MuseScope Privacy Policy

Effective date: 13 July 2026 · Last updated: 13 July 2026 · Version: 1.0

MuseScope is operated by Igor Fomin ("MuseScope", "we").

This policy explains what information the MuseScope website (musescope.app) and the MuseScope iOS application process, why, and what your choices are. MuseScope does not sell personal information, and we do not send marketing emails.

Privacy and support contact: support@musescope.app

This document has three parts: A — the website, B — the iOS application, C — provisions common to both.

Part A — Website (musescope.app)

A.1 What the website is

The website is a read-only art catalogue. It has no user accounts, no registration, no contact forms, no newsletter, and it does not display advertising. You can browse the website without creating an account or actively submitting personal information.

A.2 What the website processes

When you visit the website, our infrastructure and analytics may process:

  • your IP address and the approximate country or region derived from it;
  • browser type, device type and operating system;
  • the pages you view, the date and duration of your visit, and the site you arrived from (including advertising-campaign attribution parameters, if present in the link);
  • server request and security logs;
  • your cookie-consent choice.

Server access and security logs are retained for up to 90 days.

A.3 Analytics (Google Analytics 4)

We use Google Analytics 4 to understand page views, traffic sources, approximate visitor geography, browser and device statistics, and site performance.

We use Google Consent Mode. In the European Economic Area, the United Kingdom and Switzerland, analytics consent is required: Google Analytics does not store Analytics cookies or a client identifier until you grant consent by choosing "Accept" in the consent banner. "Decline" is always as easy to choose as "Accept", and the website remains fully functional if you decline. Outside those regions analytics may run by default; in every region you can opt out or change an earlier choice at any time via the permanent Cookie settings control in the website footer.

Advertising storage, ad personalisation and remarketing are disabled everywhere. We do not use Google Ads remarketing, Meta Pixel, TikTok Pixel, session recording, heatmaps or A/B-testing tools. Google Analytics data retention is limited to 14 months.

A.4 Cookies and local storage

NameProviderPurposeCategoryExpiryParty
ms-consent (localStorage)MuseScopeRemembers your cookie-consent choiceNecessaryUntil you clear itFirst-party
_gaGoogle AnalyticsDistinguishes visitorsAnalytics (consent-gated in EEA/UK/CH)2 yearsSet on our domain by Google's script
_ga_HCSHFBNW05Google AnalyticsKeeps session stateAnalytics (consent-gated in EEA/UK/CH)2 yearsSet on our domain by Google's script

The website language is part of the page address (for example /de/…) and is not stored in a cookie.

Part B — iOS Application

B.1 Account and sign-in

You can use large parts of the app without an account. If you sign in, MuseScope creates an account and may store:

  • your email address;
  • if you use Google Sign-In: your Google account identifier, the name Google provides, and your Google profile photograph;
  • if you use Sign in with Apple: your Apple identifier and, at your choice, your name and email address, which may be Apple's private relay address;
  • your chosen display name and a profile image or avatar you upload;
  • an internal MuseScope account identifier, the account creation date, and authentication timestamps and security logs.

Email is used only for signing in (one-time codes), restoring access, security notices and essential account communications — never for marketing.

Account and profile information is kept while your account is active and removed when you delete the account (see B.8).

B.2 Preferences and activity

Linked to your account, MuseScope may store: favourite artworks, artists and museums; likes; your recognition history (see B.3); interface language, guide language and voice selection; search queries and viewed content; and your subscription or entitlement status.

We use this to sync your experience across devices, restore your preferences, improve search, recommend relevant artworks, artists, museums and stories, and understand aggregate feature usage. Your profile, favourites and activity are not visible to other users. Search and viewing activity and recognition metadata are retained for up to 12 months unless you delete your account earlier.

B.3 Camera, photos and artwork recognition

When you scan an artwork or a museum label, the app uses your camera or a photo you select. Museum-label text recognition (OCR) normally happens on your device but may be processed on MuseScope infrastructure when server-side recognition is required. For artwork recognition the image is uploaded to MuseScope infrastructure (Microsoft Azure, United States regions) and processed by MuseScope recognition services together with Microsoft Azure AI Vision, Google and OpenAI commercial APIs.

Recognition history. If you are signed in, your account may record the outcome of a recognition: the recognised artwork, a link to the relevant artwork record, the date and time, and related recognition metadata — for example, that you recognised a particular Leonardo da Vinci painting on a particular day. Your recognition history never contains the photograph you submitted.

Uploaded photographs. The original photograph is uploaded to temporary storage and processed separately from your account history. It may be used for recognition, label-text extraction, artwork cropping, embeddings and similar temporary technical representations, detecting recognition failures, automatically measuring and improving the quality of the recognition pipeline, and investigating security or technical incidents. Once this processing workflow separates the photograph from your request, the photograph is no longer associated with your account; it is not placed in your history, is not retained as part of your profile, and is deleted automatically under the retention schedule in this policy — in all cases within 30 days. Temporary crops and embeddings derived from your photo are likewise deleted when no longer needed.

External recognition providers do not receive your MuseScope account identifier, email address, profile information or other persistent identity information; only an opaque technical request identifier is used.

Uploaded photographs are not used to train MuseScope models or third-party AI models and are not added to a permanent training dataset; they are not used for advertising or marketing profiles, for facial recognition, or to identify museum visitors. People who incidentally appear in a photo are treated as irrelevant visual noise and are not identified or analysed. Routine manual review of user photographs is not part of the service.

B.4 AI art guide and chat

The app includes an AI-powered art guide you can ask about artworks, artists, museums, architecture, history and related cultural and educational topics. Questions outside these subjects may be refused or redirected.

To answer, MuseScope sends to a commercial AI provider (OpenAI, Anthropic or Google, depending on configuration): your question, recent conversation context, the name of the relevant artwork, artist, museum, or place explicitly selected or mentioned by you, related MuseScope editorial information, label text or recognition results where relevant, and an opaque, temporary conversation identifier. We do not send your email address, account or Google/Apple identifiers, profile, or subscription transaction identifiers, and we do not send your device location or location data collected by the app.

We use these providers under commercial API terms that do not use customer content to train their general-purpose models by default, and we do not enable optional data-sharing settings. Providers may retain limited technical or abuse-prevention records under their own service terms.

Chat context is kept only to maintain the conversation and is automatically deleted within 24 hours of your last interaction; chat does not become part of your account history, and there is nothing you need to delete manually. We do not use chat content for training models, marketing, advertising profiles, or routine manual review.

B.5 Location

While you are using artwork recognition, MuseScope may ask for your approximate location. It is used to estimate which museum you are visiting, narrow the set of candidate artworks, and improve recognition accuracy.

Granting location access is optional, and the app remains fully usable without it. Location is not stored in your recognition history, is not permanently linked to your account, is not used for advertising or long-term visit tracking, and is not sent to conversational AI providers. It is discarded after the relevant recognition request is complete. The app does not request precise location.

B.6 App analytics and diagnostics

We rely on Apple App Analytics and Apple-provided crash and diagnostic reports (controlled by your iOS "Share with App Developers" setting), plus MuseScope's own server-side operational and security logs. The app contains no third-party analytics, crash-reporting or advertising SDKs, collects no advertising identifiers (IDFA) and does not track you across other companies' apps or websites — which is why it never shows the App Tracking Transparency prompt.

Server-side logs may contain IP address, request identifier, app and OS version, device model, response status, error information and authentication/security events. Ordinary backend logs are kept up to 90 days; authentication and security logs up to 12 months.

B.7 Subscriptions and purchases

Subscriptions and in-app purchases are processed by Apple through the App Store and StoreKit. MuseScope never receives your payment-card numbers, bank details or Apple Account password.

To provide Premium access and restore it on your other devices, MuseScope may receive from Apple and store, linked to your account: the purchased product and subscription type, transaction and original-transaction identifiers, start and expiration dates, and trial, renewal, cancellation, refund and current entitlement status.

Transaction records needed for fraud prevention, accounting, dispute handling, refunds or legal compliance may be retained after account deletion, de-identified and disconnected from the deleted account where reasonably possible. Deleting your MuseScope account does not by itself cancel an Apple subscription — manage or cancel subscriptions in your Apple Account settings.

B.8 Deleting your account

The app has a built-in Delete Account function. Deletion immediately disables the account and removes your email address, Google and Apple identifiers, name, display name, profile image, favourites, likes, recognition-history records and their links to artwork records, search and viewing history, active AI-chat context, and all other account-linked personal data.

Recognition history associated with the account is deleted immediately. Original photographs and temporary technical representations that have already been separated from the account are not individually linked to the account and are deleted automatically under the retention schedule described in this policy.

Residual copies may persist in encrypted backups for up to 7 days before being overwritten. Aggregated statistics that cannot reasonably be connected to you cannot be individually deleted. Transaction records that must be retained (see B.7) are kept in de-identified form where reasonably possible.

Part C — Common Provisions

C.1 Legal bases for processing

Where the law requires a legal basis, we rely on:

  • performance of a contract — creating and operating your account, authentication, subscriptions, saved preferences, synchronisation across devices, and the app features you request;
  • consent — optional Google Analytics cookies on the website;
  • legitimate interests — security, fraud prevention, technical logs, diagnostics, service reliability, and product improvement;
  • legal obligations — transaction, accounting, tax and compliance records.

C.2 Service providers

Providers that process user information in production:

  • Microsoft Azure — hosting, storage, database, logging, email delivery of sign-in codes, and recognition infrastructure;
  • Microsoft Azure AI Vision — image recognition;
  • Google — Google Sign-In, Google Analytics (website), and Google AI services used in recognition and the AI guide;
  • Apple — Sign in with Apple, App Store purchases, App Analytics and crash diagnostics;
  • OpenAI — commercial APIs used in recognition verification and the AI guide;
  • Anthropic — commercial APIs used in the AI guide.

We use these services under commercial terms that do not permit our content to be used to train their general-purpose models by default, and we do not enable optional data-sharing settings. Providers may retain limited technical or abuse-prevention records under their own service terms. Pre-generated editorial content (for example narration audio) is produced without any user data, so the tools used to create it are not listed here.

C.3 International processing

MuseScope is available internationally. Primary infrastructure is hosted in Microsoft Azure regions in the United States, and providers may process information in the United States and other countries where they operate; privacy protections may differ between countries. We use reasonable contractual, organisational and technical safeguards where applicable.

C.4 Retention schedule

Data categoryRetention
Account and profileUntil account deletion
Favourites and likesUntil removed or account deletion
Search and viewing activityUp to 12 months
Recognition metadataUp to 12 months
Original recognition photographsAs briefly as possible, max 30 days
Temporary recognition crops and embeddingsUntil automated validation completes, max 30 days
AI-chat contextUp to 24 hours after the last interaction
Backend and access logsUp to 90 days
Authentication and security logsUp to 12 months
Google Analytics dataUp to 14 months
Support correspondenceUp to 24 months after resolution
Deleted data in encrypted backupsUp to 7 days
Transaction and accounting recordsAs required for legal, accounting, fraud or dispute purposes
Aggregated, de-identified statisticsAs reasonably necessary

C.5 Your rights

You may contact us to ask whether we process your data and to request a copy, correction, deletion, restriction, objection, withdrawal of optional consent, or portability where applicable. Write to support@musescope.app; we acknowledge privacy requests within three business days and complete them within the timeframe required by applicable law. Account deletion is also available directly in the app.

You may also have the right to lodge a complaint with the data protection authority in the country where you live or work.

C.6 Children

MuseScope is not directed to children under 13 and does not knowingly collect personal data from them. Users below the applicable age of digital consent must have any legally required parental or guardian authorisation.

C.7 Support correspondence

If you email support@musescope.app, we process your email address, name, message content, attachments and any technical details you volunteer, and retain the correspondence for up to 24 months after resolution for support continuity, dispute handling, fraud prevention, security and legal recordkeeping. An email-service provider processes this correspondence on our behalf.

C.8 Security

We protect information with encrypted network communication, restricted and role-based administrative access, secure authentication, encrypted and protected backups, logging and monitoring, separation of user identity from temporary recognition and AI requests, vendor-security controls and regular maintenance and review. No online service can promise absolute security.

C.9 Changes to this policy

We may update this policy as MuseScope evolves. The effective date, last-updated date and version above always reflect the current revision, and we will provide notice of material changes where reasonably appropriate or legally required.

Terms of Use are a separate document.