Privacy Policy

1. Introduction

Welcome to μcor ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our modular synthesizer platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, desktop application, mobile progressive web app (PWA), and related services (collectively, the "Service").

By using μcor, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your email address, username, and password (encrypted).
• Profile Information: Optional information such as display name, profile picture, and bio.
• Payment Information: When you subscribe to paid plans, our payment processor collects payment card details. We do not store complete card numbers.
• User Content: Workspaces, patches, audio samples, custom modules, and any content you create or upload to the Service.
• Communications: Messages you send to our support team, feedback forms, or community forums.

2.2 Information Automatically Collected

• Usage Data: Information about how you use the Service, including features accessed, actions performed, and time spent.
• Device Information: Browser type, operating system, device type, screen resolution, and unique device identifiers.
• Log Data: IP address, access times, pages viewed, and the page you visited before navigating to our Service.
• Cookies and Similar Technologies: We use cookies, local storage, and similar tracking technologies to enhance user experience and analyze usage patterns.
• Audio Processing Data: Metadata about audio processing, module usage, and performance metrics (no actual audio content is transmitted unless you explicitly share it).

2.3 Information from Third Parties

• Authentication Providers: When you sign in using third-party services (e.g., Google, GitHub), we receive basic profile information.
• Payment Processors: Transaction confirmation and subscription status from payment service providers.

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide and Maintain the Service: Process your account, save your workspaces, sync across devices, and deliver core functionality.
• Improve and Optimize: Analyze usage patterns to improve performance, fix bugs, and develop new features.
• Personalization: Customize your experience, recommend modules, and provide relevant content.
• Communication: Send service updates, security alerts, support responses, and promotional emails (with opt-out option).
• Security and Fraud Prevention: Detect and prevent unauthorized access, abuse, and fraudulent activities.
• Legal Compliance: Comply with legal obligations, enforce our Terms of Service, and protect our rights.
• Analytics and Research: Conduct aggregate analysis and research to understand user behavior (anonymized data only).

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with third-party vendors who perform services on our behalf, including:

• Cloud hosting providers (e.g., AWS, DigitalOcean)
• Authentication services (e.g., Kinde)
• Payment processors (e.g., Stripe)
• Analytics services (e.g., Google Analytics, PostHog)
• Email service providers

4.2 Public Content

If you choose to share workspaces, patches, or modules publicly, this content will be visible to other users and may be indexed by search engines.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Storage and Security

We implement industry-standard security measures to protect your information:

• Data encryption in transit (HTTPS/TLS) and at rest
• Secure authentication with OAuth 2.0 and PKCE
• Regular security audits and vulnerability assessments
• Access controls and least-privilege principles
• Automated backups and disaster recovery procedures

Data Location: Your data is primarily stored in data centers located in the United States and European Union. By using the Service, you consent to the transfer of your information to these locations.

Data Retention: We retain your personal information for as long as your account is active or as needed to provide services. After account deletion, we may retain certain data for legal, security, or legitimate business purposes.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Update or correct inaccurate information.
• Deletion: Request deletion of your account and associated data.
• Portability: Export your data in a machine-readable format.
• Opt-Out: Unsubscribe from marketing communications (essential service emails will still be sent).
• Object: Object to certain data processing activities.
• Withdraw Consent: Withdraw consent for data processing based on consent (may limit Service functionality).

To exercise these rights, contact us at [email protected].

7. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for the Service to function (authentication, security, session management).
• Performance Cookies: Collect anonymous usage data to improve performance.
• Functionality Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how users interact with the Service.

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling essential cookies may impact Service functionality.

8. Third-Party Links and Services

Our Service may contain links to third-party websites, plugins, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

9. Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information promptly. If you believe we have collected information from a child under 13, please contact us at [email protected].

10. International Data Transfers

If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our servers and service providers operate. These countries may have data protection laws that differ from your jurisdiction.

For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses and other approved transfer mechanisms to ensure adequate protection of your data.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise these rights, email [email protected] with "California Privacy Rights" in the subject line.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: Consent, contract performance, legitimate interests, or legal obligations
• Right to lodge a complaint with your local data protection authority
• Right to restrict processing in certain circumstances
• Right to data portability

Our EU representative can be contacted at [email protected].

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• General Inquiries: [email protected]
• Legal: [email protected]

μcor Inc.
Privacy Team
[Company Address - To be added]

15. Consent

By using μcor, you hereby consent to our Privacy Policy and agree to its terms. If you do not agree with this policy, please discontinue use of the Service immediately.