Privacy Policy
How we handle your data.
Effective Date: July 14, 2026
1. Introduction
Liquid Think ("we", "us", "our") operates Muser ("Service"), a platform for meaningful dialogue. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service. By accessing or using Muser, you agree to the terms of this Privacy Policy.
This policy complies with the New Zealand Privacy Act 2020 and incorporates principles from the Privacy Act 1988 (Cth) of Australia for our trans-Tasman users. If you are located in the European Economic Area (EEA), additional GDPR-compliant provisions apply (see Section 12).
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Username: Your chosen identifier (publicly visible)
- Email Address (optional): Used for account recovery and notifications. You can use Muser without providing an email.
- Password: Hashed and salted using bcrypt (never stored in plaintext)
- Account Creation Date & Last Login: For security and analytics
2.2 Content and Communication
- Posts & Replies: All text content you submit in conversation rooms
- Votes: Your participation in community governance (kick votes, fact-check flags)
- Fact-Check Requests: Claims you flag for verification
2.3 Usage Data
We automatically collect:
- Room Participation: Which conversations you join and when
- Device Information: Browser type, OS, and screen resolution (no unique identifiers)
- IP Address: Temporarily logged for security (automatically anonymized after 30 days)
- Session Data: Temporary session tokens (expire after logout or inactivity)
2.4 Information We Do NOT Collect
- No Tracking Cookies: We do not use cookies, pixels, or third-party trackers
- No Location Data: We do not access GPS or precise location
- No Contact Lists: We do not access your address book or social connections
- No Message Metadata: We do not analyze typing patterns, read receipts, or online status
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide and maintain the Service | Account info, content, usage data | Contract performance |
| Enforce community rules | Content, votes, reports | Legitimate interest |
| Improve the Service | Aggregated usage patterns | Legitimate interest |
| Respond to requests | Email (if provided) | Consent |
| Security and fraud prevention | IP addresses, session data | Legitimate interest |
| Legal compliance | All data as required | Legal obligation |
4. Data Sharing and Disclosure
4.1 With Other Users
- Your username and posts are visible to other participants in the same room
- Your email is never shared with other users
4.2 With Service Providers
We use AWS (Amazon Web Services) for hosting and data storage:
- Region: Sydney (ap-southeast-2)
- Services: ECS, Fargate, RDS (PostgreSQL), S3
- Data Processed: All user data is stored and processed within AWS's secure environment
- AWS Compliance: SOC 2 Type II, ISO 27001, GDPR-ready
4.3 Legal Requirements
We may disclose your information if required by:
- New Zealand law or court order
- Requests from NZ Police or other law enforcement agencies
- To protect the rights, property, or safety of Muser, its users, or the public
We will notify you of such disclosures unless legally prohibited.
4.4 Business Transfers
In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
5. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Until account deletion | Service operation |
| Posts & Content | Until account deletion OR 30 days after last activity (whichever is longer) | Conversation continuity |
| IP Addresses | 30 days | Security logging |
| Session Tokens | Until logout or 24 hours of inactivity | Authentication |
| Fact-Check Cache | 90 days | Reference for users |
| Deleted Account Data | 30-day backup, then permanent deletion | Recovery window |
Note: Room conversations may persist after your account deletion if other participants remain active, but your username will be replaced with "[deleted user]" and your posts will remain for context.
6. Your Rights and Choices
6.1 Access and Correction
You have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate or incomplete information
How to Exercise: Email privacy@musers.online with your request.
Response Time: We will respond within 20 working days (NZ Privacy Act requirement).
6.2 Deletion
You can:
- Delete your account at any time through Settings > Account > Delete Account
- Request deletion of specific content by emailing privacy@musers.online
Deletion Process:
- Your account and personal data are immediately anonymized
- Full deletion occurs within 30 days (backup retention period)
- Posts in active rooms will show "[deleted user]" as the author
6.3 Data Portability
You can request a copy of your data in JSON format by emailing privacy@musers.online. This includes:
- Your profile information
- Your posts and replies
- Your participation history
6.4 Opt-Out of Communications
If you provide an email address, you can opt out of non-essential communications:
- Unsubscribe link in every email
- Account Settings > Notifications
7. Security
We implement industry-standard security measures:
Technical Measures:
- All data transmitted via TLS 1.3 (HTTPS)
- Database encryption at rest (AWS RDS with AES-256)
- Password hashing with bcrypt (cost factor 12)
- Rate limiting to prevent brute force attacks
- Regular security audits and penetration testing
Organizational Measures:
- Limited employee access to production data
- Multi-factor authentication for all administrative access
- Quarterly security training for all staff
- Incident response plan with 72-hour breach notification
Data Breach Notification: In the event of a data breach affecting your personal information, we will notify you and the NZ Office of the Privacy Commissioner within 72 hours of discovery, as required by NZ law.
8. Children's Privacy
Muser is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@musers.online, and we will delete such information.
9. International Data Transfers
Your information is primarily stored and processed in Australia (Sydney). If you access Muser from outside Australia or New Zealand:
- Your data may be transferred to and processed in countries other than your own
- We rely on AWS's Standard Contractual Clauses for transfers to the US (where AWS is headquartered)
- We ensure all international transfers comply with applicable data protection laws
10. Third-Party Links
Muser may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. This Privacy Policy applies only to information collected by Muser.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy on this page
- Sending an email notification (if you have provided an email address)
- Displaying a notice within the Service
Changes are effective immediately upon posting. Your continued use of the Service after the effective date constitutes acceptance of the revised Privacy Policy.
12. GDPR Notice (EEA Users)
If you are located in the European Economic Area, the following additional provisions apply:
- Legal Basis for Processing: We process your data based on your consent (for optional email), contract performance (for service delivery), and legitimate interests (for security and improvement)
- Data Protection Officer: For GDPR-related inquiries, contact dpo@musers.online
- Supervisory Authority: You have the right to lodge a complaint with your local data protection authority
13. Contact Us
For questions about this Privacy Policy or your personal information:
Email: privacy@musers.online
Postal Address:
Liquid Think
Privacy Officer
[Your NZ Business Address]
New Zealand
*Effective: July 14, 2026*