About the Privacy Notice

Audacity versions 3.0.2 and earlier are not subject to the privacy notice below as they do not include networking features

With this updated version of our privacy notice below (dated 28 August 2022), we (the Audacity Team) would like to outline the changes that will come into play with Audacity 3.0.3 and later versions, as well as the purpose of those changes.

As a responsible organisation, we have taken two important steps—we made sure that we have, at the discretion of our users, the information necessary to allow us to improve the Audacity app, and that by doing so we are compliant with national and international regulations, namely GDPR and CPPA. Most importantly, we have been, and will continue to be, transparent with our users and our developer community about the data we collect, when we collect it and why—before changes are implemented in the newer versions of the Audacity app.

By default, we inform the user about any data we intend to collect:

  1. The first feature mentioned in the privacy notice that requires a network connection is update checking, where we notify users when there is a new version of Audacity available. The user is notified about update checking when Audacity is first installed and is provided with a clear link to disable it in Preferences. Update checking shares your IP address, your OS, and your Audacity version (including whether Audacity was compiled in 32 or 64 bit mode). As explained in the privacy notice, we take steps to anonymise your IP address immediately, which makes it impossible for us to identify you. Please note that we also use this anonymised information for statistics, which help us understand how many users we have per country, which version of Audacity they are using, and whether it is run on Windows, Mac or Linux. These statistics help us to plan app development and make decisions about which platforms we need to support.
  2. The other networking feature of Audacity is error reporting. If an application error occurs, a popup appears asking you whether you want to send us the details of that error, which you can review before sending. We have taken steps to ensure that all potentially identifiable information is filtered from the report data before storage, including the IP address, which we discard.

Please note that some of the terminology in the privacy notice is potentially confusing to those without a legal or technical background. For example, in section 5.1 there is a line under Data security that states “We use appropriate technical and organisational measures to protect the personal information that we collect and process about you”. The ability to send any information over the internet requires an IP address, which is classified under CCPA & GDPR as ‘personal information’, and the steps we take to anonymise it count as ‘processing’. As with any application that makes use of a network connection, we cannot avoid seeing (“collecting”) an IP address, but as stated in 4.1, we do not store or share any personal information.

Audacity is free and open source software, which means that the program’s source code is publicly available and can be inspected to confirm the very limited data that gets sent. You can also inspect our release executable files using network analysis tools.

Audacity does not have age restrictions and it is a safe place for creators of any age.

The notice below outlines:

  • The very limited data we collect and why we collect it
  • Your options in sharing or not sharing information with us
  • Your rights in managing information you share with us
  • Our responsibilities in protecting the data we collect and process

Audacity Desktop App

Privacy Notice

Last updated: 28 August 2022

1. About this Notice

  1. This Privacy Notice (“Notice”) explains what information we (as defined below) collect and use when you (“you” and “your”) use our desktop app, Audacity (the “App”), and explains how we use that information. Our App does not require you to create an account or profile and we do not ask you to provide us with your name, address or any other contact details in order to use our App.
  2. This Notice also sets out the rights that you have in relation to the information that we process about you and how you can exercise them.
  3. The Audacity Team treats compliance with its privacy obligations seriously. This is why we have developed this Notice, which describes the standards that the Audacity Team applies to protect your information.
  4. For the purposes of this Notice, MuseCY SM Ltd., a Cyprus company with an address at Spyrou Kyprianou, 84, 4004, Limassol, Cyprus (“Audacity Team“, “us“, “we“, or “our“) acts as the data controller for the personal information that is collected via the App and through the use of the App, as further outlined in section 2 (“personal information”). As a data controller, the Audacity Team makes sure that any processing of your personal information complies with applicable data protection law, and specifically with the General Data Protection Regulation (“GDPR”).
  5. Please take the time to read this Notice carefully. If you have any questions or comments, please contact us via [email protected].

2. What information does the Audacity Team collect and why?

  1. We use the information listed in the table at the end of this section to help us improve our App, for maintenance and security, and to run any updates that enable the App to function better.
  2. All network features are optional. Update checking can be disabled in the app preferences. We always ask your permission before sending an error report.
  3. Data is only collected for the specific network features you actually use.
  4. All network features require sending an Internet Protocol (IP) address. The full IP address is never stored.
  5. We rely on our legitimate interest as a business to offer you our App and ensure that our App is functioning correctly to process the personal information we collect.
Network featureData collectedPurpose
Check for updates    • User-Agent string (Audacity version, OS name and version)
• Country from IP address		Audacity will periodically check to see if a new version of the application is available.

This feature is on by default. We provide clear links to disable it when the app is first opened.
Error reports• Basic technical data (CPU info, Audacity version, OS name and version)
• Error codes
• Stack trace		If a serious error occurs in Audacity, you are shown the relevant information and given the option to send it or not sent it to us as a report.

We use this information to help us detect serious issues and fix them quickly.

3. Data anonymisation

  1. For update checking, your IP address is anonymised immediately. We only store the first three octets of the IP address so that it is impossible for us to identify you.
  2. We use anonymised information from update checking (country, Audacity version, OS name and version) for analytics and statistical purposes.
  3. We anonymise error report information by discarding the IP address and filtering all file paths from the report data.

4. Who do we share your personal information with?

  1. We do not store or share any personal information.

5. How we protect your privacy

  1. We will process the personal information we collect in accordance with this Notice and based on the following principles:
    1. Fairness: We process your personal information fairly, which means that we are both transparent about how we process it and we process it in accordance with applicable laws.
    2. Lawfulness: We process your personal information only on a valid lawful ground.
    3. Purpose limitation: We process your personal information for specified and legitimate purposes (as described above), and do not process it in a manner that is incompatible with those purposes, unless permitted by applicable data protection laws.
    4. Data minimization: We only process information that is adequate, relevant and limited to what is necessary to achieve the purposes for which the data are processed.
    5. Data accuracy: We take appropriate measures to ensure that any personal information we hold about you is accurate.
    6. Data security: We use appropriate technical and organisational measures to protect the personal information that we collect and process. Such measures include to-date secure network architectures that contain firewalls, intrusion detection devices, and backups.

6. Data storage, retention and deletion

  1. For update checking, your IP address is fully anonymised before storage. For error reporting, your IP address is discarded entirely. For these reasons, it is impossible for us to identify you.
  2. All data is anonymised before storage. We delete all data within 12 months of it being collected.

7. Your data protection rights

  1. Under the GDPR, individuals have certain data protection rights, including the right to access, correct, update or request deletion of their personal information, which you can exercise by emailing [email protected]. However, these rights only apply to the extent that the controller is able to identify the individuals whose personal information is collected. As mentioned above, the Audacity Team anonymises or discards all information that would enable us to identify you, and the processing of the information we collect does not require us to identify you. For these reasons, the exercise of your GDPR rights may be limited, or in some cases, might not apply.
  2. If you have a complaint or concern about how we are processing your personal information then we will endeavour to address such concern(s). If you feel we have not sufficiently addressed your complaint or concern, you have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here.)
  3. We respond to all requests we receive at via [email protected] from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

8. Linking to other websites

  1. The App may contain hyperlinks to websites. These websites have their own privacy policies and we urge you to review them. They will govern the use of personal information you submit whilst visiting these websites.
  2. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

9. Updates to this Notice

  1. We may update this Notice from time to time in response to changing legal, technical, or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Notice changes if and where this is required by applicable data protection laws.
  2. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.

10. How to contact us

  1. If you have any questions or comments, or if you wish to exercise your data protection rights, please contact us via [email protected].

11. Additional Information for California Consumers

  1. The California Consumer Privacy Act (“CCPA”) provides California residents, referred to in the law as “consumers,” with rights to receive certain disclosures regarding the collection, use, and sharing of personal information, as well as rights to access and control personal information. Certain information that we collect may be exempt from the CCPA because it is considered public information (because it is made available by a government entity) or covered by another federal privacy law, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
  2. To the extent that we collect personal information about you that is subject to the CCPA, that information, our practices, and your rights are described below.
  3. Right to information regarding the categories of personal information collected, sold, and disclosed: You have the right to obtain information regarding the categories of personal information we collect. We collect the categories of information described above.
  4. We do not sell personal information.