agent, your credentials leave with it.
Agent tokens: The only secret Muse servers hold is an agent pairing token — a randomly generated identifier that lets your agent authenticate its WebSocket connection to the backend. This token can be revoked from the Muse dashboard at any time, which immediately disconnects the agent.
Muse uses the following third-party infrastructure:
| Service | Purpose |
|---|---|
| Supabase | Database, authentication, and user data storage |
| Vercel | Hosting the Muse web application |
| Railway | WebSocket gateway for agent communication (post-launch) |
| Google Search Console | Domain verification and search analytics |
Each of these services has its own privacy policy. Muse does not control their data practices and encourages you to review them independently.
Regardless of where you are located, you have the right to:
To exercise any of these rights, email hello@usemuse.dev. I will respond within 14 days.
Muse is not directed at children under the age of 13. I do not knowingly collect personal information from children under 13. If you believe a child has submitted their information, please contact me and I will remove it promptly.
If this Privacy Policy changes materially, waitlist members and active users will be notified by email before the changes take effect. The "Last Updated" date at the top of this page will always reflect the most recent revision.
Privacy questions, data requests, or concerns:
Faiz Khan
hello@usemuse.dev
usemuse.dev
I read every email and will respond personally.