MuseMuse

Legal

Privacy Policy

Muse (usemuse.dev)
Effective Date: July 2, 2026  ·  Last Updated: July 2, 2026

This Privacy Policy explains what information Muse collects, how it is used, and the security principles that Muse is built on. It is written to be honest and readable — not buried in legal language.

Muse is operated by Faiz Khan, based in Georgia, United States. If you have any questions, you can reach me directly at hello@usemuse.dev.

The Core Privacy Principle

Muse is built on one foundational rule: your credentials never leave your machine.

When you connect GitHub, Supabase, Vercel, or any other integration to Muse, those API keys and tokens are stored locally inside the Muse Agent — a lightweight application running on your own workstation. They are never transmitted to, processed by, or stored on Muse servers. The Muse backend never sees them. They never touch the cloud.

This is not a policy choice. It is an architectural one. The system is designed so that credentials cannot be sent to Muse servers even in principle. The agent executes all actions locally using your credentials, and only the result is relayed back.

Phase 1 — Waitlist (Current)

During the current waitlist phase, Muse collects only:

  • Email address — submitted voluntarily through the waitlist form on usemuse.dev, stored securely in a Supabase database, used only to notify you when Muse launches and to send occasional product updates, never sold, rented, or shared with third parties for marketing purposes. You can request removal at any time by emailing hello@usemuse.dev.
  • Analytics via Google Search Console — used for domain verification and search performance monitoring. This tracks aggregate search impressions and clicks related to usemuse.dev. No personal browsing data or individual user tracking is collected through this.

That is everything collected during the waitlist phase. Nothing else.

Phase 2 — Full Product (Post-Launch Outline)

When Muse launches, additional data will be collected to operate the service. This section is an honest outline of what that looks like so there are no surprises.

Account data

  • Email address and authentication credentials (managed via Supabase Auth)
  • Account creation timestamp

Workspace and connection metadata

  • Names of workspaces you create
  • Which integration types you have connected (e.g. "GitHub connected", "Supabase connected") — not the credentials themselves
  • Agent pairing records: your machine name, agent version, last connected time, and online/offline status

Task records

  • A log of tasks dispatched through Muse: which skill was used, which action was taken, when it ran, and whether it succeeded or failed
  • Task parameters may include references like repository names, table names, or file paths — but never raw credential values
  • Task logs are used to display your history in the app and to diagnose issues

What is never collected or stored on Muse servers

  • API keys, tokens, or secrets of any kind
  • The content of your database rows (beyond what is needed to display a result back to you during an active session)
  • File contents from your repositories
  • Any data from your local machine beyond what the agent explicitly sends as a task result

How Your Data Is Protected

In transit: All communication between the Muse webapp, backend, and desktop agent uses encrypted connections (HTTPS and WSS).

At rest: Waitlist emails and account data are stored in Supabase, which encrypts data at rest. Task records are scoped by user ID with row-level security enforced at the database level — meaning your data is only accessible to you.

Credentials: As described above, your integration credentials are stored in a local configuration file on your own machine. Muse never has access to them. If you uninstall the Muse Agent, your credentials leave with it.

Agent tokens: The only secret Muse servers hold is an agent pairing token — a randomly generated identifier that lets your agent authenticate its WebSocket connection to the backend. This token can be revoked from the Muse dashboard at any time, which immediately disconnects the agent.

Third-Party Services

Muse uses the following third-party infrastructure:

ServicePurpose
SupabaseDatabase, authentication, and user data storage
VercelHosting the Muse web application
RailwayWebSocket gateway for agent communication (post-launch)
Google Search ConsoleDomain verification and search analytics

Each of these services has its own privacy policy. Muse does not control their data practices and encourages you to review them independently.

Data Retention

  • Waitlist emails: Retained until you request removal or Muse shuts down.
  • Account data (post-launch): Retained for the life of your account. You can request full deletion at any time by contacting hello@usemuse.dev. Deletion will be processed within 30 days.
  • Task logs (post-launch): Retained for 90 days by default, then automatically purged.

Your Rights

Regardless of where you are located, you have the right to:

  • Know what data Muse holds about you
  • Request a copy of your data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for email communications at any time

To exercise any of these rights, email hello@usemuse.dev. I will respond within 14 days.

Children's Privacy

Muse is not directed at children under the age of 13. I do not knowingly collect personal information from children under 13. If you believe a child has submitted their information, please contact me and I will remove it promptly.

Changes to This Policy

If this Privacy Policy changes materially, waitlist members and active users will be notified by email before the changes take effect. The "Last Updated" date at the top of this page will always reflect the most recent revision.

Contact

Privacy questions, data requests, or concerns:

Faiz Khan
hello@usemuse.dev
usemuse.dev

I read every email and will respond personally.