Privacy Policy

Effective date: May 27, 2026
Last updated: May 27, 2026

This Privacy Policy describes how lucyna.dev ("we," "us," or "the Service") collects, uses, retains, and protects information when you visit the website at https://lucyna.dev or use the browser-based tools made available through it. By accessing or using the Service, you acknowledge that you have read and understood the practices described in this Policy.

1. Scope

This Policy applies to information processed in connection with:

  1. The lucyna.dev website and its subpages;
  2. The browser-based tools hosted on the Service, including Clipped (in-browser video editor) and Musiced (local music application);
  3. The optional Musiced Desktop companion application, to the extent that it communicates with the Service;
  4. Direct correspondence sent to the contact address listed in Section 14.

This Policy does not apply to third-party services accessed through links or features on the Service. Those services are governed by their own privacy policies, which we encourage you to review.

2. Summary

The Service is designed to minimize data collection. We do not require accounts or registration. We do not use third-party analytics, advertising trackers, behavioral profiling, or browser fingerprinting. Files you process within the tools remain on your device and are not transmitted to our servers. The Service collects only the information described in Section 3.

3. Information We Collect

3.1 Server Logs

When you access the Service, our web server (Caddy fronting an ASP.NET process) automatically records standard HTTP request information. This information includes:

  1. Your Internet Protocol (IP) address;
  2. The Uniform Resource Locator (URL) you requested;
  3. Your browser's user-agent string;
  4. The HTTP method, response status code, and response size;
  5. A timestamp of the request.

Server logs are used solely to operate, maintain, and secure the Service, to diagnose technical errors, and to detect and prevent abuse. Logs are not used for advertising, profiling, or third-party analytics. Logs are rotated automatically and retained as described in Section 7.

3.2 Music Search Queries

When you submit a query through the search feature in Musiced, the query text is transmitted to our backend so that it may be distributed in parallel to the following third-party music platform APIs:

  • YouTube
  • iTunes
  • Deezer
  • SoundCloud
  • Internet Archive

Each request is subject to a five-second per-source timeout. Search responses are temporarily cached in server memory or on a server-side disk cache to manage external API quotas and improve response performance. Cache retention varies by source and ranges from approximately one hour to ten days. Cached entries are evicted automatically when their time-to-live expires or when the cache reaches its configured capacity.

3.3 Rate-Limiting Records

To prevent abuse of the search aggregator, the Service maintains a short-lived, in-memory record of recent requests per IP address (thirty requests per ten-minute sliding window). These records exist only in process memory and are not persisted.

3.4 Direct Correspondence

If you contact us using the email address listed in Section 14, the contents of your message and your email address will be retained for the purpose of responding to your inquiry and for legitimate record-keeping. We do not use correspondence addresses for marketing.

4. Information Stored Locally on Your Device

Several features of the Service rely on local browser storage. The following data is stored on your device and is not transmitted to our servers under any circumstance:

4.1 Tools-Generated Data

  1. Clipped processes video files entirely within your browser using an in-browser build of ffmpeg.wasm. Video data is read from your device, processed locally within your browser tab, and written back to your device as a downloaded file. No video data is uploaded or otherwise transmitted to the Service.
  2. Musiced stores imported audio files in your browser's Origin Private File System (OPFS), a sandboxed storage area accessible only to lucyna.dev's client-side code running in your browser. Cover art is similarly stored in OPFS. Track metadata, playlists, queue state, the optional folder-sync companion map, and user-interface preferences are stored in IndexedDB on your device.

4.2 Application Preferences

The Service uses your browser's localStorage to remember small preferences across visits, including:

  1. Theme selection (dark, light);
  2. Custom color-palette overrides;
  3. Drawer and sidebar state;
  4. The currently playing track and its position, for cross-page continuity within the Service.

None of these values are transmitted to our servers.

4.3 Service Worker Cache

Musiced registers a service worker that caches static page assets in your browser to improve load performance on subsequent visits. The cache is maintained entirely within your browser. We have no access to or visibility into its contents. You may clear this cache at any time via /settings → "Reload app" or by clearing your browser's site data.

4.4 Removing Locally Stored Data

You may remove all locally stored data at any time by:

  1. Using the "Wipe everything" function at /settings, which clears IndexedDB, OPFS, the service-worker cache, and relevant localStorage keys, and unregisters the service worker;
  2. Clearing site data for lucyna.dev in your browser's settings.

5. Information We Do Not Collect

The Service does not deploy any of the following:

  1. Third-party analytics tools (such as Google Analytics, Plausible, Mixpanel, or comparable services);
  2. Advertising trackers, conversion pixels, or remarketing tags;
  3. Browser-fingerprinting techniques;
  4. Session-replay or behavioral-recording tools;
  5. Cross-site or cross-device identifiers;
  6. HTTP cookies for tracking, analytics, or advertising;
  7. Email-list subscription mechanisms;
  8. Account creation or registration of any kind.

The Service does not collect names, email addresses (other than through optional direct correspondence under Section 3.4), telephone numbers, payment information, postal addresses, or government identifiers.

6. Third-Party Services

When the Musiced search aggregator forwards queries to external music platforms (Section 3.2), those platforms receive the query text along with standard HTTP request information originating from our server (not your IP address). When you click a result link in the search interface and visit the source website directly, your interaction with that website is governed by its own privacy policy. We do not control and are not responsible for the data practices of third-party services.

Content delivery for the Service is provided by Cloudflare, Inc. Cloudflare may process limited connection metadata (such as IP address and request headers) for the purpose of routing, caching, and DDoS mitigation. Cloudflare's practices are governed by its own privacy policy at https://www.cloudflare.com/privacypolicy/.

7. Data Retention

  1. Server logs are retained for a period not exceeding ninety (90) days, after which they are rotated and deleted;
  2. In-memory rate-limiting records are evicted automatically as their ten-minute window expires;
  3. Search response caches are retained between approximately one hour and ten days depending on the source platform, with automatic eviction at expiry;
  4. Direct correspondence is retained for as long as reasonably necessary to address your inquiry, after which it may be deleted;
  5. Data stored locally on your device persists until you remove it as described in Section 4.4.

We do not retain information for longer than necessary for the purposes for which it was collected.

8. Legal Basis for Processing (EEA / UK Users)

If you are located in the European Economic Area or the United Kingdom, the legal bases under which we process limited information are:

  1. Legitimate interests, for operating and securing the Service, diagnosing technical issues, and preventing abuse (server logs and rate-limiting records);
  2. Performance of a service requested by you, for forwarding search queries to third-party platforms when you use the Musiced search feature;
  3. Consent, where applicable, for any future feature that may require it (none currently in use).

We do not engage in automated decision-making or profiling within the meaning of Article 22 of the General Data Protection Regulation (GDPR).

9. Data Security

We implement reasonable technical and organizational measures to protect information processed by the Service, including:

  1. Transport-layer encryption (HTTPS) for all connections between your browser and our servers;
  2. Access controls on the underlying server infrastructure;
  3. Sandboxed client-side execution of tools within your browser's security boundary;
  4. Periodic review of system configuration and dependencies.

No method of internet transmission or electronic storage is completely secure. While we strive to protect information processed by the Service, we cannot guarantee absolute security.

10. Your Rights

Depending on your location, you may have rights regarding personal information processed about you, including:

  1. The right to request access to information we hold about you;
  2. The right to request correction of inaccurate information;
  3. The right to request deletion of your information;
  4. The right to object to or restrict certain processing;
  5. The right to data portability;
  6. The right to lodge a complaint with a supervisory authority (for EEA / UK residents).

To exercise any of these rights, please contact us using the information in Section 14. Because the Service does not require accounts and most data is stored locally on your own device, in many cases you can directly delete information yourself by clearing your browser's site data or by using the "Wipe everything" function at /settings.

11. Children's Privacy

The Service is not directed to individuals under the age of thirteen (13). We do not knowingly collect personal information from children under thirteen. If you believe that a child under thirteen has provided personal information through the Service, please contact us using the information in Section 14 and we will take reasonable steps to delete that information promptly.

12. International Users and Data Transfers

The Service is operated from servers located in Helsinki, Finland (within the European Economic Area), with global content delivery provided by Cloudflare. If you access the Service from outside the European Economic Area, your information may be transferred to, processed, and stored on servers located in the EEA or routed through Cloudflare's global edge network. By using the Service, you acknowledge that your information may be processed in countries other than the one in which you reside.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this Policy and may provide additional notice on the home page of the Service for a reasonable period. Continued use of the Service following the posting of changes constitutes acceptance of the revised Policy.

14. Contact

If you have questions about this Privacy Policy or our data practices, you may contact us at:

Email: contact [at] lucyna [dot] dev

For data subject requests (Section 10), please include sufficient information for us to verify your request and respond appropriately.

Last updated: 2026-05-27.