Morning Muze — Privacy Policy

Effective Date: May 1st, 2026

This Privacy Policy describes how Morning Muze (“we,” “us,” or “our”) collects, uses, shares, and protects your information, and explains your choices, including specific rights provided to California residents and individuals in the European Economic Area, United Kingdom, and Switzerland.

1. Information We Collect

  • Personal Information: Name, email, and profile photo (as provided by you).
  • Audio Recordings:
    • User-to-user messages: audio sent between users is deleted upon delivery.
    • Creator uploads: retained and delivered based on active subscriptions.
  • Usage & Device Data: Collected via Firebase (e.g., AppCheck, analytics).
  • Subscription Data: Tracked via RevenueCat (e.g., plan, status).
  • Website Data: When you visit morningmuze.com, we and our service providers collect information about your visit, including IP address, browser type, pages viewed, time spent on pages, referring URL, and information you provide through forms (such as joining our waitlist). This data is collected through cookies and similar technologies, as described in Section 7A below.

1A. Information We Collect from Creators

If you participate in the Morning Muze creator program, we additionally collect:

  • Tax and payment information: Legal name, address, taxpayer identification number (TIN), and tax form data (e.g., W-9 for U.S. creators), collected and stored securely through our tax compliance partner.
  • Payout information: Banking or payment account details necessary to remit your share of subscription revenue.
  • Creator performance data: Subscriber counts, recording analytics, and earnings history shown in your in-app creator dashboard.

This information is used solely to operate the creator program, calculate and issue payouts, and meet our tax reporting obligations.

2. How We Use Information and Lawful Basis

We use information to:

Purpose Lawful Basis (GDPR)
Deliver alarm content, authenticate accounts, and operate the App Performance of a contract
Process subscription payments and creator payouts Performance of a contract
Calculate creator payouts and file required tax forms Legal obligation
Generate aggregate playback statistics shown in the creator dashboard Legitimate interests
Product analytics to maintain, protect, and improve the App Legitimate interests (you may opt out — see Section 7)
Send service announcements (e.g., outages, terms updates) Legitimate interests
Send promotional messages (where permitted) Consent (you may withdraw at any time)
Detect and prevent fraud, abuse, and security threats Legitimate interests
Comply with legal obligations and respond to lawful requests Legal obligation

3. Sharing of Information

We do not sell personal data as defined under the California Consumer Privacy Act (CCPA). Some of the cookies on our website may qualify as “sharing” of personal information for cross-context behavioral advertising purposes under California law, but only when you have accepted those cookies through our consent banner. California residents may opt out at any time by changing their cookie preferences on our website, configuring Global Privacy Control in their browser, or emailing support@morningmuze.com.

We share limited information with the following service providers (sometimes referred to as “sub-processors”) who help us operate the Service. Each is bound by contractual confidentiality and data protection obligations.

Provider Purpose Data Shared Location
Google Firebase Authentication, analytics, AppCheck security, crash reporting Account identifiers, usage and device data, crash logs United States
RevenueCat Subscription management and entitlement tracking Account identifiers, subscription status and history United States
Hostinger Email hosting (support@ and related addresses) and website hosting Email correspondence with our support team, basic website request logs United States / European Union
HubSpot Waitlist form submissions, email marketing, and (with consent) website analytics Name, email, IP address, and browsing activity on morningmuze.com (analytics only with consent) United States
Track1099 Collection of creator tax forms (e.g., W-9) and 1099 filings Creator legal name, address, taxpayer identification number, payout amounts United States
Wise Disbursement of creator payouts Creator name, payout account details, payout amounts United States / United Kingdom

When we engage a new sub-processor, we will update this list as part of the next Privacy Policy revision. We require all sub-processors to maintain appropriate technical and organizational measures to protect personal data.

We may also disclose information to comply with legal obligations, protect rights and safety, and respond to lawful requests.

4. International Data Transfers

Morning Muze is based in the United States, and information we collect is processed and stored in the United States. If you access the Service from outside the United States, your information will be transferred to the U.S. For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on the Standard Contractual Clauses approved by the European Commission and equivalent safeguards as appropriate.

5. Data Retention & Deletion

  • User-to-user audio messages are deleted after delivery.
  • Creator content is retained while the creator’s account is active and subscriptions to that content remain available; on account deletion, content is removed within 30 days, subject to backup retention cycles.
  • Account information (name, email, profile photo) is retained while your account is active and deleted within 30 days of account deletion, subject to backup retention cycles.
  • Creator tax and payment records are retained as required by applicable tax and financial recordkeeping laws (typically a minimum of seven years for U.S. tax records), even after account deletion.
  • Analytics and device data are retained for up to 26 months in Firebase Analytics, then aggregated or deleted.

You may delete your account and associated data in-app. We will then delete or de-identify retained personal data unless we must keep it for legal, security, tax, or transactional record-keeping purposes.

6. Security

We protect your data using:

  • Encryption in transit using TLS for all communication between the App and our servers
  • Encryption at rest for stored personal data and audio recordings
  • Access controls limiting employee access to personal data on a need-to-know basis
  • Firebase AppCheck to prevent unauthorized API access
  • Authentication safeguards including secure credential storage

No method of transmission or storage is 100% secure. In the event of a data breach affecting your personal information, we will notify you and any relevant supervisory authority as required by applicable law, including within 72 hours where required by the GDPR.

7. Your Choices and Analytics Opt-Out

You can control certain data collection directly in the App:

  • Product analytics opt-out. You may disable Firebase Analytics collection from the App’s Settings menu. When disabled, we will stop collecting general usage and event data (such as which screens you view or which features you use) tied to your account. This setting can be re-enabled at any time. This setting does not affect aggregate playback statistics used to show creators how their content is performing, which do not identify individual users.
  • Notifications. You may disable push notifications from your device’s system settings.
  • Marketing emails. Where you have opted in, you may unsubscribe at any time using the link in any marketing email.

7A. Cookies and Website Tracking

Our website morningmuze.com uses cookies and similar technologies to operate the site, remember your preferences, and (with your consent) understand how visitors use the site.

Categories of cookies we use:

Category Purpose Examples Requires Consent?
Strictly necessary Required for the website to function (security, session management, remembering your cookie choices) Cloudflare bot management (__cf_bm), HubSpot consent preference (__hs_cookie_cat_pref), WordPress session cookies No
Analytics Help us understand how visitors use the site so we can improve it HubSpot analytics cookies (__hssc, __hstc, __hssrc) Yes
Marketing Identify returning visitors and support our outreach HubSpot visitor identification (hubspotutk) Yes

Third-party services used on our website:

  • HubSpot — We use HubSpot to manage our waitlist signup form, communicate with subscribers, and (with your consent) understand website traffic patterns. HubSpot cookies may persist for up to 13 months when accepted. See HubSpot’s Privacy Policy.
  • Cloudflare — Our website host uses Cloudflare for security and bot protection, which sets necessary cookies to distinguish legitimate visitors from automated traffic.
  • Google Fonts — Some elements of our website (including the cookie consent banner) load fonts from Google’s font servers, which receives your IP address as part of that request. See Google’s Privacy Policy.

Your cookie choices:

  • Cookie banner. When you first visit morningmuze.com, you will see a cookie consent banner allowing you to accept or reject non-essential cookies. Analytics and marketing cookies are not set unless you accept them.
  • Change your preferences. You may change your cookie preferences at any time by clicking the cookie settings link in our website footer.
  • Browser controls. You can clear or block cookies through your browser settings.
  • Do Not Track. Our website does not currently respond to “Do Not Track” browser signals, as no consistent industry standard exists for these signals.
  • Global Privacy Control. We honor Global Privacy Control (GPC) signals as a valid opt-out request for California residents under CCPA.

    8. Your Rights

    We honor the following rights for all users, with additional rights provided where required by law:

    For all users:

    • Access the personal data we hold about you
    • Correct inaccurate information
    • Delete your account and associated data
    • Receive a copy of your data in a portable format

    For California residents (CCPA / CPRA):

    • Right to know what personal information we collect, use, and disclose
    • Right to delete personal information
    • Right to correct inaccurate personal information
    • Right to opt out of the sale or sharing of personal information (via cookie banner, GPC signal, or email)
    • Right to limit the use of sensitive personal information
    • Right to non-discrimination for exercising your rights

    For individuals in the EEA, UK, and Switzerland (GDPR / UK GDPR):

    • Right of access
    • Right to rectification
    • Right to erasure (“right to be forgotten”)
    • Right to restrict processing
    • Right to data portability
    • Right to object to processing based on legitimate interests
    • Right to withdraw consent where consent is the lawful basis
    • Right to lodge a complaint with your local supervisory authority

    To exercise any of these rights, email support@morningmuze.com. We will respond within 30 days (or 45 days for CCPA requests, extendable to 90 days). We may need to verify your identity before fulfilling requests. There is no charge for the first request in any 12-month period.

    9. Children’s Privacy

    Morning Muze is not intended for children under 13. If we learn we have collected personal data from a child under 13, we will delete it promptly. Where local law sets a higher age threshold for parental consent (such as 16 in some EU member states), that higher threshold applies.

    10. Changes to This Policy

    We may update this Privacy Policy from time to time. Material changes will be indicated by updating the “Effective Date.” Your continued use means you accept the updated Policy.

    11. Contact

    Questions or requests: support@morningmuze.com

    For copyright concerns, see our Copyright Policy at morningmuze.com/copyright.

    Last updated: May 1st, 2026