Musaic.

Privacy

Updated April 2026

Short version: Musaic is a community songbook. When you pin a song, your username, the song, and the emotion you tagged it with are visible to other people in the app. We collect what we need to make that work — and nothing else. No ads, no tracking, no selling.

What we store

• Your email and a password hash — so you can sign in.
• Your pins (song + emotion + optional story text). By default, your pins join the community songbook so other listeners can see them. Each individual pin can be made private with the "Things I couldn't say" toggle — those private pins are encrypted at rest and only visible to you.
• Basic usage signals (when the app was opened, which tabs were tapped) — so we can make the app better without watching any specific person.

What we don't do

• We don't sell your data. Full stop.
• We don't run ad tracking.
• We don't read your story content to train AI models — whether your pin is public or private.
• We don't allow direct messaging, comments, or friend requests inside Musaic. Public pins show your username, the song, and the story you wrote — and that's the entire surface area for being seen. No one can DM you. No one can reply to your pin. Pins you mark with "Things I couldn't say" are visible to no one but you.

Third parties we use

• Apple iTunes Search API — to find songs you type into the search box. No user data is sent.
• Apple MusicKit — we sign short-lived developer tokens on our server so the app can request preview clips and (for Apple Music subscribers) play full songs through your existing subscription. If you choose to authorize Apple Music access on first playback, the app reads a short-lived “Music User Token” from Apple to play the full track; that token is stored only on your device, never sent to our servers, and can be revoked at any time from iOS Settings → Apple Music. We do not receive your subscription status, your library, or your listening history. Non-subscribers and users who decline authorization continue to hear 30-second previews; we never ask twice. The signing key never leaves our backend.
• Sign in with Apple — optional authentication. Apple handles the login; we receive only what you explicitly share (an anonymous user id and, if you choose, your name and email or a private relay email).
• Resend — to deliver transactional emails (password reset codes). Your email address is shared only to send that message.
• Anthropic / OpenAI (via Emergent LLM) — only when you use Ask Refrain, and only your text description is sent (no account details, no historical data).

Your data is yours

You can delete your account and all associated data from the in-app Settings screen. If you’re in California, you have rights under CCPA/CPRA (know, delete, correct, non-discrimination). If you’re in the EU/UK, you have rights under GDPR (access, rectify, erase, restrict, object, port). Email us to exercise any of these; we respond within 30 days. Musaic complies with COPPA — the app enforces a 13+ age gate at sign-up.

Contact

Email hello@musical-mosaic.app with questions.