Legal

Privacy Policy

Important notice: This is a robust draft privacy notice designed for a service business handling client workflow and contact data. It should be reviewed by counsel before final reliance, especially where GDPR, UK GDPR, ePrivacy, CCPA/CPRA, or other jurisdiction-specific laws may apply.

1. What we collect

Maagic Systems may collect contact details, consult form information, business workflow information, internal process details, connected-system metadata, account and credential configuration information, usage information, service logs, communications, and other information reasonably necessary to scope, deploy, maintain, support, and improve AI employee services.

2. Why we use it

We may use information to respond to enquiries, scope projects, provide services, configure systems, monitor service performance, improve workflows, maintain security, invoice clients, provide support, and communicate about service-related matters.

3. Legal bases and US disclosures

Where GDPR-style laws apply, processing may rely on contractual necessity, legitimate interests, consent, legal obligations, or other valid legal bases depending on the context. Where US privacy laws apply, disclosures in this policy are intended to support transparency regarding collection, processing, and service-provider relationships.

4. Client responsibility for connected data

The client is responsible for determining what systems to connect, what business data to expose, what permissions to grant, and whether it has a lawful basis to use or share the relevant data through the service. The client remains responsible for notices, consents, and internal governance obligations arising from its own business operations.

5. Third-party processors and platforms

Maagic Systems may use third-party providers including cloud infrastructure, model providers, analytics providers, email or messaging tools, payment processors, hosting platforms, automation tools, and other service providers. Data handled through such services may also be subject to those providers’ terms and policies.

6. Data retention

We may retain information for as long as reasonably necessary to provide services, comply with contractual obligations, resolve disputes, enforce agreements, meet legal obligations, maintain records, and improve service quality. Retention periods may vary by data type and business context.

7. Security measures

We aim to use reasonable technical and organizational measures, including scoped access, secure credential handling, least-privilege design, access controls, and infrastructure-level protections. However, no method of transmission, storage, or computing environment can be guaranteed fully secure.

8. International data use

Data may be processed in jurisdictions different from the client’s location depending on the providers, hosting infrastructure, support workflow, and service configuration used. Where required, additional safeguards should be implemented and reviewed by counsel.

9. Your rights

Depending on applicable law, individuals may have rights to access, correction, deletion, restriction, objection, portability, or complaint to a supervisory authority. These rights may be subject to legal limitations, service-provider roles, and operational constraints. Requests should be submitted by the appropriate party with authority to make the request.

10. No sale of personal data statement

Maagic Systems does not intend to sell personal data in the ordinary commercial sense. However, jurisdiction-specific definitions may differ, and legal review is recommended before publishing definitive jurisdictional statements.

11. Cookies and analytics

Website or service interactions may involve analytics tools, session data, standard logs, and basic website technologies. Additional notices or cookie controls may be required depending on the analytics stack and the jurisdictions targeted.

12. Contact and data requests

Requests regarding privacy, access, correction, or deletion should be directed through the contact method designated by Maagic Systems. Before final publication, a formal privacy contact method and controller identity should be inserted here.