Privacy Policy

Last updated: January 31, 2026

1. Data Controller

T-55 Marcin Kulawinek

Jednoosobowa działalność gospodarcza

ul. Melisowa 50

51-180 Wrocław, Poland

NIP: 8272123778

Email: privacy@magini.io

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Company name (optional)
  • Password (stored as a secure hash)

2.2 API Usage Data

When you use our API, we log:

  • API requests (endpoint, timestamp, response status)
  • Message metadata (recipient channel, delivery status — not message content)
  • IP address of API calls

2.3 Payment Data

Payments are processed by our Merchant of Record:

Paddle.com Market Limited

Judd House, 18-29 Mora Street, London, EC1V 8BT, United Kingdom

Paddle handles all payment processing, invoicing, VAT, and tax compliance. We do not store your credit card details. See Paddle's Privacy Policy.

2.4 Website Analytics

We do not use third-party analytics services (Google Analytics, Meta Pixel, etc.). We do not track you across the web. Basic server logs (IP, user agent, timestamp) are retained for security purposes only.

3. Legal Basis for Processing (GDPR Art. 6)

Data Legal Basis
Account data Contract performance (Art. 6(1)(b))
API usage logs Contract performance, Legitimate interest (Art. 6(1)(b), (f))
Payment data Contract performance, Legal obligation (Art. 6(1)(b), (c))
Server logs Legitimate interest — security (Art. 6(1)(f))

4. Data Processors & Sub-processors

We use the following third-party services to operate Magini.io:

Processor Purpose Location
Hetzner Online GmbH Server hosting Germany 🇩🇪
OVH SAS Server hosting France 🇫🇷
Paddle.com Market Ltd Payment processing (MoR) UK 🇬🇧 (adequate)

No US-based processors. Your data never leaves the EU/EEA or countries with an EU adequacy decision.

5. Data Retention

  • Account data: Retained until you delete your account, plus 30 days for backup recovery.
  • API logs: Retained for 90 days, then automatically deleted.
  • Invoices & payment records: Retained for 10 years (German tax law, AO §147).
  • Server logs: Retained for 7 days, then automatically deleted.

6. Your Rights (GDPR Art. 15–22)

You have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure ("Right to be forgotten") — Request deletion of your data
  • Restriction — Limit how we process your data
  • Portability — Receive your data in a machine-readable format
  • Object — Object to processing based on legitimate interest
  • Withdraw consent — Where processing is based on consent

To exercise any of these rights, contact us at privacy@magini.io. We will respond within 30 days.

7. Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. For Poland:

Urząd Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warszawa, Poland

https://uodo.gov.pl

8. Cookies

We use only strictly necessary cookies for:

  • Session management (if logged in)
  • Language preference

We do not use advertising cookies, tracking cookies, or third-party cookies. No cookie consent banner is required under GDPR for strictly necessary cookies.

9. Data Security

We implement appropriate technical and organizational measures:

  • TLS 1.3 encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Regular security updates and patching
  • Access controls and audit logging
  • Servers located exclusively in EU data centers

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. The "Last updated" date at the top of this page indicates when it was last revised.

11. Contact Us

For any questions about this Privacy Policy or our data practices:

T-55 Marcin Kulawinek — Data Protection

Email: privacy@magini.io

Note: This privacy policy template is for informational purposes and does not constitute legal advice. We recommend having this policy reviewed by a qualified data protection lawyer before going live.