Skip to main content
Muse Collectivity

Privacy Policy

Last updated: February 2026

Who We Are

Muse Collectivity ("we", "us", "our") is an Australian platform that operates the Muse Collectivity music collaboration marketplace at musecollectivity.com.

We are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Privacy and Other Legislation Amendment Act 2024 (POLA).

What Information We Collect

We only collect personal information that is reasonably necessary for providing our platform services. This includes:

  • Account information: Your email address, name (or stage name), and password (encrypted).
  • Profile information: Bio, profile photo, genre preferences, service types, portfolio audio samples, and links to external profiles (Spotify, SoundCloud, etc.) that you choose to provide.
  • Payment information: Processed entirely by Stripe. We never see or store your credit card numbers. We store Stripe customer and transaction IDs for record-keeping.
  • Communications: Messages sent through the platform between users, within project workspaces, and through the dispute resolution process.
  • Project data: Project descriptions, deliverable files, revision history, and dispute evidence uploaded through the platform.
  • Usage data: Pages visited, features used, and technical data (browser type, device type, IP address) to improve the platform and maintain security.

We do not collect: government IDs, date of birth, phone numbers (unless you provide them voluntarily), or location data beyond what your browser provides.

How We Use Your Information

We use your personal information only for the purposes for which it was collected:

  • To provide and operate the Muse Collectivity platform
  • To create and manage your account
  • To process payments between artists and creators via Stripe
  • To facilitate project collaboration, including workspace messaging and file sharing
  • To administer disputes, including reviewing evidence, chat history, and deliverables
  • To send transactional emails (account confirmations, payment receipts, project updates)
  • To send marketing emails (only with your express opt-in consent)
  • To display your public profile and portfolio to other users
  • To detect and prevent fraud, abuse, and security threats
  • To improve our platform and develop new features
  • To comply with legal obligations

Who We Share Your Data With

We share personal information only with trusted third-party service providers who help us operate the platform. All providers are contractually obligated to protect your data:

  • Supabase (US-based, SOC 2 Type II compliant) — Database hosting, authentication, and file storage
  • Stripe (US-based, PCI DSS Level 1) — Payment processing and creator payouts
  • Resend (US-based) — Email delivery
  • Vercel (US-based, SOC 2 Type II) — Website hosting
  • Sentry (US-based, SOC 2 Type II) — Error monitoring and performance tracking (no personal content is sent to Sentry)

These providers are based in the United States. By using Muse Collectivity, you acknowledge that your data may be processed outside Australia. We rely on contractual protections (Data Processing Agreements) with each provider to ensure your data is handled in accordance with Australian Privacy Principles.

We may also share information where required by law, court order, or government authority, or where necessary to protect the safety, rights, or property of Muse Collectivity, our users, or the public.

We never sell your personal information to third parties. We never share your data for marketing purposes without your explicit consent.

How We Protect Your Information

We implement both technical and organisational measures to protect your personal information, as required by APP 11 and the POLA 2024 reforms:

  • Technical measures: TLS 1.3 encryption for all data in transit, encrypted database connections, bcrypt password hashing, row-level security policies, secure session tokens, Content Security Policy headers, rate limiting on authentication endpoints, and file upload validation.
  • Organisational measures: Role-based access controls, admin audit logging, principle of least privilege, and regular security reviews.

Data Retention

We retain your personal information only for as long as it is needed for the purposes described in this policy, or as required by law:

  • Active accounts: Your data is retained for as long as your account is active.
  • Closed accounts: After you close your account, we delete your personal data within 30 days, except where we are required to retain certain records (see below).
  • Payment records: Transaction records are retained for 7 years after the transaction date to comply with Australian tax and financial reporting obligations.
  • Dispute records: Dispute evidence, messages, and resolution records are retained for 2 years after the dispute is resolved, or longer if required for ongoing legal proceedings.
  • Audit logs: Admin audit logs are retained for 2 years for security and compliance purposes.
  • Delivered project files: Files delivered as part of a completed project remain accessible to the receiving party even after the sender's account is closed.

Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access your data (APP 12): You can view all your personal information through your account settings. You can also request a full data export at any time. For a formal data access request, contact us and we will respond within 30 days.
  • Correct your data (APP 13): You can update your profile, bio, portfolio, and preferences at any time through your account settings.
  • Delete your data: You can delete your account through your account settings. This will remove your personal data in accordance with our data retention schedule above.
  • Opt out of marketing: You can unsubscribe from marketing emails at any time via the unsubscribe link in any email, or through your email preferences in Settings.
  • Request data portability: You can request an export of your data in a commonly used, machine-readable format.

Marketing Communications

In accordance with the Spam Act 2003 (Cth), we only send marketing emails to users who have provided express opt-in consent. You can withdraw this consent at any time. Transactional emails (payment confirmations, project updates, account security) are not marketing and will be sent regardless of your marketing preferences — these are necessary for the operation of your account.

Cookies and Analytics

Muse Collectivity uses the following types of cookies:

  • Essential cookies (strictly necessary): Session cookies for authentication, security tokens (CSRF protection), and user preference storage (e.g. theme setting). These cannot be disabled as they are required for the platform to function.
  • Analytics cookies: We may use privacy-respecting analytics to understand how the platform is used, such as page views and feature usage. This data is aggregated and does not identify individual users. We do not use Google Analytics or any analytics tool that shares data with advertising networks.

We do not use third-party advertising cookies, tracking pixels, or cross-site tracking of any kind.

Children's Privacy

Muse Collectivity is a professional marketplace for musicians aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we become aware that a user is under 18, we will take steps to delete their account and data.

Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme. Notification will occur as soon as practicable, and no later than 30 days after we become aware of the breach.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes to how we collect, use, or share your personal information, we will notify you by email and through an in-app notification at least 14 days before the changes take effect. We will provide a clear summary of what has changed. The "Last updated" date at the top of this page reflects the most recent revision.

Contact Us & Complaints

If you have questions about this Privacy Policy or wish to make a privacy complaint, please contact us at:

Email: privacy@musecollectivity.com
Business: Muse Collectivity

We will acknowledge your inquiry within 7 days and provide a substantive response within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.