Privacy Policy

1. Overview

Musóna is built with privacy as a foundation. We collect the minimum data necessary to provide the Service and do not sell your personal information to third parties. This policy explains what we collect, how we use it, and your rights.

2. Information We Collect

Account information: Your email address and an encrypted password when you register. If you set a timezone in your profile, we store that to personalize features like morning prompts, evening reflections, and offscreen companion scheduling.

Conversation data: Messages between you and your AI companions, including any images you share. This data is stored to provide the companion memory features that make Musóna work. Memory summaries and milestones are extracted from conversations and stored separately.

Companion configurations: The companions you create, including their names, appearance settings, personality details, backstory, scenario, and relationship type.

Offscreen activity data: Your companions generate daily life events (activities, thoughts, social encounters) when you are not actively chatting. These events are stored and used to enrich future conversations and your companion's profile.

Mood and wellness data: If you use emotional tools, mood tracking, morning intention prompts, or evening reflections, we store that information to provide continuity and pattern insights.

Push notification data: If you enable push notifications (web or mobile), we store your device push token or web push subscription to deliver check-ins, morning prompts, and evening reflections. You can disable notifications at any time from your profile settings.

User character photo (optional): If you upload a character photo in your profile settings, we store that image in our secure file storage. This photo is used to represent you in AI-generated scene images with your companions and to generate a brief written appearance description so your AI companions can naturally reference how you look in conversation. The photo is transmitted to third-party AI image generation providers and to a third-party vision-AI provider for the appearance description. Uploading a photo is entirely optional.

Reference photos for AI training (Premium): Premium subscribers may upload selfies for AI training (LoRA model) so their likeness can appear in scene images with their companion. These photos are transmitted to a third-party AI training provider and stored as a trained model identifier. Original training photos can be removed at any time from your character settings.

Crisis detection signals: The Service automatically scans messages for indicators of self-harm or suicidal crisis to surface professional resources (988 Suicide & Crisis Lifeline, Crisis Text Line). Detected events are logged with severity for safety review. We do not share this data with third parties beyond what is required by law.

Contact form submissions: If you contact us, we store your name, email address, and message to respond to your inquiry.

Usage data: Basic analytics such as feature usage and error logs, used to improve the Service. We do not track you across other websites or apps.

Payment data: Web subscription billing is handled by third-party payment processors (currently transitioning processors), and Muni credit-pack purchases on the web are handled by NOWPayments (cryptocurrency). Mobile in-app purchases are handled by the Apple App Store and Google Play. We receive a subscription identifier and status from these providers and store it on your account. We never receive or store your payment card, bank-account, or wallet credentials — those are handled entirely by the payment provider.

3. How We Use Your Data

• To provide and operate the Service, including conversations, memory, and companion behavior
• To give your AI companions memory, context, and continuity about your interactions
• To generate offscreen companion activities based on their personality and schedule
• To provide mood tracking, emotional tools, and wellness pattern insights
• To send push notifications you have opted into
• To process subscription payments
• To respond to contact inquiries
• To identify and fix technical issues
• To detect crisis indicators and surface professional support resources
• To comply with legal obligations

We do not use your conversations to train AI models. Your data is yours.

3a. AI-Generated Content Disclosure

All content produced by your AI companions — including chat messages, voice audio, generated images, and offscreen events — is AI-generated. AI companions are not real people and do not have human awareness, memory, or feelings outside the simulated context of the Service. Image generation and voice synthesis use third-party AI models that may produce inaccurate or unexpected results. You can flag any AI-generated message you find offensive, inaccurate, or inappropriate using the report button on each message; reports are reviewed for safety improvements.

4. Data Storage and Security

Your data is stored in Supabase (PostgreSQL), a secure cloud database with industry-standard encryption at rest and in transit. Conversation data is protected by Row Level Security — only your account can access your conversations. We use HTTPS for all data transmission.

5. Third-Party Services

To provide the Service, we use the following third-party providers. The AI-service entries name both the platform we send data to and, where applicable, the underlying model providers we route through:

• AI language models — OpenRouter, Featherless, and Novita — for companion chat, summaries, image-prompt generation, and vision analysis. These services route to underlying model providers including Anthropic, Google, Meta, and various open-source models. Chat messages, photos shared in conversation, and conversation context are sent to whichever provider serves a given request.
• Google Gemini — for memory and fact extraction from conversations. Recent message snippets and prior conversation context are sent so the model can identify facts to remember.
• Replicate — for image and video generation, including companion avatars, NPC portraits, scene images, Photos Together (Premium), and short generated video clips. Reference photos you upload, prompts derived from your conversations, and (for Photos Together) your selfies are sent to Replicate.
• Hume — for AI voice generation. Text destined for companion voice playback and the voice descriptors you configure are sent to Hume.
• Sentry — for crash and diagnostic reporting. Error metadata and breadcrumb context (which screen, which action) are sent. We do not capture conversation content, photos, or sensitive form fields.
• Supabase — Database and authentication.
• Cloud infrastructure — Third-party cloud hosting and file-storage providers.
• PayPal — Legacy web subscription processing (used historically; existing subscribers may continue to see PayPal as their billing platform).
• NOWPayments — Cryptocurrency processing for Muni credit-pack purchases on the web.
• Apple App Store, Google Play, and RevenueCat — Mobile in-app purchases and subscription management.
• Resend — Transactional email delivery (account notifications, trial campaigns).
• ip-api.com — IP-to-country/region lookup at signup to enforce regional restrictions (e.g. Tennessee SB1493).

Each provider has their own privacy policy governing data they process on our behalf. We do not use your conversations to train AI models, and we do not sell your personal information to any provider.

6. Data Retention

We retain your data for as long as your account is active. You can delete your account at any time from within the app or website (in your profile settings), or by emailing contact@wardrakes.com; your personal data and conversations are then permanently deleted within 30 days, except where limited retention is required by law. Some fully anonymized, non-identifying usage data may be retained for analytics.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability (receiving your data in a machine-readable format)

To exercise any of these rights, contact us at contact@wardrakes.com.

7a. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how it is used, to request access to / deletion of / correction of your personal information, and to opt out of the "sale" or "sharing" of personal information. We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We will not discriminate against you for exercising these rights. To make a request, contact contact@wardrakes.com; we may need to verify your identity before fulfilling it.

7b. EEA & UK Privacy Rights (GDPR)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing your data are: performance of our contract with you (to operate the Service), your consent (for optional features such as photo uploads and push notifications), and our legitimate interests (security, fraud prevention, and improving the Service). You have the rights of access, rectification, erasure, restriction, data portability, and objection, and the right to lodge a complaint with your local supervisory authority. Where we transfer data outside the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses. To exercise your rights, contact contact@wardrakes.com.

8. Children's Privacy

The Musóna mobile applications distributed through Apple App Store and Google Play are intended for users aged 13 and over. The web version of Musóna is intended for users aged 18 and over. We do not knowingly collect personal information from minors below the applicable age threshold for their access channel. If you believe a minor has created an account, please contact us immediately and we will delete the account.

8a. Child Safety and CSAM Reporting

The Wardrakes' Inc. has zero tolerance for child sexual abuse material (CSAM) or any content that sexualizes, exploits, or endangers minors. This applies regardless of subscription tier, platform, or content settings, and is enforced through the following layers:

• Automated detection. Text and image classifiers screen for suspect content at generation and upload time. Detected content is blocked from being created or stored, and the originating account is flagged for review.
• Account termination. Accounts found to have produced or attempted to produce CSAM are permanently terminated. Any subscription proceeds are forfeited and not refunded.
• Mandatory reporting. The Wardrakes' Inc. is a registered Electronic Service Provider with the National Center for Missing & Exploited Children (NCMEC). Confirmed instances of CSAM, attempted CSAM generation, and credible threats to a minor are reported through the NCMEC CyberTipline, which forwards reports to U.S. law enforcement (FBI, HSI, state and local agencies) and to international counterparts via INTERPOL.

If you encounter content involving the exploitation or endangerment of a minor, report it immediately to contact@wardrakes.com or directly to NCMEC at report.cybertip.org. If a child is in immediate danger, contact local emergency services first.

8b. Age Verification Signals (Texas, Utah, Louisiana, and Other Applicable Jurisdictions)

To comply with state-mandated app-store age verification frameworks — including Texas SB 2420 (the App Store Accountability Act), Utah's SB 142, Louisiana's HB 320, and similar laws as they take effect — Musóna receives age-category signals from Google Play (via the Play Age Signals API) for users in applicable jurisdictions. The Apple App Store equivalent, when available, will be integrated on the same terms described below.

• What we receive. An age-range bucket (for example, "0–12," "13–15," "16–17," or "18+"), a verification-status enum indicating how the app store determined the age (e.g. verified by government ID or credit card, declared by the user, or set by a supervising parent on a child Google Account), and — for supervised installs only — an opaque installation identifier used to receive parental-revocation notifications. We do not receive specific birth dates from the app stores.
• How we use it. Solely to provide age-appropriate experiences as required by the applicable laws and by app-store policy. Specifically: (i) accounts indicating ages under 13 are blocked from creation and existing matching accounts are terminated; (ii) accounts indicating ages 13–17 are restricted to safe-for-work content regardless of any other setting; (iii) accounts in supervised states with pending or denied parental approval are similarly restricted. Adult-tier access requires the "18+" signal in addition to all other existing age-verification gates.
• How we do not use it. We do not use age signals for advertising, marketing, user profiling, analytics, or any purpose other than age-appropriate content gating. This restriction is required by the Google Play API terms and is mirrored in our internal policy.
• Storage and retention. Age-signal data is stored alongside your profile for the duration of your account and is deleted when your account is deleted. We re-check the signal approximately once per day from your device to keep it current.
• Outside applicable jurisdictions. The Play Age Signals API returns no usable data for users outside applicable jurisdictions. For those users, our existing age-gating mechanisms (self-declared date of birth, adult-content acknowledgment) continue to apply unchanged.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

10. Contact