Magic Agent — Privacy Policy

Last updated: March 16, 2026

Magic Agent ("we", "our", or "the app") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights.

1. Information We Collect

• Phone number — used as your account identifier.
• Name — displayed in your profile and shared with group members.
• Chat messages — the text you send to the AI agent, used to generate responses.
• Documents — files you upload for analysis and storage within the app.

2. Information We Do Not Collect

• We do not collect your device location.
• We do not use advertising identifiers or tracking pixels.
• We do not engage in cross-app or cross-site tracking.

3. How We Use Your Information

Your chat messages and uploaded documents are sent to the Google Gemini API for AI processing. This allows the agent to understand your requests and generate helpful responses.

Your data is not used to train AI models. Google Gemini API data is processed under their API terms, which prohibit using API inputs for model training.

4. Document Storage & Security

Documents you upload are stored on Amazon Web Services (AWS) S3 with the following protections:

• All documents are encrypted at rest using AES-256 server-side encryption.
• All data in transit is encrypted via HTTPS/TLS.
• Each document is stored in a user-specific path. Only you (and group members you explicitly share with) can access your documents.
• Documents are accessed only programmatically by the app to display, analyse, or process them on your behalf. No human ever views, reads, or has access to your documents.
• When you ask the AI agent a question about a document, the document content is sent to the Google Gemini API for analysis and is not stored by Google.

5. Account Security

• Passwords are cryptographically hashed (PBKDF2-SHA256) and never stored in plain text.
• Authentication uses one-time passwords (OTP) sent to your phone number, with a 5-minute expiry.
• Session tokens are stored securely on your device using platform-level encrypted storage.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes.

The only third-party service that processes your data is the Google Gemini API, which is used solely to power the AI agent's responses. Google does not use API inputs to train their models.

7. Data Deletion

You can permanently delete your account and all associated data at any time from within the app. Navigate to the Me tab and tap Delete Account. This action is irreversible and removes:

• Your profile and personal information
• All uploaded documents (permanently deleted from cloud storage)
• Group memberships and shared document access
• Chat history and conversation data

If you cannot access the app, email us at [email protected] with your registered phone number and we will process the deletion within 48 hours.

8. Data Retention

We retain your personal data only for as long as necessary to provide the service:

• Account data (name, phone number) — retained while your account is active. Deleted immediately when you delete your account.
• Chat messages — retained while your account is active to provide conversation history. Permanently deleted upon account deletion.
• Uploaded documents — stored until you manually delete them or delete your account. All files are permanently removed from cloud storage upon deletion.
• Server logs — retained for up to 30 days for debugging and security monitoring, then automatically purged.

After account deletion, all your data is permanently removed within 48 hours. We do not retain backups of deleted user data.

9. Children's Privacy (COPPA Compliance)

Magic Agent is not intended for children under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete the information.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information immediately.

10. GDPR — European Users

If you are located in the European Economic Area (EEA), you have the following additional rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing — we process your data based on your explicit consent (provided during account creation) and as necessary to perform the service you requested.
• Right of access — you can view all your data within the app at any time.
• Right to rectification — you can update your data (except name, phone number, and email) by talking to the AI agent.
• Right to erasure — you can delete your account and all associated data at any time.
• Right to data portability — contact us to request a machine-readable copy of your data.
• Right to withdraw consent — you can stop using the app and delete your account at any time.
• Right to lodge a complaint — you have the right to file a complaint with your local data protection authority.

Data controller: Prasanna Munot, reachable at [email protected].

International transfers: Your data is stored on servers in India (AWS ap-south-1). If you access the service from the EEA, your data is transferred to India. We protect this transfer through encryption and our security measures described above.

11. Your Rights

• Access — you can view all your data within the app at any time.
• Deletion — you can delete your account and all data from the Me tab.
• Withdraw consent — you can stop using the app at any time.
• Export — contact us to request a copy of your data.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by displaying a notice within the app. Your continued use of the app after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions or concerns about this privacy policy, please contact us at:

[email protected]