Legal
Privacy
Last updated .
mus.ax is a small, edge-hosted music library. No analytics, no advertising, no tracking pixels, no data sales. This page lists everything we process, why, for how long, and the controls you have over it.
What we collect
- Account data (only if you sign in): email address and/or phone number, username, display name, avatar URL, bio, and the identity reported by any OAuth provider you connect (provider name, provider account id, the email it reported at link time).
- Usage data tied to your account: listening history, likes, player preferences, group memberships, permissions, and session metadata (creation/expiry times — session tokens themselves are stored only as one-way hashes).
- Verification metadata: when you use email magic-link or phone OTP sign-in, we store the address/number a code was sent to and its lifecycle timestamps. Codes are stored hashed and expire quickly.
- Comments: anonymous free text with a self-chosen display name. Comments are not linked to accounts — deliberately — which also means they cannot be exported or deleted per account (see the manual process below).
- IP addresses: used transiently for rate limiting, in in-memory counters with windows of at most 60 seconds. They are never written to storage. Anonymous likes store a keyed one-way hash derived from the IP, never the IP itself.
Why we process it (lawful basis)
- Performing the service you asked for (GDPR Art. 6(1)(b)): accounts, sign-in, sessions, preferences, listening history, likes.
- Legitimate interest (Art. 6(1)(f)): abuse prevention and security — rate limiting by IP, hashed session storage, verification-code lifecycle tracking.
We do no profiling, no automated decision-making, and no processing beyond what is listed here.
Who it is shared with
Nobody, in the advertising/analytics sense. Data lives on Cloudflare's platform (Workers, D1, R2), which processes it on our behalf. If you sign in by email or phone, the delivery provider (Resend for email, Twilio for SMS) processes the address or number needed to deliver your code. OAuth sign-in shares nothing with the provider beyond the sign-in itself.
Retention
- Account data: kept while the account exists.
- Sessions: expire after 30 days of inactivity; revoked immediately on sign-out.
- Verification codes: expire within minutes; consumed codes are kept only as metadata.
- Database backups: deleted data can persist in backups for up to 30 days (daily snapshots) and up to 365 days (weekly snapshots). Monthly archival snapshots are currently retained indefinitely and are not retroactively scrubbed — a copy of deleted data can therefore persist in cold archives. Re-delete on restore: if any backup containing deleted data is ever restored, pending and completed deletions are re-applied as part of the documented restore procedure, so a restore cannot resurrect an erased account into the live service. To object to archival retention specifically, email privacy@mus.ax.
Your rights: export and deletion
If you have an account, both controls are self-serve on your profile page (sign in, then
open your @username chip in the header):
- Export — downloads a JSON snapshot of everything listed above that is tied to your account.
- Delete — signs you out everywhere, hides your profile immediately, and permanently deletes the account and its data after a 30-day grace period. Signing in again before the purge date cancels the request. Aggregate like counts survive deletion, but with no link to you.
Manual process (no account, anonymous comments, or anything else): email privacy@mus.ax. Comments are anonymous by design, so to amend or remove one, quote its text in your message. We answer within 30 days, as GDPR requires — usually much faster.
Cookies
Two functional cookies, no tracking cookies: a session cookie (only after you sign in) and a CSRF token that protects state-changing forms. Short-lived handshake cookies exist only for the minutes an OAuth sign-in is in flight.