Last updated: 26 May 2026
We collect account information, business profile details, team records, client records, bookings, forms, documents, invoices, quotes, messages, automations, marketing lists, and integration settings you choose to store in Magic.
We use this information to provide the Service, secure workspaces, support billing, run customer-requested workflows, troubleshoot errors, and improve product reliability. We do not sell personal data.
Application data is stored in Supabase, which is hosted on AWS. We use encryption in transit, provider-managed encryption at rest, row-level security, role checks, audit logging where available, and least-privilege service access.
Magic uses or may use Supabase, AWS, Stripe, Resend, Twilio, PostHog, Sentry, Anthropic, Meta, WhatsApp, Vercel, and similar processors to operate hosting, payments, email, SMS, analytics, error monitoring, AI assistance, messaging, and deployment. Some processors are only active when you enable the related integration.
You can access, correct, export, or delete workspace data from the product where controls exist, or by contacting us. We may retain limited records where required for security, legal, tax, billing, abuse-prevention, backup, or dispute-resolution purposes.
We use essential cookies and local storage for authentication, session continuity, security, and product preferences. If analytics is enabled, PostHog may collect product usage events to help us understand reliability and adoption. We do not use third-party advertising cookies.
We retain customer workspace data while the account is active and for a reasonable period after closure for backups, legal obligations, security review, and billing records. Backup copies expire through the normal backup lifecycle.
We may update this policy from time to time. We will notify you of significant changes via email or through the platform.
For privacy-related questions, contact us at privacy@heymagic.co.