CREATE FREE ACCOUNT · NO CARD REQUIRED START FREE
LOG IN SIGN UP

Privacy Policy

MuseRelay privacy and data protection information.

Home Privacy Policy

Last updated: 2026-05-07

1. Data controller

The U.S. entity Muse Layer LLC acts as the commercial operator. For GDPR purposes, the entity below has been designated as EU Representative pursuant to Article 27 GDPR. GDPR data subject requests are handled through the EU Representative.

1.1. Commercial operator (parent)

  • Legal name: Muse Layer LLC
  • Address: 5203 Juan Tabo Blvd, Ste 2B, Albuquerque, NM 87111, USA
  • EIN: 30-1474701
  • Jurisdiction: New Mexico (USA)

1.2. EU Representative (GDPR Art. 27) and technology processor

  • Legal name: Screen Art S.L.
  • VAT/Tax ID: B57029415
  • Address: Carrer Rosari 47, 07420 - Sa Pobla, Illes Balears, España
  • Email: screenart@muserelay.com

2. Data protection contact

3. Purposes of processing

  • Providing the MuseRelay service and managing the user account.
  • Handling inquiries, technical support and operational communications.
  • Billing and compliance with accounting and tax obligations.
  • Compliance with legal obligations (GDPR, e-commerce regulations, applicable tax law).
  • Service improvement through aggregated, anonymized metrics.

3.bis Categories of data processed

  • Account and organization: name, email, encrypted credentials, roles, workspace, preferences, language and billing/tax data.
  • Contacts and end users: name, email, phone number, channel identifiers, labels, notes, history and data provided during conversations.
  • Conversations and tickets: messages, human or AI replies, status, assignments, priority, attachments, audit trail and public token-based tracking.
  • Calendars and bookings: appointments, resources, service types, availability, confirmations, cancellations, reminders and data required to provide the service.
  • Voice and telephony: caller ID (CLI), called number, timestamps, duration, routing and textual transcript. MuseRelay does not store call audio unless a specific feature expressly states otherwise.
  • Files and multimodal data: images, audio, documents or other attachments sent by the Customer or its end users through connected channels.
  • Technical and security data: IP, device, browser, logs, encrypted integration tokens, audit events and usage metrics.

MuseRelay native calendar and native ticketing system allow bookings, availability and support to be managed inside the platform. This reduces the need to transfer personal data to external tools and keeps that data on the European servers used by MuseRelay, except for external integrations voluntarily enabled by the Customer.

4. Legal basis

  • Performance of contract (Art. 6.1.b GDPR) for service delivery and billing.
  • Compliance with legal obligations (Art. 6.1.c GDPR) for accounting and tax retention.
  • Legitimate interest (Art. 6.1.f GDPR) for security, fraud prevention and anonymized metrics.
  • Consent (Art. 6.1.a GDPR) for marketing communications and non-essential cookies.

4.ter Analytics, captcha and Google services not used

MuseRelay does not use Google Analytics or equivalent third-party advertising analytics tools on the legal pages and public platform flows. Any operational metrics are internal, aggregated or technical, and are used for security, performance and service billing.

For anti-bot protection we do not use Google reCAPTCHA or third-party reCAPTCHA providers. The public captcha configured by default is self-hosted ALTCHA, verified by MuseRelay on its own infrastructure, avoiding the transfer of the anti-bot check to Google or other external providers.

4.bis Meta Platforms data (Instagram, Facebook Messenger, WhatsApp Business)

When you connect Instagram Business, Facebook Messenger or WhatsApp Business to MuseRelay, we receive from Meta Platforms:

  • Account profile information (name, picture, ID).
  • Incoming messages and attachments.
  • Webhook events (delivery, read receipts).

This data is used solely to provide the messaging functionality within MuseRelay. We do NOT use Meta data for:

  • AI model training.
  • Marketing or advertising.
  • Resale to third parties.
  • Cross-platform profiling.

Data deletion: per GDPR Art. 17, users can request full deletion through:

  • Their MuseRelay account settings.
  • Email to privacy@muserelay.com.
  • The dedicated public page /data-deletion.
  • The Facebook deauthorize callback configured in our Meta App.
  • The Facebook data deletion request flow.

5. Data retention

Data is retained for the duration of the contractual relationship and afterwards for the legally required periods (a minimum of 6 years for tax and accounting records under applicable law).

6. Recipients and subprocessors

We work with a limited set of subprocessors (infrastructure, messaging and telecommunications providers) who act under data processing agreements. The up-to-date list is available at /subprocessors. Main processing infrastructure is located in Alemania (UE) y Bélgica (UE).

7. International transfers

Where a subprocessor is located outside the European Economic Area, the safeguards set out in Chapter V of the GDPR apply (Standard Contractual Clauses approved by the European Commission, adequacy decision and/or additional technical measures such as encryption).

8. Data subject rights

You may exercise your rights of access, rectification, erasure, objection, restriction, portability and to not be subject to automated decisions by writing to privacy@muserelay.com or privacy@muserelay.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) as the supervisory authority of the EU Representative.

9. Security

We apply appropriate technical and organisational measures (encryption in transit and at rest, access control, audit logging and incident response procedures) in accordance with Art. 32 GDPR.