What We Don't Do
MuseClef pages do not contain or link any third party code at all (let alone ads or spyware), and we do not collect any personal information about you except your email address, scores in your possession, payment history and credit on account (donations, targeted or not, are always redeemable as credit).
What We May Do
We may monitor interaction in an effort to ensure smooth server performance. Neither this, nor any other client information, will ever be provided to any third party, regardless of their claims to entitlement.
For the time being, any business transactions will be arranged by email, using your preferred method of funds transfer. If you have credit on account, it will be applied automatically, saving you this step.
Online Privacy is Meaningless without Security
Your password in never visible to us, because we ensure that it is sent from your browser in a hashed form. At sign‑in, this is compared to the hashed password stored in our database. (For the crypto-savvy: It is hashed again with bcrypt before it is stored in the database!)
Your connection to museclef.com is always HTTPS 
secure.
Unfortunately, people tend to include personal information in passwords, and to reuse passwords for multiple accounts.
Hashing at the client is the only responsible course.
Our database is quite secure, because it is not accessible online, except through a minimal set of features which result in SQL actions carefully guarded from injection attack. The complete list of client actions which may involve the database is: registration, password change, email change, funds added (including targeted donations), and purchases (which are technically rental agreements).