Privacy Policy

Magic Lap ("we", "our", or "us") operates the Magic Lap Unified Ads Dashboard (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2.1 Information you provide

• Account data: name, email address, and password (stored as an argon2id hash, we never see your plain-text password).
• Workspace information: your company or workspace name.
• Payment data: PayPal transaction IDs submitted for subscription verification (we do not store full card numbers or financial credentials).
• Support communications: messages sent to our support email.

2.2 Information collected automatically

• Usage data: pages visited, features used, and session duration.
• Device & browser data: IP address, browser type, operating system.
• Cookies & local storage: used for authentication sessions and user preferences (theme, language). See Section 7.

2.3 Third-party advertising data

When you connect advertising platforms (Meta, Google, TikTok, Snapchat, etc.) via Windsor.ai, we access campaign metrics and performance data using your API credentials. This data is stored in your workspace and used solely to power your dashboard.

• To provide, operate, and improve the Service.
• To authenticate you and maintain your session securely.
• To send transactional emails (password resets, alerts, reports) when you request them.
• To verify subscription payments and maintain access controls.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.

We do not sell your personal data to third parties.

We share your data only in these circumstances:

• Service providers: we use Resend (email delivery) and Supabase / PostgreSQL (database hosting). These providers process data on our behalf under strict data processing agreements.
• Windsor.ai: API requests are made to Windsor.ai using your own API key to retrieve advertising data on your behalf.
• Legal requirements: we may disclose data if required by law, court order, or to protect the rights, property, or safety of Magic Lap or others.

We retain your account data for as long as your account is active. If you cancel your subscription or request deletion, we will delete your personal data within 30 days, except where required by law.

Aggregated, anonymised analytics data may be retained indefinitely.

We implement industry-standard security measures including:

• argon2id password hashing (memory-hard, GPU-resistant).
• AES-256-GCM encryption for stored API keys (libsodium AEAD).
• HTTPS/TLS for all data in transit.
• Rate limiting and brute-force protection on all authentication endpoints.
• Two-factor authentication (TOTP) available for all users.

Despite these measures, no system is 100% secure. Please use a strong, unique password and enable two-factor authentication.

We use the following:

• Session cookie: a secure, HttpOnly, SameSite=Lax cookie that keeps you signed in. It is essential for the Service to function.
• CSRF token cookie: prevents cross-site request forgery attacks.
• Local storage (uad-theme, uad-locale): stores your theme preference (light/dark) and language preference (EN/AR). This is purely functional and contains no personal data.

We do not use advertising or tracking cookies.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict processing.
• Data portability.

To exercise any of these rights, email us at support@magic-lap.com. We will respond within 30 days.

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the new policy.

If you have any questions about this Privacy Policy, please contact us:

• Email: support@magic-lap.com
• Website: adhub.magic-lap.com