Privacy Policy

How we handle your data.

Effective Date: July 14, 2026

1. Introduction

Liquid Think ("we", "us", "our") operates Muser ("Service"), a platform for meaningful dialogue. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service. By accessing or using Muser, you agree to the terms of this Privacy Policy.

This policy complies with the New Zealand Privacy Act 2020 and incorporates principles from the Privacy Act 1988 (Cth) of Australia for our trans-Tasman users. If you are located in the European Economic Area (EEA), additional GDPR-compliant provisions apply (see Section 12).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Username: Your chosen identifier (publicly visible)
  • Email Address (optional): Used for account recovery and notifications. You can use Muser without providing an email.
  • Password: Hashed and salted using bcrypt (never stored in plaintext)
  • Account Creation Date & Last Login: For security and analytics

2.2 Content and Communication

  • Posts & Replies: All text content you submit in conversation rooms
  • Votes: Your participation in community governance (kick votes, fact-check flags)
  • Fact-Check Requests: Claims you flag for verification

2.3 Usage Data

We automatically collect:

  • Room Participation: Which conversations you join and when
  • Device Information: Browser type, OS, and screen resolution (no unique identifiers)
  • IP Address: Temporarily logged for security (automatically anonymized after 30 days)
  • Session Data: Temporary session tokens (expire after logout or inactivity)

2.4 Information We Do NOT Collect

  • No Tracking Cookies: We do not use cookies, pixels, or third-party trackers
  • No Location Data: We do not access GPS or precise location
  • No Contact Lists: We do not access your address book or social connections
  • No Message Metadata: We do not analyze typing patterns, read receipts, or online status

3. How We Use Your Information

PurposeData UsedLegal Basis
Provide and maintain the ServiceAccount info, content, usage dataContract performance
Enforce community rulesContent, votes, reportsLegitimate interest
Improve the ServiceAggregated usage patternsLegitimate interest
Respond to requestsEmail (if provided)Consent
Security and fraud preventionIP addresses, session dataLegitimate interest
Legal complianceAll data as requiredLegal obligation

4. Data Sharing and Disclosure

4.1 With Other Users

  • Your username and posts are visible to other participants in the same room
  • Your email is never shared with other users

4.2 With Service Providers

We use AWS (Amazon Web Services) for hosting and data storage:

  • Region: Sydney (ap-southeast-2)
  • Services: ECS, Fargate, RDS (PostgreSQL), S3
  • Data Processed: All user data is stored and processed within AWS's secure environment
  • AWS Compliance: SOC 2 Type II, ISO 27001, GDPR-ready

4.3 Legal Requirements

We may disclose your information if required by:

  • New Zealand law or court order
  • Requests from NZ Police or other law enforcement agencies
  • To protect the rights, property, or safety of Muser, its users, or the public

We will notify you of such disclosures unless legally prohibited.

4.4 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention

Data TypeRetention PeriodReason
Account InformationUntil account deletionService operation
Posts & ContentUntil account deletion OR 30 days after last activity (whichever is longer)Conversation continuity
IP Addresses30 daysSecurity logging
Session TokensUntil logout or 24 hours of inactivityAuthentication
Fact-Check Cache90 daysReference for users
Deleted Account Data30-day backup, then permanent deletionRecovery window

Note: Room conversations may persist after your account deletion if other participants remain active, but your username will be replaced with "[deleted user]" and your posts will remain for context.

6. Your Rights and Choices

6.1 Access and Correction

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information

How to Exercise: Email privacy@musers.online with your request.

Response Time: We will respond within 20 working days (NZ Privacy Act requirement).

6.2 Deletion

You can:

  • Delete your account at any time through Settings > Account > Delete Account
  • Request deletion of specific content by emailing privacy@musers.online

Deletion Process:

  1. Your account and personal data are immediately anonymized
  2. Full deletion occurs within 30 days (backup retention period)
  3. Posts in active rooms will show "[deleted user]" as the author

6.3 Data Portability

You can request a copy of your data in JSON format by emailing privacy@musers.online. This includes:

  • Your profile information
  • Your posts and replies
  • Your participation history

6.4 Opt-Out of Communications

If you provide an email address, you can opt out of non-essential communications:

  • Unsubscribe link in every email
  • Account Settings > Notifications

7. Security

We implement industry-standard security measures:

Technical Measures:

  • All data transmitted via TLS 1.3 (HTTPS)
  • Database encryption at rest (AWS RDS with AES-256)
  • Password hashing with bcrypt (cost factor 12)
  • Rate limiting to prevent brute force attacks
  • Regular security audits and penetration testing

Organizational Measures:

  • Limited employee access to production data
  • Multi-factor authentication for all administrative access
  • Quarterly security training for all staff
  • Incident response plan with 72-hour breach notification

Data Breach Notification: In the event of a data breach affecting your personal information, we will notify you and the NZ Office of the Privacy Commissioner within 72 hours of discovery, as required by NZ law.

8. Children's Privacy

Muser is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@musers.online, and we will delete such information.

9. International Data Transfers

Your information is primarily stored and processed in Australia (Sydney). If you access Muser from outside Australia or New Zealand:

  • Your data may be transferred to and processed in countries other than your own
  • We rely on AWS's Standard Contractual Clauses for transfers to the US (where AWS is headquartered)
  • We ensure all international transfers comply with applicable data protection laws

10. Third-Party Links

Muser may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. This Privacy Policy applies only to information collected by Muser.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Sending an email notification (if you have provided an email address)
  • Displaying a notice within the Service

Changes are effective immediately upon posting. Your continued use of the Service after the effective date constitutes acceptance of the revised Privacy Policy.

12. GDPR Notice (EEA Users)

If you are located in the European Economic Area, the following additional provisions apply:

  • Legal Basis for Processing: We process your data based on your consent (for optional email), contract performance (for service delivery), and legitimate interests (for security and improvement)
  • Data Protection Officer: For GDPR-related inquiries, contact dpo@musers.online
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

13. Contact Us

For questions about this Privacy Policy or your personal information:

Email: privacy@musers.online

Postal Address:
Liquid Think
Privacy Officer
[Your NZ Business Address]
New Zealand

*Effective: July 14, 2026*