↘ how we handle your data

Privacy policy.

LAST UPDATED · May 19, 2026

Short version: your data is yours. We collect what we need to run your campaigns and send you a useful dispatch — nothing more — and we don’t train shared models on it or sell it. The long version is below. Questions: hi@magig.app.

01What we collect

We collect only what we need to deliver the service:

  • Account info — your name, email, password hash, billing details, and basic business context (company, role, what you sell).
  • Ad platform tokens — OAuth credentials you give us so Mag can act inside your Meta, Google, and other ad accounts. Stored encrypted; we never log raw tokens.
  • Campaign & performance data — the creative, audiences, budgets, and metrics returned by the platforms for the campaigns Mag runs.
  • Funnel data — Stripe and analytics signals you connect, used to optimise for paying customers rather than vanity metrics.
  • Customer lists you upload — used solely to build lookalike audiences inside your own ad accounts.
  • Support communications — emails and in-app messages you send us.
  • Usage / product analytics — pages visited, features used, errors hit, all tied to your account so we can debug and improve the product.

02What we don’t collect

  • We don’t buy data about you from third-party brokers.
  • We don’t track you across other websites.
  • We don’t collect special categories (health, biometric, etc.) — if you upload a customer list that contains any, please scrub it first.

03How we use your data

We use what we collect to operate the service: running and optimising your campaigns, sending the daily dispatch, supporting you, processing billing, and keeping the platform secure. We also use aggregated, anonymised patterns (e.g. “creative variants on saturated keywords tend to underperform”) to improve how Mag thinks — never tied back to an individual or business.

04What we don’t do

  • We don’t train shared AI models on your data. Your ad performance, creative, customer list, and brief stay yours and are only used to optimise your own campaigns.
  • We don’t sell your data. Not to advertisers, not to brokers, not to anyone.
  • We don’t share your data with other magig customers.

05Who we share data with (sub-processors)

To run the service, we share data with a small, vetted set of providers:

  • Ad platforms (Meta, Google, others as we add them) — to read your account state and execute campaign actions you authorise.
  • Stripe — to process payments and (if you connect it) to read funnel signals.
  • Anthropic — Mag uses large language models to generate creative and reason about your data. We send the minimum context needed for each task and don’t opt into training-data use.
  • Infrastructure providers (hosting, database, queue, email delivery) — to host the application and send transactional email.
  • Product analytics — privacy-respecting analytics for understanding usage, with PII scrubbed.

Each provider is bound by a data-processing agreement consistent with this policy.

06Cookies

We use a small number of first-party cookies to keep you signed in and to remember your preferences. We use a privacy-respecting analytics tool that doesn’t set third-party tracking cookies. We don’t run advertising cookies on this site.

07Where your data lives

Data is stored on infrastructure operated by our hosting and database providers, primarily in the United States and the European Union. By using magig you consent to this storage and processing. We apply industry-standard security (encryption in transit and at rest, principle-of-least-privilege access, audit logging).

08How long we keep your data

  • While your account is active — for as long as you use magig, plus the time we need it for billing, audit, and legal reasons.
  • After cancellation — you can export your data for 30 days, then we delete it from production systems on a regular schedule. Anonymised, aggregated data may be retained longer for product analytics.
  • Tokens to ad platforms — deleted immediately when you disconnect a platform or cancel.

09Your rights

You can, at any time:

  • Access the personal data we hold about you.
  • Correct anything that’s wrong.
  • Export your data in a portable format.
  • Delete your account and the data associated with it.
  • Withdraw consent for any optional processing.
  • Object to processing, or request restriction, where you have grounds under applicable law (e.g. GDPR, CCPA).

Most of these you can do from your account settings. For anything you can’t, email hi@magig.app and we’ll handle it within 30 days.

10Children

magig is built for founders running businesses. We don’t knowingly collect data from anyone under 18 — if you believe we have, write to us and we’ll delete it.

11Security incidents

If we ever discover a breach that affects your data, we’ll notify you without undue delay — typically within 72 hours of confirmation — with what happened, what data was affected, and what we’re doing about it.

12Changes to this policy

We may update this policy as the product or the law evolves. We’ll post the new version here, update the “last updated” date, and email active users when a change is material.

13Contact

Anything privacy-related — questions, requests, complaints — goes to hi@magig.app. We read everything and we respond.