Privacy Policy

This Privacy Policy describes how Magnevo (“Magnevo”, “we”, “our” or “us”) processes personal data in connection with the Magnevo platform, our websites and any related services (collectively, the “Service”). It applies to information about visitors to our marketing site, account holders, end-users invited by an account holder, and anyone who contacts us.

For the personal data described in this Policy, Magnevo acts as the “controller” under the UK GDPR and EU GDPR. Where you upload, submit or otherwise direct us to process personal data about your own customers, prospects or contacts (“Customer Data”), Magnevo acts as a “processor” on your behalf. Our processing of Customer Data is governed by our Terms of Service and any applicable data processing terms.

This Policy applies to personal data we collect through the Service. It does not apply to:

• websites, applications or services operated by third parties that are linked from the Service; or
• information processed by you or any third party outside of the Service, even if you choose to connect that third party to your Magnevo account.

Those third parties have their own privacy practices, which we encourage you to review.

Information you provide.

• Account & identity data — name, email address, password (hashed) and any profile details you choose to add.
• Business profile data — information you submit about your company, products or audience.
• Billing data — billing name, billing address, and the last four digits and brand of your payment card. Full payment-card details are collected and stored by our payment provider; we do not see or store them.
• Support & communications — content of messages you send us, feedback, survey responses and any attachments.
• Authorisations — credentials and tokens you provide to authorise the Service to interact with third-party services on your behalf.

Information we collect automatically.

• Usage data — pages and features used, actions taken, configuration choices and other diagnostic data.
• Device & log data — IP address, browser type and version, operating system, referrer, language preference and timestamps.
• Cookies and similar technologies — see Section 14.

We do not knowingly collect special-category personal data (such as health, biometric or political-opinion data). Please do not submit such data to the Service.

We use personal data to:

• provide, operate, maintain and secure the Service;
• create and manage your account and process your transactions;
• execute actions you direct through the Service, including actions involving third-party services you have connected;
• provide customer support and respond to your enquiries;
• send you transactional and service-related communications (for example, billing receipts, security notices and material changes to our Terms or this Policy);
• send marketing communications, where permitted by law and subject to your right to opt out at any time;
• monitor, analyse and improve the Service, including by producing aggregated and de-identified analytics;
• prevent, detect and address fraud, abuse, security incidents and other harmful or unlawful activity; and
• comply with our legal obligations and enforce our agreements.

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:

• Performance of a contract — to provide the Service to you under our Terms of Service.
• Legitimate interests — to operate, secure and improve the Service and our business, provided those interests are not overridden by your rights and freedoms.
• Consent — for certain marketing communications and non-essential cookies, which you can withdraw at any time.
• Legal obligation — to comply with applicable laws, including tax, accounting and lawful requests from public authorities.

The Service lets you authorise it to interact with third-party services that you control. When you authorise such a connection:

• we use industry-standard authorisation flows and never receive your password for the third-party service;
• we store the access tokens and minimum metadata required to perform the actions you direct;
• we use that access only to perform the actions you initiate or schedule through the Service;
• you can revoke the authorisation at any time from the relevant settings, which immediately disables our ability to perform new actions; and
• we do not use data accessed through your connected services to train any general-purpose machine-learning model.

We do not sell your personal data and we do not share it with third parties for their own advertising or marketing purposes. We may share personal data only as follows:

• Sub-processors. Vetted service providers who process personal data on our behalf, under written instructions and confidentiality and security obligations — see Section 9.
• Connected services. Where you direct us to interact with a third-party service, we will send to that service the information required to perform the action you have requested.
• Legal & safety. Where we believe in good faith that disclosure is required by law, regulation, legal process or governmental request, or is necessary to protect the rights, property or safety of Magnevo, our users or the public.
• Corporate transactions. In connection with a merger, acquisition, financing, reorganisation, bankruptcy or sale of assets, in which case appropriate confidentiality protections will apply.
• With your consent. Any other sharing will be done only with your explicit consent.

We engage a small set of sub-processors to provide essential parts of the Service, such as cloud hosting, database storage, transactional email delivery, payment processing, error monitoring and product analytics. Each sub-processor is bound by a written agreement requiring it to process personal data only on our instructions and to maintain appropriate technical and organisational measures. A current list of sub-processors is available on request to hellomagnevo@gmail.com.

Magnevo is based in the United Kingdom. We and our sub-processors may process personal data outside the country in which you reside, including in countries that may not provide the same level of protection as your home jurisdiction. Where we transfer personal data internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions, in each case as applicable.

We retain personal data for as long as is necessary to provide the Service to you and to fulfil the purposes described in this Policy. In general:

• account and profile data is retained for the life of your account;
• billing records and tax-relevant data are retained for the period required by applicable law (typically six years);
• operational logs are retained for up to ninety (90) days for security and debugging; and
• after account closure, we delete or anonymise personal data within thirty (30) days, except where longer retention is required by law or to resolve disputes.

We maintain administrative, technical and organisational measures designed to protect personal data, including encryption in transit, encryption at rest for sensitive credentials, role-based access controls, network segmentation, audit logging, secure development practices and ongoing monitoring. No security programme is perfect, however, and we cannot guarantee the absolute security of any system. If we become aware of a personal-data breach affecting you, we will notify you as required by applicable law.

Subject to applicable law, you may have the right to:

• request access to the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion of your personal data;
• request restriction of, or object to, our processing;
• request portability of certain data in a structured, commonly-used, machine-readable format;
• withdraw consent at any time where we rely on it (without affecting prior processing); and
• lodge a complaint with a supervisory authority — see Section 17.

To exercise any of these rights, email hellomagnevo@gmail.com. We may need to verify your identity before acting on a request.

We use a small number of cookies and similar technologies:

• Strictly necessary — to authenticate sessions, secure forms (for example, CSRF protection) and remember essential preferences. These are always on.
• Analytics — first-party measurement to understand aggregate usage and improve the Service. These are loaded only where permitted.

You can manage cookies through your browser settings. Disabling strictly necessary cookies may affect core functionality such as signing in.

The Service is not directed to, and we do not knowingly collect personal data from, children under the age of 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

We may update this Policy from time to time. The current version is always available at this URL with the “Last updated” date above. If we make material changes, we will provide reasonable notice — for example, by email or an in-product notice — before they take effect.

For any privacy question, request or concern, please contact us at hellomagnevo@gmail.com. If you are located in the United Kingdom or the European Economic Area and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local supervisory authority. In the United Kingdom, that authority is the Information Commissioner’s Office (ico.org.uk).