Privacy Policy

Overview

DataMagik is a comprehensive manufacturing data management platform that includes web-based applications, browser extensions, document generation services, automation tools, and workflow integrations. This privacy policy applies to all DataMagik products and services, including the DataMagik web application, DataMagik Automate browser extension, Document Designer, CRM features, automation scripts, scheduled tasks, and API integrations.

Information We Collect

Account and Authentication Data

• User account information (name, email address, username)
• Login credentials (username/password) - securely hashed in our database
• OAuth authentication tokens (when using OAuth 2.0 login)
• Authentication tokens for API access
• Company/organization association and roles
• License and subscription information
• Multi-factor authentication settings

Platform Usage Data

• Document generation requests and generated document metadata
• Template creation and editing activity
• Automation script executions and results
• Scheduled task configurations and execution history
• CRM contact management and interaction history
• API usage statistics and request patterns
• Feature usage analytics to improve our services
• Account activity logs for security and audit purposes
• Quota and storage consumption metrics

Browser Extension Data

• Website URLs where the extension is active (to provide relevant automations)
• User interactions with extension features
• Extension preferences and settings
• Browser version and type
• Extension version

Document and Content Data

• Document templates (HTML, CSS, and configuration)
• Generated documents (PDFs, HTML files)
• Document generation data and parameters
• Custom automation scripts and code
• CRM contact information and notes
• Workflow configurations and automation rules

Technical and Diagnostic Data

• IP addresses and geographic location (for security)
• Device information and operating system
• Error logs and performance metrics
• Service uptime and reliability metrics
• PDF generation service performance data
• Worker service processing statistics

How We Use Your Information

• Authentication & Security: To securely log you into DataMagik systems and protect your account
• Service Delivery: To provide document generation, automation, CRM, and other platform features
• Document Processing: To generate PDFs and HTML documents from your templates and data
• Automation Execution: To run scheduled tasks, automation scripts, and workflow integrations
• Storage Management: To store and manage your documents on AWS S3 with appropriate security and TTL settings
• API Integration: To enable third-party integrations via our REST API and n8n nodes
• Quota Management: To enforce license limits and track usage against your subscription tier
• Personalization: To remember your preferences and company context
• Analytics: To understand feature usage and improve our platform
• Support & Troubleshooting: To diagnose issues and provide technical assistance
• Security Monitoring: To detect and prevent unauthorized access or abuse
• Compliance: To meet legal and regulatory requirements

Data Storage and Security

Database Storage

• User data stored in CockroachDB (PostgreSQL-compatible) with encryption at rest
• Session data stored in Redis with automatic expiration
• Passwords securely hashed using industry-standard algorithms
• Multi-tenant data isolation enforced at the application and database level

Document Storage

• Generated documents stored on AWS S3 with server-side encryption
• Company-specific S3 configurations with isolated storage buckets
• Time-to-live (TTL) settings control automatic document expiration and deletion
• Secure, time-limited access tokens for document viewing and downloading

Browser Extension Storage

• All sensitive extension data stored locally on your device
• Authentication credentials encrypted using AES-GCM encryption
• No sensitive data transmitted to third parties

Data Transmission

• All communications use HTTPS/TLS encryption
• API calls include proper authentication headers (Bearer tokens, OAuth 2.0)
• Internal microservices communicate via secure private networks
• Extension communicates only with official DataMagik systems (*.data-magik.com)

Security Measures

• Multi-factor authentication support for enhanced account security
• OAuth 2.0 authentication with secure token management
• CSRF protection on all web forms
• Rate limiting to prevent abuse and DDoS attacks
• Regular security audits and penetration testing
• Automated monitoring for suspicious activity
• Comprehensive audit logging for compliance and security investigations

Data Sharing

Data Retention and Deletion

• Generated Documents: Automatically deleted based on TTL settings (configurable from 1 hour to 1 year, or permanent storage)
• Account Data: Retained for the duration of your account's active status
• Usage Logs: Retained for 90 days for security and troubleshooting purposes
• Audit Logs: Retained for 7 years for compliance purposes (may vary by jurisdiction)
• Deleted Accounts: Account data permanently deleted within 30 days of account closure
• Session Data: Automatically expires after inactivity (configurable, default 24 hours)

Your Rights

You can:

• Access Your Data: View and export your stored data through your account dashboard
• Modify Your Data: Update account information, templates, and settings at any time
• Delete Your Data: Delete specific documents, templates, or your entire account
• Control Document Retention: Configure TTL settings for automatic document deletion
• Manage Integrations: Control third-party access via API tokens and OAuth apps
• Extension Data: Access stored extension data through settings or delete by logging out/uninstalling
• Request Data Export: Contact support for a complete data export
• Opt-Out of Analytics: Disable usage analytics in your account preferences
• Revoke API Access: Revoke API tokens and OAuth authorizations at any time

Platform Features and Data Processing

Third-Party Services and Infrastructure

We use the following third-party services to deliver our platform:

• Tigres S3: Cloud storage for generated documents (encrypted at rest, region-configurable)
• Fly.io: Application hosting and microservices infrastructure
• CockroachDB: Distributed database for application data
• Redis: Session management and message queuing
• CloudFlare: CDN and DDoS protection (if applicable)

These services are carefully selected for their security, reliability, and compliance certifications. We maintain data processing agreements with all third-party providers to ensure your data is protected.

Cookies and Tracking

• Essential Cookies: Session management, authentication, and CSRF protection (required for platform functionality)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Understand how users interact with our platform (can be disabled in account settings)
• No Third-Party Tracking: We do not use third-party advertising or tracking cookies

International Data Transfers

DataMagik services are hosted in the United States. If you access our services from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States. We implement appropriate safeguards to protect your data in accordance with this privacy policy and applicable laws.

Children's Privacy

DataMagik is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will promptly delete that information.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices, services, or legal requirements. We will notify users of significant changes through the platform interface, email notifications, or prominent notices on our website. Continued use of our services after changes become effective constitutes acceptance of the updated policy.

Contact Information