pinklight.ai
Premium 70% OFFLogin

Privacy Policy

Last updated: May 1, 2026

DRAFT — pending counsel review.This document is a working draft. It must be reviewed by qualified privacy counsel and aligned with the Operator's actual data flows, sub-processors, and retention practice before public launch.

1. Operator

BasedLabs, LLC (the "Operator") operates muse and is the data controller for personal information collected through the Service. Contact: privacy@basedlabs.ai.

2. Information We Collect

  • Account data: email address, OAuth provider profile (display name, avatar), authentication tokens.
  • Age verification: the result of any third-party age estimation or verification process and associated metadata (verification timestamp, provider, decision). We do not retain submitted documents beyond what the verification provider returns.
  • Service usage: chat messages, image and voice generation prompts, character configurations, voice previews, and generated outputs (images, audio).
  • Payment data: cryptocurrency transaction hashes, sender wallet addresses, credit pack purchased, confirmation timestamps. We do not collect or store credit card or bank account numbers.
  • Server logs: IP address, user agent, request paths, response codes, timestamps. Used for security and abuse prevention.
  • Cookies: session cookies for authentication, the muse_age_ok cookie indicating age-gate confirmation. No third-party tracking cookies.
  • Analytics: aggregated, pseudonymous product-analytics events (page views, feature interactions) via a third-party analytics platform. Session replay, when enabled, masks all input fields and blocks media so chat content is not captured.

3. How We Use Information

  • To operate, deliver, and maintain the Service.
  • To verify your age and enforce eligibility.
  • To process and confirm cryptocurrency payments.
  • To detect, prevent, and respond to abuse, fraud, and security incidents.
  • To improve the Service and train or fine-tune the AI models that power it.
  • To comply with legal obligations.

4. Sub-processors and AI Model Hosts

To deliver AI features, the Service shares prompts and generation context with third-party model-hosting providers for image generation, large-language-model inference, and voice synthesis. Prompts and outputs may be processed and temporarily stored by these providers under their respective privacy practices for the purpose of returning the requested output.

Other categories of sub-processors include: object storage and content-delivery providers, application and database hosting providers, transactional email providers, rate-limit and caching infrastructure, and product-analytics platforms.

A current list of named sub-processors and their roles is available on request from privacy@basedlabs.ai. We update this list as our infrastructure changes.

5. AI Training and Human Review

Prompts, generated outputs, and limited interaction metadata may be aggregated, anonymized where possible, and used to train and improve our AI systems and to perform human safety and quality review. You may opt out of training use of your inputs by emailing the privacy contact above; this does not affect anonymized data already incorporated into model weights.

6. Retention

  • Account data: 3 years after last activity, then deleted unless we have a legal obligation to retain.
  • Chat and generation history: until account deletion, plus up to 30 days of backup retention.
  • Generated media (images, audio): until account deletion. Object storage may retain files for an additional 30 days for backup purposes.
  • Financial / tax records: 10 years (compliance).
  • Server logs: 30 days.
  • Marketing-consent records: until consent withdrawal or 2 years of inactivity.
  • Age-verification metadata: retained for the duration of the account plus the financial-records window.

7. Your Rights

Subject to applicable law (GDPR, UK GDPR, CCPA, and others), you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data, subject to retention obligations described above.
  • Object to or restrict processing.
  • Data portability where technically feasible.
  • Withdraw consent for processing based on consent (this does not affect prior lawful processing).
  • Opt out of the "sale" or "sharing" of personal information (CCPA). The Service does not sell personal information; we do not share it with advertisers.

To exercise these rights, email privacy@basedlabs.ai or use the Delete account flow at /account. We respond within 30 days.

8. International Transfers

Your data may be processed in jurisdictions outside your country of residence, including the United States. Where required, we rely on appropriate transfer mechanisms (e.g., EU Standard Contractual Clauses).

9. Security

We use industry-standard security measures including TLS in transit, encryption at rest for sensitive fields, role-based access control, and audit logging. No system is perfectly secure; you use the Service at your own risk.

10. Children

The Service is for adults only. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a minor we will delete it promptly.

11. Changes

We may update this Privacy Policy. Material changes will be posted with an updated "Last updated" date and, where required, communicated via the email associated with your account.