Draft of our Privacy Policy for MuseScore 4

• May 7, 2022 - 16:12

Hi everyone,

Below is a draft version of our new privacy policy for MuseScore 4, which we are publishing here to give time for community members to ask questions and verify that they understand it and are happy with it.

There are two important aspects to this privacy policy. First, that we are compliant with national and international regulations, namely GDPR and CPPA. Secondly, that we are transparent with our users and our developer community about the data we collect, when we collect it and why. The most important point stressed throughout the document is that we do not store or share any of your personal information.


There are two relevant networking features mentioned in the privacy policy:

Update Checking

Update checking is where we notify users when there is a new version of MuseScore available. The user is notified when MuseScore is first installed and is provided with a clear link to disable it in Preferences. Update checking shares your IP address, your OS, and your MuseScore version (including whether MuseScore was compiled in 32 or 64 bit mode). As explained in the privacy notice, we take steps to anonymise your IP address immediately, which makes it impossible for us to identify you. Please note that we also use this anonymised information for statistics, which help us understand how many users we have per country, which version of MuseScore they are using, and whether it is run on Windows, Mac or Linux. These statistics help us to plan app development and make decisions about which platform versions we need to support, etc.

Error Reporting

The other networking feature in MuseScore is error reporting. If an application error occurs, a popup appears asking you whether you want to send us the details of that error, which you can review before sending. We have taken steps to ensure that all potentially identifiable information is filtered from the report data before storage, including the IP address, which we discard.


Please note that some of the terminology in the privacy notice is potentially confusing to those without a legal or technical background. For example, under the section titled ‘Principles of Processing’, the last point (F) states: “We use appropriate technical and organisational measures to protect the personal information that we collect and process about you”. It is worth taking a moment to explain what this means: first, the ability to send any information over the internet requires an IP address, which is classified under CCPA & GDPR as ‘personal information’. As with any application that makes use of a network connection, we cannot avoid seeing (“collecting”) an IP address. Lastly, the steps we take to anonymise it counts as ‘processing’.

Please note that since this is a draft privacy policy, it does not yet apply to any version of MuseScore that has been released and we will alter its wording based on your feedback to make sure it is as clear as possible before publishing the final version.


The notice below outlines:

  • The very limited data we collect and why we collect it
  • Your options in sharing or not sharing information with us
  • Your rights in managing information you share with us
  • Our responsibilities in protecting the data we collect and process

Thanks very much,

The MuseScore team


Link to the draft Privacy Policy


Comments

To what extent should this policy also handle Publish/Save Online logic?

I imagine, not a lot, because then the .com policy kicks in instead. But in MS3 this is done as part of an embedded browser included in the software and I'm not sure if this is still relevant for MS4 and this policy?

In reply to by jeetee

Yes, we've made a big change here. The moment a person opts to upload a score, they are taken to the MuseScore.com site. The desktop app will no longer have an embedded web view for uploading or signing in. This makes the separation much cleaner.

So, yes, uploading to MuseScore.com is covered by the MuseScore.com Privacy Policy.

In reply to by jeetee

Yes, custom audio is massively important, since we're now providing VST and a new orchestral library.

In fact, the logic for custom audio will be a little different than MS3.

  • If you are publishing a score, you will automatically have to upload custom audio
  • If you are simply saving a private or unlisted score, you'll be able to choose

There's a big conversation to be had about this but I thought I'd at least answer the basics.

Will this policy also apply to the new "hub" application? I think privacy & transparency is particularly important for the hub, as it doesn't seem like it will be open source.

In reply to by llui85

This privacy policy doesn't cover the hub. However, the hub will have no tracking or analytics collecting at all, so I'm not even sure it necessarily needs a privacy policy.

Probably no harm to have one for it anyway to assuage people's fears. It'd be much simpler than this one.

Well, John Oliver said data anonymization is BS but truth be told this privacy policy seems entirely innocuous to me. What I have trouble wrapping my head around is what's Muse Group's long game here, what's their nefarious (allegedly) agenda?

Do you still have an unanswered question? Please log in first to post your question.