This is Magpie The Privacy Policy

Last updated: 3 May 2026

  1. WHO WE ARE

Magpie is a brand strategy product operated by [legal entity name], a company registered in [country] with its registered address at [address]. For the purposes of UK and EU GDPR, we are the data controller for the personal data we process about you when you use Magpie at meetmagpie.com. Questions about this policy can go to privacy@meetmagpie.com.

  1. WHAT THIS POLICY COVERS

This policy explains what data we collect about you and your brand, why we collect it, who we share it with, how long we keep it, and the rights you have over it. It applies to your use of Magpie's website and web application. It does not cover third-party services we link to.

  1. THE DATA WE COLLECT

Account data. When you sign up we collect your name, email, a hashed password, authentication identifiers from sign-in providers if you use them, and billing information for paid plans (payment details are processed by our payment provider and never stored on our servers).

Brand data. This is the heart of the product. It includes your brand profile (name, audience, tone, no-go zones, admired brands), reference images you upload or drag in, voice samples you paste, the Visual DNA Magpie generates from your imagery, your full chat history, your rejection log, and any briefs or angles Magpie generates for you. Brand data is yours and we treat it as your confidential information.

Usage data. Technical and behavioural data we need to run and improve the service: IP address, approximate location, device and browser, pages visited, features used, diagnostic logs, and cookies.

  1. HOW WE USE YOUR DATA

We use your data to provide the service, improve it, communicate with you, process payments, prevent fraud, and meet legal obligations. The legal bases we rely on are: performance of a contract (delivering the product you signed up for), legitimate interests (improving the product, security), consent (marketing emails), and legal obligation (tax records, lawful requests). You can withdraw marketing consent at any time using the unsubscribe link.

  1. AI AND MODEL TRAINING

This part matters, so we are explicit about it. We do not use your brand data to train AI models. Your references, voice samples, conversations, and rejected ideas are not part of any training set, ours or anyone else's. Your brand brain is never shared across accounts — another customer cannot see, query, or benefit from your data. We do use third-party large language models (currently [Anthropic / OpenAI / others]) to generate responses; your inputs are sent to them under enterprise data processing terms that prohibit training on your data. We may use anonymised, aggregated patterns to improve the product, but never the contents of your specific brand or rejections. If our position on training ever changes, we will notify active users by email at least 30 days in advance.

  1. WHO WE SHARE DATA WITH

We share data only with service providers acting on our behalf, under written data processing agreements. These include our hosting provider, blob storage provider, authentication provider, LLM providers, payment processor, email provider, analytics tool, and error tracking tool. A current list of sub-processors is available on request to privacy@meetmagpie.com. We also share data when required by law, when necessary to protect Magpie or its users from harm, or as part of a corporate transaction (in which case we will notify users beforehand). We do not sell your data, share it with advertisers, or share brand data with other Magpie users.

  1. INTERNATIONAL TRANSFERS

Some service providers, particularly the LLM providers, are based in the United States. When data is transferred outside the UK or EEA, we rely on UK International Data Transfer Agreements, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses themselves, with additional safeguards including encryption in transit and at rest. Copies are available on request.

  1. HOW LONG WE KEEP YOUR DATA

Account and brand data is kept while your account is active and removed from production within 30 days of deletion (and from backups within 90 days). Billing records are kept for seven years to meet UK tax requirements. Usage logs are kept for 90 days. Diagnostic logs are kept for 30 days. Marketing email records are kept until you unsubscribe, plus 30 days. You can delete your account at any time from your account settings.

  1. COOKIES

Magpie uses strictly necessary cookies to keep you signed in and the service working — these run without consent. Analytics cookies run only with your consent. You can manage cookies through the banner shown on first visit or through your browser.

  1. SECURITY

Data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256. Access to production systems is limited to authorised personnel and protected by multi-factor authentication. We follow the principle of least privilege, log access to systems containing personal data, and run regular security reviews. If we suffer a personal data breach that puts your rights at risk, we will notify you and the Information Commissioner's Office within 72 hours, as required by law. Report security issues responsibly to security@meetmagpie.com.

  1. YOUR RIGHTS

Under UK and EU GDPR you have the right of access, the right to rectification, the right to erasure, the right to restriction, the right to data portability, the right to object to processing, and the right to withdraw consent where processing is based on consent. Magpie does not make legally significant automated decisions about you. To exercise any of these rights, email privacy@meetmagpie.com — we will respond within 30 days. If you believe we have mishandled your data, you have the right to complain to the UK Information Commissioner's Office at ico.org.uk or your local supervisory authority in the EU.

  1. CHILDREN

Magpie is not intended for children under 16 and we do not knowingly collect data from anyone under that age. If you believe a child has provided us with personal data, contact us and we will delete it.

  1. CHANGES TO THIS POLICY

We may update this policy as the product or the law changes. When we make material changes, we will update the "Last updated" date and notify active users by email at least 30 days in advance. Continued use of Magpie after the effective date means you accept the updated policy.

  1. CONTACT

Privacy questions and data subject requests: privacy@meetmagpie.com Security issues: security@meetmagpie.com Postal address: [registered address]