Go Premium

Legal

Privacy Policy

Last updated: May 25, 2026Effective: May 25, 2026

OrientalMuse ("we", "us", "our") operates the website at orientalmuse.com. This Privacy Policy explains what personal data we collect when you use our service, why we collect it, and what rights you have regarding that data. We comply with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

We collect information you provide directly to us and information generated automatically as you use our service.

Information you provide:

  • Account data — name, email address, and password when you register.
  • Profile data — optional avatar or display name you choose to set.
  • Payment data — billing details processed by Paddle (our Merchant of Record). We never store full card numbers; Paddle handles all payment data under their own privacy policy.
  • Communications — messages you send us via email or support forms.

Information collected automatically:

  • Usage data — pages visited, images viewed, search queries, click patterns, and session duration.
  • Device data — IP address, browser type and version, operating system, screen resolution, and referring URL.
  • Cookies and similar technologies — see Section 4 for details.
  • Log data — server logs including access times, request paths, and error information.

Information from third parties:

  • OAuth providers — if you sign in with Google or Apple, we receive your name, email address, and profile picture from that provider.
  • Analytics partners — aggregated, anonymized traffic data from Google Analytics 4.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service provision — creating and managing your account, authenticating logins, and delivering the content and features you request.
  • Subscription management — processing payments, activating Premium access, and sending billing receipts via Paddle.
  • Personalization — remembering your preferences, favorites, and download history.
  • Communications — sending transactional emails (registration confirmation, password reset, billing receipts). We do not send marketing emails without your explicit consent.
  • Analytics & improvement — understanding how our service is used to improve performance, fix bugs, and add features.
  • Safety & legal compliance — detecting and preventing fraud, abuse, and unauthorized access; complying with applicable laws.

Legal bases (GDPR): We process your data on the basis of (a) contractual necessity to provide the service; (b) your consent where explicitly given; (c) legitimate interests in operating and improving a secure service; and (d) legal obligation where required.

3. How We Share Your Information

We do not sell your personal data. We share information only in the following limited circumstances:

  • Service providers — Supabase (database hosting), Cloudflare (CDN and image delivery), Paddle (payment processing), Vercel (application hosting), Resend (transactional email), Google Analytics (anonymized traffic analytics).
  • Legal requirements — when required to comply with a legal obligation, court order, or to protect the rights, property, or safety of OrientalMuse, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as a business asset. You will be notified of any such transfer.
  • With your consent — in any other circumstance where you have given explicit consent.

4. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve our service.

  • Essential cookies — required for authentication, session management, and security. Cannot be disabled.
  • Preference cookies — remember your settings such as display preferences. Can be disabled.
  • Analytics cookies — Google Analytics 4 cookies collect anonymized usage data. You can opt out via our cookie banner or by using Google's opt-out tool.
  • Advertising cookies — Google AdSense may set cookies for ad personalization when ads are displayed to non-Premium users. Premium members see no ads.

You can manage cookie preferences via the cookie consent banner displayed on your first visit, or by adjusting your browser settings. Note that disabling essential cookies may prevent you from using core features.

5. Data Retention

  • Account data — retained for as long as your account is active, plus 30 days after deletion to allow recovery.
  • Billing records — retained for 7 years to comply with tax and accounting regulations.
  • Usage logs — retained for 90 days then deleted or anonymized.
  • Deleted account data — purged within 30 days of account deletion, except where retention is legally required.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection / Restriction — object to or request restriction of certain processing activities.
  • Withdraw consent — withdraw any consent you have previously given at any time.
  • CCPA rights — California residents may opt out of any sale of personal data (we do not sell data), request disclosure of data categories collected, and request deletion.

To exercise any of these rights, contact us at privacy@orientalmuse.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Data Security

We implement industry-standard security measures to protect your personal data:

  • All data in transit is encrypted via TLS 1.2 or higher.
  • Passwords are hashed using bcrypt and never stored in plain text.
  • Database access is restricted via Row Level Security (RLS) policies through Supabase.
  • Private content is gated behind signed, time-limited URLs.
  • We conduct regular security reviews of our infrastructure.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at security@orientalmuse.com.

8. Children's Privacy

OrientalMuse is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a user under 18 has provided us with personal data, we will promptly delete that information. If you believe a minor has registered, please contact us at privacy@orientalmuse.com.

9. International Data Transfers

Our servers are located in the United States and the European Union via our service providers (Supabase, Vercel, Cloudflare). If you are located in the EEA, UK, or Switzerland, your data may be transferred to countries that do not have the same data protection laws as your jurisdiction. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and, where applicable, the UK International Data Transfer Agreement (IDTA) to safeguard such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, sending an email notification to registered users. Your continued use of the service after the effective date of the revised policy constitutes your acceptance of the changes.

11. Contact Us

For any privacy-related questions or requests, contact our Privacy Team:

OrientalMuse

Email: privacy@orientalmuse.com

Website: orientalmuse.com

We aim to respond to all privacy requests within 30 days.