← MuseNest

Privacy Policy

Last updated: May 5, 2026

Operated by Phoenix Consulting Group, LLC · Denver, Colorado

This Privacy Policy explains how Phoenix Consulting Group, LLC ("MuseNest," "we," "us," or "our") collects, uses, stores, and protects personal information when you use the MuseNest platform (musenest.net and all creator custom domains operated through MuseNest). By using the platform you agree to the practices described here.

1.Who This Policy Covers

This policy applies to:

• Fans / subscribers — people who register for a free or paid fan account
• Creators / models — people who publish content and earn revenue through MuseNest
• Visitors — people who browse public creator pages without an account

2.Information We Collect

From fans

• Account registration: email address, display name, password (stored as a one-way hash — we never store your plaintext password)
• Age attestation: date and timestamp of your self-attestation that you are 18 or older; if enhanced age verification is requested, the result and reference ID from the verification provider (not the underlying ID document)
• Subscription and payment state: subscription tier, status, renewal date, and a payment reference token. We do not store full card numbers, CVV codes, or bank account details — those are held exclusively by our payment processor.
• Usage and access logs: IP address at login (retained for security purposes), content access timestamps, tip and purchase history
• Reports and messages: any content reports you submit, messages sent through the platform's direct message feature
• Optional preferences: notification preferences, display settings

From creators

• Account registration: email address, password hash, display name
• Identity verification: legal first and last name, date of birth, government-issued photo ID, selfie — collected during registration for age and identity verification. These are reviewed by our compliance team and retained as required by 18 U.S.C. § 2257 and platform policy.
• Release forms: legal name, date of birth, consent date, and ID document for each person depicted in content you publish
• Payout information: bank account or payout destination details as required by our payment processor and applicable tax law
• Tax documentation: W-9 or W-8 equivalent where required for tax reporting (collected only when payout thresholds require it under applicable law)
• Content metadata: upload timestamps, moderation decisions, content identifiers
• Paysite configuration: subscription prices, tier names, welcome messages, content settings

Automatically collected

• Server logs: IP address, browser user-agent, request path, HTTP status code, timestamp — retained for up to 90 days for security and abuse prevention
• Authentication cookies: a session token cookie (fan_session for fans; mn_token for creators) set on login. No third-party tracking cookies are placed on paysite pages.

What we strip

Images uploaded to the paysite have EXIF metadata removed before storage and delivery. This includes GPS coordinates, camera serial numbers, device identifiers, and timestamps embedded in the image file. We do this automatically — creators do not need to strip metadata manually.

3.How We Use Your Information

• To operate the platform: authenticate sessions, enforce access control, process subscriptions and purchases, deliver content
• To enforce our policies: review release forms, investigate reports, take compliance and moderation actions
• To process payouts: calculate and disburse creator earnings, collect required tax documentation, issue tax forms
• For platform communications: subscription receipts, renewal notices, failed payment alerts, account security alerts, policy change notices. Transactional emails cannot be opted out of. Engagement emails (new content notifications) can be managed from your account page.
• For security and fraud prevention: detect and block unauthorized access, abuse, scraping, and policy violations
• To comply with law: respond to valid legal process, cooperate with law enforcement, satisfy tax reporting obligations, maintain records required by 18 U.S.C. § 2257

We do not sell your personal data. We do not use your data to train AI models. We do not display creator legal identity to fans or fan personal information to creators beyond what is described in this policy.

4.What Creators See About Fans

Creators can see, for fans subscribed to their paysite: display name, subscription tier and status, subscription start date, and aggregated revenue figures. Creators do not see fan email addresses, IP addresses, payment details, or the fan's subscriptions to other creators.

5.What Fans See About Creators

Fans see only the creator's chosen display name and published content. A creator's legal name, real-world contact information, date of birth, government ID, or personal location are never displayed to fans.

Card statements show MUSENEST as the merchant — never the creator's name or identity.

6.Who We Share Information With

• Payment processors: We share the minimum information required to process payments and creator payouts. Payment processors operate under their own privacy policies and security standards.
• Email delivery providers: We use a third-party email service (Resend) to send transactional emails. They receive recipient address and message content for delivery only.
• Law enforcement and legal process: We will disclose information in response to a valid subpoena, court order, search warrant, or as otherwise required by law. Where legally permitted, we will notify affected users before disclosure.
• NCMEC: We are required to report apparent violations involving child sexual abuse material (CSAM) to the National Center for Missing and Exploited Children. Such reports may include account information and content.
• Business transfers: If MuseNest is acquired or merges with another entity, your information may be transferred as part of that transaction, subject to at least equivalent privacy protections.

We do not share personal information with advertisers or data brokers.

7.Data Retention

• Active accounts: retained as long as the account is open
• Deleted accounts: personal fields (name, email, password) are anonymized within 30 days of deletion; payment ledger references, moderation decisions, and audit logs are retained as required by applicable law
• Release forms and 2257 records: retained indefinitely as required by 18 U.S.C. § 2257 and 28 C.F.R. § 75, even after the corresponding content is removed
• Server logs: retained up to 90 days
• Audit logs and moderation events: retained for a minimum of 2 years
• Tax documentation: retained for a minimum of 7 years as required for tax compliance

8.Cookies and Tracking

We use two first-party session cookies for authentication:

• fan_session — authenticates fan sessions; expires on browser close or after 30 days
• mn_token — authenticates creator/admin sessions; expires after 24 hours

We do not set third-party advertising, analytics, or tracking cookies on any paysite page. We do not use fingerprinting techniques to track users across sessions.

9.Security

We use industry-standard security practices including TLS encryption in transit, password hashing (bcrypt), access-controlled media delivery, and audit logging for sensitive operations. We do not store payment card numbers or bank details — those are held by PCI-compliant payment processors.

No system is perfectly secure. If you discover a security vulnerability, please disclose it responsibly to [email protected].

10.Your Rights

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling a request. Note that some data (2257 records, payment ledger entries, audit logs) cannot be deleted due to legal obligations.

California residents (CCPA/CPRA)

California residents have the right to know what personal information is collected, the right to delete it, the right to opt out of its sale (we do not sell personal data), and the right to non-discrimination for exercising these rights. To submit a CCPA request, contact [email protected].

EEA / UK residents (GDPR / UK GDPR)

If you are located in the European Economic Area or United Kingdom, our legal basis for processing your personal data is: (a) performance of a contract (operating your account); (b) compliance with legal obligations (2257 records, tax); (c) our legitimate interests in security, fraud prevention, and platform integrity; or (d) your consent where applicable. You may lodge a complaint with your local supervisory authority if you believe your rights have been violated.

11.Children's Privacy

MuseNest is strictly an 18+ platform. We do not knowingly collect personal information from anyone under 18. If we become aware that we have done so, we will immediately terminate the account and delete the information. If you believe a minor has registered, contact [email protected] immediately.

12.International Transfers

MuseNest is operated from the United States. If you access the platform from outside the US, your information is transferred to and processed in the US, which may not have the same data protection laws as your country. By using the platform, you consent to this transfer.

13.Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or prominent in-platform notice at least 14 days before taking effect. The current version is always available at musenest.net/legal/privacy.

14.Contact

For privacy inquiries, data requests, or to report a security issue:

• Email: [email protected]
• Compliance / legal: [email protected]

Written correspondence and formal legal notices:

---

Terms of Service Content Policy 2257 Notice