magiacard

Last updated: May 2026

Privacy policy

This policy explains what personal data we collect when you use magiacard, why we collect it, how long we keep it, and the rights you have over it under the GDPR and equivalent laws.

1. Data controller

The data controller for magiacard is the legal entity that operates the platform. You can contact us at any time at privacy@magiacard.app for questions about this policy or to exercise your rights described below.

2. What we collect

Account data: name, email, phone, country, and, for company accounts, your company name, industry, address and the public profile content you choose to publish. Visit analytics: when someone opens your public page through the web, a QR scan, or an NFC tap, we record the visit timestamp, source, hashed IP, country and city (via GeoIP lookup), device type, browser family and the referring URL. We do not record names or any personally identifying information about visitors. Technical logs: short-lived error and security logs that may include your IP and request metadata, kept only to keep the service reliable and secure.

3. Why we collect it (lawful basis)

Account data is processed to provide you with the service you signed up for (contract). Visit analytics on your own profile is processed on the basis of your legitimate interest as a company owner to understand how your profile is performing. Security logs are processed on the basis of our legitimate interest in keeping the platform safe.

4. How long we keep it

Account data is kept for as long as your account is active. After you close your account we erase your profile within 30 days, except for the minimum we are legally required to retain (e.g. for tax or fraud-prevention purposes), which we keep for the period required by law and then delete. Visit analytics are kept for 24 months in aggregated form and then deleted. Security logs are kept for at most 90 days.

5. Who we share it with

We do not sell your personal data and we do not share it with advertisers. We use a small number of trusted infrastructure providers (hosting, email delivery, GeoIP lookup, media storage) acting as processors on our behalf under written contracts. We disclose data only where required by a binding legal request and only to the minimum extent necessary.

6. International transfers

Your data is stored on servers located in the EU or in countries with an adequacy decision. When a processor is based outside that perimeter we rely on the European Commission's standard contractual clauses to provide an equivalent level of protection.

7. Your rights

You have the right to access, rectify, port, restrict or erase your personal data, and to object to its processing. You can exercise these rights at any time from the settings page or by writing to privacy@magiacard.app — we will reply within 30 days. You also have the right to lodge a complaint with your local data-protection authority.

8. Cookies and tracking

We use a small number of essential cookies and equivalent storage to keep you logged in, remember your language and theme preferences, and protect the service from abuse. We do not use advertising cookies or third-party trackers, so there is no tracking-consent banner to dismiss.

9. Changes to this policy

If we change this policy in a way that affects you, we will tell you in the dashboard and update the "last updated" date at the top of this page before the change takes effect.