Privacy Policy

Date Created: 06 Oct 2025 | Last Updated: 06 Oct 2025

MagicBio, Inc. ("MagicBio", "we") respects your privacy. This Privacy Policy explains what data we collect when you create and maintain your MagicBio page (web and mobile), and how we use, share, store, and protect that data.

Scope. This Policy applies to MagicBio's website and services (the "Service"). It does not apply to third-party websites, apps, or services you access via links or integrations (e.g., social networks, payment processors). Those third parties have their own policies.

Audience

The Service is not intended for children under 16, and we do not knowingly collect personal data from them. If you believe a child provided data to us, please contact us so we can delete it.

When We Are a Controller and When We Are a Processor

We act as a controller when we determine the purposes and means of processing personal data in MagicBio (e.g., account creation, platform analytics, billing). We may act as a processor when we process data on behalf of a customer (e.g., a brand or creator collecting visitors' emails via their page). In such cases the customer is the controller and we follow their instructions and the applicable data processing agreement.

Data We Collect

1) Data you provide

Account & profile: name, email, photo, bio, social handles, links, and display preferences.
Public profile content: text, images, videos, buttons/links, and related metadata you publish. Profiles are public by default.
Payments/commerce (if applicable): name, address, transaction history, and payment details processed by partners.
Communications: support messages, preferences, and contact records.

2) Data from connected third parties (OAuth)

When you connect social networks or other accounts, we receive data according to the scopes you authorize (e.g., identifiers, public stats, content lists). You can revoke access at any time in the originating platform's settings.

3) Data collected automatically

Usage & diagnostics: IP address, browser/device type and version, time zone, pages and links visited, events, and performance.
Local storage/identifiers: technical identifiers necessary for the Service to function.
Approximate location (country/city) derived from IP for metrics and fraud prevention.

4) Stored Information & Files

The Service may request permission to access your device's local storage, camera roll, photo/video library, document folders, or contact list so you can upload or attach specific items. Granting access is optional and can be revoked at any time in your device settings. We only copy to our servers the items you explicitly select for upload; other on-device content remains on your device. For performance and reliability, we may also cache thumbnails or temporary copies that are deleted within a reasonable period.

5) Real-Time Location

With your consent, we may collect precise or approximate location data to power features such as geolocation of visitors, fraud prevention, or region-based settings. You can disable location sharing in your device or browser permissions, but certain features may not function correctly without it.

How We Use Data

To provide, maintain, and improve the Service; to personalize your experience.
To measure your page's performance and traffic (visitors, clicks, conversions).
To communicate service changes, support, and legal notices.
For security, fraud prevention, and legal compliance.
With your consent, to send marketing communications you can opt out of at any time.

Third-Party Collection & Behavioral Advertising

We may use analytics and measurement partners (and, if enabled in the future, advertising partners) that place or read cookies/SDKs to understand how the Service is used, detect fraud/abuse, measure conversions, or (if applicable) deliver interest-based ads. These third parties collect data under their own privacy policies and may combine information across sites and apps.

Choices. If interest-based advertising is enabled, you can learn more or opt out via the Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA), and, in the EEA/UK, YourOnlineChoices. Mobile users can also reset advertising IDs and limit ad tracking in OS settings. Opt-outs are browser/device-specific.

How We Use AI

Purpose: MagicBio uses AI models to suggest copy, organize links, fill metadata, and keep your page up to date.

Data sources: your inputs (prompts, text, uploads), public data from your connected profiles, and de-identified usage metrics.

Model training & improvement: we do not use your User Content to train our or third-party models without your explicit consent. We may use aggregated and de-identified data for statistics, safety, and feature improvement.

Providers: we may operate our own models and/or work with vendors under data-protection agreements; we limit data sharing to what is necessary and apply technical/contractual safeguards.

Controls: you can opt out of non-essential AI uses in account settings when available.

Service providers: hosting, payments, analytics, support, security, and email.
Third-party integrations: when you interact with external links/services, those third parties process your data under their own policies; we encourage you to review them.
Corporate changes: merger, acquisition, or asset sale.
Legal/compliance: to comply with law or protect rights, safety, and the Service.

International Transfers

We operate globally and may transfer personal data to countries that may not provide the same level of data protection as your home jurisdiction. Where required, we implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum (IDTA) or UK SCCs, and comparable mechanisms for Switzerland and other regions. We also apply technical and organizational measures to protect your data when it is transferred.

If you have questions about our transfer mechanisms or would like a copy of relevant safeguards (where legally permissible), contact us at privacy@inda.band.

Retention

We keep data for as long as necessary for the purposes above and as required by law. When you close your account, we delete or anonymize data unless we must retain it for legal obligations, fraud prevention, or the establishment/exercise/defense of legal claims.

Where feasible, we apply data-minimization and pseudonymization, and we review retention periods periodically. When data is no longer needed, we delete or irreversibly de-identify it according to documented schedules, unless retention is necessary to comply with legal obligations or resolve disputes.

Security

We implement technical and organizational measures (encryption in transit, access controls, monitoring, periodic reviews) to protect data. No method is 100% secure; we will notify you of incidents as required by law.

Your Rights

EEA/UK

You may have rights to access, rectify, erase, port, restrict/object to processing, and withdraw consent. You may also lodge a complaint with your local data-protection authority.

United States

Depending on your state, you may have rights to access, correct, delete, and port your data, and to opt out of "sale," targeted advertising, and profiling. For California (CCPA/CPRA), we do not sell your personal information. Use the contact below to exercise your rights.

How to exercise

Email us at privacy@inda.band. We may request identity verification.

U.S. State Privacy Rights

Depending on your state (e.g., Colorado, Connecticut, Utah, Virginia, and others), you may have rights to access, correct, delete, and obtain a portable copy of your personal data, as well as to opt out of targeted advertising, the "sale" of personal data, or certain types of profiling. You can exercise these rights by emailing privacy@inda.band. We will verify your request and respond within applicable timeframes. If we deny your request, you may have the right to appeal; instructions will be provided in our response.

California (CCPA/CPRA)

California residents have the right to: (i) know the categories of personal information collected, sources, purposes, and disclosures within the past 12 months; (ii) access and obtain a copy of specific pieces of personal information; (iii) request deletion or correction; (iv) opt out of "sale" or "sharing" of personal information (as those terms are defined by CCPA/CPRA); and (v) be free from discrimination for exercising these rights. We do not sell personal information and do not share it for cross-context behavioral advertising as defined by the CCPA/CPRA.

How to exercise and verification. Submit your request to privacy@inda.band. We may ask for information sufficient to verify your identity (and authority, if you are an authorized agent). Some information may be exempt from deletion (e.g., for security, fraud prevention, or legal obligations). We maintain records of requests as required by law.

Changes to This Policy

We may update this Policy from time to time. We will post the revised version with the "Last Updated" date above and, when changes are material, provide additional notice.

Contact

Controller: MagicBio, Inc. — privacy@inda.band