Desktop Privacy Policy

Below is a draft version of our new privacy policy for MuseScore 4, which we are publishing here to give time for community members to ask questions and verify that they understand it and are happy with it.

There are two important aspects to this privacy policy. First, that we are compliant with national and international regulations, namely GDPR and CPPA. Secondly, that we are transparent with our users and our developer community about the data we collect, when we collect it and why. The most important point stressed throughout the document is that we do not store or share any of your personal information.


There are two relevant networking features mentioned in the privacy policy:

Update Checking

Update checking is where we notify users when there is a new version of MuseScore available. The user is notified when MuseScore is first installed and is provided with a clear link to disable it in Preferences. Update checking shares your IP address, your OS, and your MuseScore version (including whether MuseScore was compiled in 32 or 64 bit mode). As explained in the privacy notice, we take steps to anonymise your IP address immediately, which makes it impossible for us to identify you. Please note that we also use this anonymised information for statistics, which help us understand how many users we have per country, which version of MuseScore they are using, and whether it is run on Windows, Mac or Linux. These statistics help us to plan app development and make decisions about which platform versions we need to support, etc.

Error Reporting

The other networking feature in MuseScore is error reporting. If an application error occurs, a popup appears asking you whether you want to send us the details of that error, which you can review before sending. We have taken steps to ensure that all potentially identifiable information is filtered from the report data before storage, including the IP address, which we discard.

Please note that some of the terminology in the privacy notice is potentially confusing to those without a legal or technical background. For example, under the section titled ‘Principles of Processing’, the last point (F) states: “We use appropriate technical and organisational measures to protect the personal information that we collect and process about you”. It is worth taking a moment to explain what this means: first, the ability to send any information over the internet requires an IP address, which is classified under CCPA & GDPR as ‘personal information’. As with any application that makes use of a network connection, we cannot avoid seeing (“collecting”) an IP address. Lastly, the steps we take to anonymise it counts as ‘processing’.


Please note that since this is a draft privacy policy, it does not yet apply to any version of MuseScore that has been released and we will alter its wording based on your feedback to make sure it is as clear as possible before publishing the final version.

The notice below outlines:

  • The very limited data we collect and why we collect it
  • Your options in sharing or not sharing information with us
  • Your rights in managing information you share with us
  • Our responsibilities in protecting the data we collect and process



    Thanks very much,
    The MuseScore team



    Last updated and effective as of __ ___ 2022.


    MuseScore Desktop Privacy Policy

    As a responsible organisation, we have taken two important steps. First, we have made sure that we have, at the discretion of our users, the information necessary to allow us to improve the Musescore desktop application, and that by doing so we are compliant with national and international regulations, namely GDPR and CCPA. Second and most important: we have been, and will continue to be, transparent with our users and our developer community about the data we collect, when we collect it and why. We will also publish any intended changes before they are implemented in all newer versions of the Musescore application.

    Musescore is free and open source software, which means that the program’s source code is publicly available and can be inspected to confirm the very limited data that gets sent. You can also inspect our release executable files using network analysis tools.


    Content:

    🎶 Introduction

    🎶 Principles of processing

    🎶 What information does MuseScore collect and why?

    🎶 Data storage, retention, deletion & security

    🎶 Your privacy rights

    🎶 Linking to other websites

    🎶 Updates to this Notice

    🎶 How to contact us

    🎶 Additional Information for California Consumers


    Introduction

    1. This Privacy Notice (“Notice”) explains what information we (as defined below) collect and use when you (“you” and “your”) use our MuseScore desktop app(the MuseScore App or “App”) and explains how we use that information. Our App does not require you to create an account or profile and we do not ask you to provide us with your name, address or any other contact details in order to use our services.
    2. This Notice also sets out the rights that you have in relation to the information that we process about you and how you can exercise them.
    3. The Musescore Desktop Team treats compliance with its privacy obligations seriously. This is why we have developed this Notice, which describes the standards that the Musescore Desktop Team applies to protect your information.
    4. For the purposes of this Notice, MuseCY SM Ltd., a Cyprus company with registered office at Spyrou Kyprianou, 84, 4004, Limassol, Cyprus (“Musescore Desktop Team“, “us“, “we“, or “our“) acts as the data controller for the personal information that is collected via the App. As a data controller, the Musescore Desktop Team makes sure that any processing of your personal information complies with applicable data protection law, and specifically with the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (”CCPA”).
    5. Please take the time to read this Notice carefully. If you have any questions or comments, please contact us via privacy@musescore.org.


    Principles of processing

    1. We will process the personal information we collect in accordance with this Notice and based on the following principles:
    2. Fairness: We process your personal information fairly, which means that we are both transparent about how we process it and we process it in accordance with applicable laws.
    3. Lawfulness: We process your personal information only on a valid lawful ground.
    4. Purpose limitation: We process your personal information for specified and legitimate purposes (as described below), and do not process it in a manner that is incompatible with those purposes, unless permitted by applicable data protection laws.
    5. Data minimization: We only process information that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.
    6. Data accuracy: We take appropriate measures to ensure that any personal information we hold about you is accurate.
    7. Data security: We use appropriate technical and organizational measures to protect the personal information that we collect and process. Such measures include to-date secure network architectures that contain firewalls, intrusion detection devices, and backups.


    What information does MuseScore collect and why?

    1. We use the information listed in the table at the end of this section to help us improve our App, for maintenance and security, and to run any updates that enable the App to function better.
    2. All network features are optional. Update checking can be disabled in the App preferences. We always ask your permission before sending an error report.
    3. Data is only collected for the specific network features you actually use.
    4. All network features require sending an Internet Protocol (IP) address. The full IP address is never stored.
    5. We rely on our legitimate interest as a business to offer you our App and ensure that our App is functioning correctly to process the personal information we collect.
    Purpose of processing Legal basis Data collected Explanation
    • To check for updates
    • 📝 Our legitimate interest to improve the App by ensuring that users are aware of the most up-to-date version available
    • User-Agent string (Musescore Desktop version, OS name and version),
    • Country from IP address
    Musescore Desktop will periodically check to see if a new version of the application is available. This feature is on by default. We provide clear links to disable it when the App is first opened.
    • To allow an error log to be sent to analyse the problem
    • 📝 Our legitimate interest in ensuring the security of our App
    • Basic technical data (CPU info, Musescore Desktop version, OS name and version),
    • Error codes,
    • Stack trace
    If a serious error occurs in Musescore Desktop, you are shown the relevant information and given the option whether to send it to us as a report or not. We use this information to help us detect serious issues and fix them quickly.

    Data storage, retention, deletion and security

    1. For update checking, your IP address is anonymised immediately. We only store the first three octets of the IP address so that it is impossible for us to identify you.
    2. We use anonymised information from update checking (country, MuseScore version, OS name and version) for analytics and statistical purposes.
    3. We anonymise error report information by discarding the IP address and filtering all file paths from the report data.
    4. We do not store any personal information.
    5. For update checking, your IP address is fully anonymised before storage. For error reporting, your IP address is discarded entirely. For these reasons, it is impossible for us to identify you.
    6. Technical information is anonymised before storage. We delete all data within 12 months of it being collected.


    Disclosure of your personal information

    1. As mentioned above, the MuseScore Team anonymises or discards all information that would enable us to ever identify you before storage.
    2. We do not share, disclose or otherwise make available any of your personal information to vendors, suppliers, services providers, business partners or any other third parties.
    3. All anonymised data is stored and hosted exclusively within the territory of the European Union and/or the European Economic Area (EU/EEA).


    Your privacy rights

    Under the GDPR, individuals have certain data protection rights, which you can exercise by emailing privacy@musescore.org. However, these rights only apply to the extent that the controller is able to identify the individuals whose personal information is collected. As mentioned above, the Musescore Team anonymise or discard information that would enable us to identify you, and the processing of the information we collect does not require us to identify you. For these reasons, the exercise of your GDPR rights may be limited, or in some cases, might not apply.

    • obtain access to the personal information held about you - under Article 15 of the GDPR, individuals have a right of access that gives them the right to ask companies to confirm whether their personal information is being processed by them and if that is the case, the right to obtain a copy of their personal information, as well as other supplementary information. It helps individuals to understand how and why companies are using their information, and check the lawfulness of the processing.
    • ask for incorrect, inaccurate or incomplete personal information to be corrected - under Article 16 of the GDPR, individuals have the right to have inaccurate personal information rectified. An individual may also be able to have incomplete personal information completed – although this will depend on the purposes for the processing.
    • request that personal information be erased when they are no longer needed or if processing is unlawful - under Article 17 of the GDPR, individuals have the right to have personal information erased. This is also known as the 'right to be forgotten'. The right is not absolute and only applies in certain circumstances.
    • request the restriction of the processing of your personal information in specific cases - Article 18 of the GDPR gives individuals the right to restrict the processing of their personal information in certain circumstances. This means that an individual can limit the way that an organisation uses their information. This is an alternative to requesting the erasure of their information.
    • receive your personal information in a machine-readable format and send them to another controller ('data portability') - under Article 20 of the GDPR, individuals have the right to data portability that gives individuals the right to receive personal information they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits those data directly to another controller.
    • lodge a complaint with a supervisory authority - In accordance with Article 77 of the GDPR, you, as a data subject, have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place. The contact details of European supervisory authorities are available here.

    If you have any questions about the protection of your personal information, you can contact us: privacy@musescore.org.


    Linking to other websites

    1. The Musescore App provides the ability for users to upload their scores to MuseScore.com. Please note that this is a separate service governed by its own privacy policy.
    2. The Musescore App may contain hyperlinks to websites owned and operated by third parties. These websites have their own privacy policies and we urge you to review them. They will govern the use of personal information you submit whilst visiting these websites.
    3. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.


    Updates to this Notice

    1. We may update this Notice from time to time in response to changing legal, technical, or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.
    2. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.


    How to contact us

    If you have any questions or comments, or if you wish to exercise your data protection rights, please contact us via privacy@musescore.org.


    Additional Information for California Consumers

    1. The California Consumer Privacy Act (“CCPA”) provides California residents, referred to in the law as “consumers,” with rights to receive certain disclosures regarding the collection, use, and sharing of personal information, as well as rights to access and control personal information. Certain information that we collect may be exempt from the CCPA because it is considered public information (because it is made available by a government entity) or covered by another federal privacy law, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
    2. To the extent that we collect personal information about you that is subject to the CCPA, that information, our practices, and your rights are described below.
    3. Right to information regarding the categories of personal information collected, sold, and disclosed: You have the right to obtain information regarding the categories of personal information we collect. We collect the categories of information described above.
    4. We do not sell personal information.