Privacy Policy

Last updated: March 2026

This Privacy Policy describes how MarketInc Agency ("we," "us," or "MAGIC") collects, uses, stores, and protects your information when you use the MAGIC platform at magic.marketinc.agency. By using our services, you agree to the practices described in this policy.

1. Information We Collect

Personal Information

When you create an account, we collect your name and email address. Authentication is handled via email one-time password (OTP) through Better Auth, with optional two-factor authentication (2FA).

Marketing Data (via OAuth)

When you connect your advertising accounts, we collect marketing performance data — including campaign spend, impressions, clicks, and conversions — from the following platforms via their official APIs:

Meta Ads (Facebook & Instagram advertising)
Google Ads
Google Analytics 4 (GA4)
TikTok Ads
LinkedIn Ads

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or full payment credentials on our servers. Stripe provides us with a limited set of billing details (such as the last four digits of your card and billing address) for transaction records.

Usage Data

We automatically collect technical information such as page views, feature usage patterns, IP address, browser type, and device information to improve the platform experience.

2. How We Use Your Information

We use the information we collect to:

Provide our core ETL and analytics services — aggregating, transforming, and visualizing your marketing data
Run machine-learning models on your marketing data to generate insights and forecasts (via Modal GPU compute)
Process subscription payments and manage billing through Stripe
Send transactional emails including OTP codes, analysis reports, and weekly digests (via AWS SES)
Monitor and improve platform performance, reliability, and security
Comply with legal obligations and prevent fraud

3. OAuth Data Access

MAGIC connects to your advertising accounts using read-only OAuth scopes provided by each platform. We never write to, modify, or manage your ad accounts — we only read performance data.

For each connected platform, we request the minimum scopes necessary:

Meta Ads — Read access to ad accounts, campaigns, ad sets, and ads with performance metrics (spend, impressions, clicks, conversions)
Google Ads — Read-only access to campaign performance reports and account hierarchy
GA4 — Read access to analytics properties, including traffic, events, and conversion data
TikTok Ads — Read access to advertiser accounts and campaign performance metrics
LinkedIn Ads — Read access to ad accounts and campaign analytics data

Data is synced on a daily or weekly basis depending on your configuration. You may disconnect any platform at any time from your dashboard, which revokes the OAuth token and stops further data retrieval.

4. Data Storage & Security

We take the security of your data seriously:

Encryption in transit — All connections use TLS 1.2+
Encryption at rest — OAuth tokens and credentials are stored in PostgreSQL encrypted with AES-256
Analytics storage — Aggregated marketing data is stored in ClickHouse, a high-performance columnar database optimized for analytics queries
Job queues — Redis is used for ephemeral job queue processing; no persistent personal data is stored in Redis
Tenant isolation — Every database query is scoped by a unique tenant_id tied to your account, ensuring strict data isolation between customers

All infrastructure is hosted on DigitalOcean and managed via Coolify. Access to production systems is restricted to authorized personnel with SSH key authentication.

5. Third-Party Services

MAGIC relies on the following third-party service providers, each with their own privacy policies:

Stripe — Payment processing. Stripe handles all credit card data and is PCI-DSS Level 1 certified. See Stripe's Privacy Policy.
AWS SES (Amazon Simple Email Service) — Transactional email delivery for OTP codes, reports, and notifications.
Sentry — Error tracking and performance monitoring. Sentry is configured with send_default_pii=False, meaning no personally identifiable information is sent to Sentry. Only technical error data (stack traces, error messages) is transmitted.
Modal — GPU compute for machine-learning model execution. Data sent to Modal runs in ephemeral containers that are destroyed after processing; no customer data is persisted on Modal infrastructure.
DigitalOcean — Cloud hosting for all MAGIC infrastructure including databases, application servers, and networking.

6. Cookies

MAGIC uses a minimal set of cookies strictly necessary for operation:

better-auth.session_token — An authentication cookie used to maintain your logged-in session. This cookie has a 7-day expiry and is set as HttpOnly and Secure. It contains a session identifier and does not store personal data directly.

We do not use third-party tracking cookies, advertising cookies, or any analytics cookies from external providers.

7. Data Retention

Active accounts — Your data is retained for as long as your account is active and your subscription is in good standing.
Deleted accounts — When you delete your account, all associated personal data and marketing data is permanently purged within 30 days. ClickHouse data is removed via ALTER TABLE DELETE operations.
Billing records — Stripe transaction records are retained as required by applicable tax and accounting laws, even after account deletion.
Error logs— Sentry error data is retained per Sentry's default retention policy (typically 90 days) and contains no PII.

8. Your Rights

If you are a resident of Mexico, your personal data is protected under the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP). Under this law, you have ARCO rights:

Access (Acceso) — Request a copy of the personal data we hold about you
Rectification (Rectificación) — Request correction of inaccurate or incomplete personal data
Cancellation (Cancelación) — Request deletion of your personal data when it is no longer necessary for the purposes for which it was collected
Opposition (Oposición) — Object to the processing of your personal data for specific purposes

For international users, we also respect data protection rights under applicable local laws, including the right to access, correct, delete, and port your data.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframes required by applicable law.

9. International Transfers

Your data may be processed and stored in the United States through the following services:

DigitalOcean — NYC region (primary infrastructure)
Modal — US-East region (GPU compute)
Stripe — United States (payment processing)
AWS SES — US-East region (email delivery)

By using MAGIC, you consent to the transfer of your data to these locations. We ensure that all service providers maintain appropriate security measures to protect your data in compliance with applicable data protection laws.

10. Billing & Invoicing

All payments are processed securely through Stripe. We do not directly handle or store credit card information.

For Mexican businesses, CFDI (Comprobante Fiscal Digital por Internet) invoices are available upon request. To receive a CFDI invoice, please provide your RFC (Registro Federal de Contribuyentes) and fiscal information by contacting [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. For material changes, we will notify you via email at the address associated with your account. Your continued use of MAGIC after notification constitutes acceptance of the updated policy.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Organization: MarketInc Agency
Location: Mexico
Website: marketinc.agency

← Back to home