Privacy Policy

Mysa Audio ("Mysa," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services (collectively, the "Service").

By accessing or using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

We understand the sensitive nature of our Service and take extra precautions to protect your privacy and maintain discretion.

Information You Provide

• Account Information: Email address and password when you create an account
• Payment Information: Payment details processed through Stripe (we do not store complete credit card numbers)
• User Content: Audio files, metadata, and other content you upload to the Service
• Communications: Information you provide when contacting support or providing feedback
• Age Verification: Confirmation of your age (18+) through our age gate

Information Collected Automatically

• Usage Data: Listening history, favorites, search queries, and interaction with content
• Device Information: Device type, operating system, browser type, and unique device identifiers
• Log Data: IP address, access times, pages viewed, and referring URLs
• Location Data: General geographic location based on IP address (country/region level only)

Information We Do NOT Collect

• Real name (unless you choose to provide it)
• Physical address (unless required for specific services)
• Phone number
• Government ID or social security number
• Precise geolocation data

We use your information for the following purposes:

Service Operations

• Provide, maintain, and improve the Service
• Process transactions and manage subscriptions
• Authenticate users and manage accounts
• Personalize your experience (recommendations, favorites, history)
• Respond to support requests and communications

Safety & Security

• Verify age eligibility
• Detect, prevent, and address fraud or abuse
• Enforce our Terms of Service
• Protect the rights and safety of users
• Comply with legal obligations

Communications

• Send transactional emails (account verification, password reset, payment receipts)
• Notify you of changes to the Service or policies
• Send promotional communications (only with your consent, and you can opt out)

Analytics

• Analyze usage patterns to improve the Service
• Measure the effectiveness of features
• Generate aggregated, anonymized statistics

We value your privacy and limit sharing of your information. We do NOT sell your personal information to third parties.

We May Share Information With:

• Service Providers: Third parties that help us operate the Service (payment processing, hosting, analytics) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government request
• Safety: When necessary to protect the safety, rights, or property of Mysa, our users, or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
• With Your Consent: When you explicitly authorize us to share information

We Do NOT Share:

• Your listening history or preferences with third parties for advertising purposes
• Your account information with other users (unless you choose to make content public)
• Your email address for marketing by third parties

We retain your information for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal obligations (tax records, legal holds)
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

Account Data: Retained while your account is active and for up to 30 days after deletion request to allow for recovery.

Usage Data: Aggregated and anonymized data may be retained indefinitely for analytics.

Payment Records: Retained for 7 years as required by tax and financial regulations.

User Content: Deleted upon request or account termination, subject to backup retention periods (up to 90 days).

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: All data transmitted to and from the Service is encrypted using TLS/SSL
• Secure Authentication: Passwords are hashed using industry-standard algorithms
• Access Controls: Limited employee access to personal data on a need-to-know basis
• Infrastructure Security: Cloud hosting with enterprise-grade security (AWS)
• Regular Audits: Periodic security assessments and vulnerability testing

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

You have the following rights regarding your personal information:

Access & Portability

You can request a copy of your personal data by contacting [email protected]. We will provide your data in a commonly used, machine-readable format.

Correction

You can update your account information through the Settings page or by contacting us.

Deletion

You can request deletion of your account and personal data. Some information may be retained as required by law or for legitimate business purposes. To delete your account, contact [email protected].

Opt-Out

• Marketing Emails: Unsubscribe using the link in any promotional email
• Cookies: Adjust your browser settings to refuse cookies
• Analytics: Contact us to opt out of analytics tracking

Do Not Track

We do not currently respond to "Do Not Track" browser signals as there is no industry standard for handling them.

We use cookies and similar technologies for the following purposes:

Essential Cookies

Required for the Service to function. These include authentication tokens, session management, and security features. You cannot opt out of essential cookies.

Preference Cookies

Remember your settings and preferences, such as age verification status and audio player settings.

Analytics Cookies

Help us understand how users interact with the Service. We may use third-party analytics services that use cookies.

Managing Cookies

Most browsers allow you to control cookies through settings. Blocking essential cookies may prevent you from using certain features of the Service.

We use the following third-party services that may collect information:

• Amazon Web Services (AWS): Cloud hosting and infrastructure
• Amazon Cognito: User authentication and account management
• Stripe: Payment processing (Stripe Privacy Policy)
• Cloudflare: Security and content delivery (Cloudflare Privacy Policy)

These services have their own privacy policies. We encourage you to review them. We are not responsible for the privacy practices of third-party services.

The Service may contain links to external websites. We are not responsible for the privacy practices of those websites.

The Service is strictly for adults 18 years of age and older.

We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a minor, we will delete that information immediately.

If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected].

Mysa is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using the Service, you consent to the transfer of your information to the United States and other countries, which may have different data protection laws than your country of residence.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: We rely on appropriate legal mechanisms for international data transfers, including standard contractual clauses where applicable.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of what personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise your California privacy rights, contact us at [email protected] with "California Privacy Request" in the subject line.

California "Shine the Light"

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing purposes.

This Privacy Policy and any disputes arising out of or related to it or to your use of the Service shall be governed by and construed in accordance with the laws of the State of Wyoming, United States, without regard to its conflict of law provisions.

By using the Service, you consent to the exclusive jurisdiction of the state and federal courts located in Wyoming for the resolution of any disputes relating to this Privacy Policy.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification for significant changes
• Displaying a notice within the Service

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data access, correction, or deletion requests, please include "Privacy Request" in the subject line and provide sufficient information to verify your identity.

We will respond to your request within 30 days (or sooner if required by applicable law).