Privacy Policy

1. Introduction

Welcome to Museformer. This Privacy Policy explains how James Garrick ("we," "us," or "our") collects, uses, discloses, and protects your information when you use our web application and related services (collectively, the "Service").

By using Museformer, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: When you create an account, we collect your email address and, if you sign in with Google, basic profile information provided by Google (such as your name and profile picture).

User Content: Projects, analyses, comments, and other content you create, upload, or share through the Service.

Profile Information: Information you add to your public profile, including display name and any other information you choose to share.

2.2 Information Collected Automatically

Local Storage Data: The Service uses browser local storage and session storage to save your work locally on your device. This data remains on your device unless you choose to sync it to our cloud services.

Error and Diagnostic Data: We use Sentry to collect error reports, crash logs, and diagnostic information to help us identify and fix issues with the Service. This may include device information, browser type, and error stack traces.

3. How We Use Your Information

We use the information we collect to: provide, maintain, and improve the Service; enable you to save and sync your projects across devices; send you transactional emails (such as one-time passwords for login) via Amazon SES; display your public profile and shared projects to other users; monitor and analyze usage patterns and errors to improve the Service; respond to your inquiries and provide customer support; and comply with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: We work with third-party service providers including Supabase (database and authentication), Sentry (error monitoring), Amazon SES (email delivery), and Google (OAuth authentication).

Public Content: Projects and profile information you choose to make public will be visible to other users of the Service.

Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5. Data Storage and Security

Your account data and cloud-synced projects are stored securely using Supabase. We implement industry-standard security measures to protect your information, including encryption in transit and at rest. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. If you delete your account, we will retain your data for up to 30 days to allow for account recovery, after which it will be permanently deleted from our systems. Some information may be retained longer if required by law or for legitimate business purposes.

7. Your Rights and Choices

Access and Portability: You can access and download your projects at any time through the Service.

Deletion: You can delete your account through the Service settings. This will initiate the deletion of your personal information as described in Section 6.

Local Data: You can clear local storage data through your browser settings at any time.

8. Children's Privacy (COPPA Compliance)

Museformer is designed as an educational tool and may be used by individuals under the age of 13. We comply with the Children's Online Privacy Protection Act (COPPA).

For users under 13: We require verifiable parental consent before collecting personal information from children. The core editor functionality can be used without an account, using only local storage on the device. Account creation and cloud features require parental consent for users under 13. Parents or guardians may review, delete, or refuse further collection of their child's information by contacting us at jamesgarrick1027@gmail.com.

If we learn that we have collected personal information from a child under 13 without proper parental consent, we will take steps to delete that information promptly.

9. International Users (GDPR Compliance)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and similar laws.

Legal Basis for Processing: We process your personal data based on: your consent (for optional features and communications); performance of a contract (to provide the Service); and our legitimate interests (to improve the Service and ensure security).

Your GDPR Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You also have the right to withdraw consent at any time and to lodge a complaint with a supervisory authority.

International Transfers: Your data may be transferred to and processed in the United States, where our service providers are located. We ensure appropriate safeguards are in place for such transfers.

To exercise your rights, please contact us at jamesgarrick1027@gmail.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Effective Date" above. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

James Garrick

Email: jamesgarrick1027@gmail.com

Location: Tennessee, United States