Privacy Policy
How Magic Position collects, uses, and protects your personal data.
Introduction
This Privacy Policy describes how Magic Position (hereinafter "we", "our", or "the Company") collects, uses, stores, and protects the personal information of users of our application and website.
We are committed to respecting your privacy and protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Data Controller
The data controller for personal data is:
Magic Position
Address to be completed
Email: contact@magicposition.com
2. Data Collected
2.1 Data You Provide
- Account information: first name, last name, email address, password (encrypted)
- Billing information: billing address, payment information (processed by Stripe)
- Communications: messages sent through our support
2.2 Automatically Collected Data
- Usage data: features used, frequency of use, preferences
- Technical data: IP address, browser type, operating system, device identifiers
- Cookies: see our Cookie Policy for more details
2.3 Trading Data
- API keys: stored encrypted with limited permissions (read-only recommended)
- Trading history: data retrieved from your connected platforms
3. Purposes of Processing
We use your personal data to:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain our services | Contract performance |
| Manage your user account | Contract performance |
| Process payments | Contract performance |
| Send service-related notifications | Legitimate interest |
| Improve our services | Legitimate interest |
| Respond to your support requests | Contract performance |
| Comply with our legal obligations | Legal obligation |
4. Data Sharing
We never sell your personal data. We may share your data with:
- Service providers: hosting (secure servers), payment (Stripe), authentication (Auth0)
- Legal authorities: if required by law or to protect our rights
All our providers are subject to strict contractual confidentiality obligations.
5. Data Security
We implement appropriate technical and organizational security measures:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication with Auth0
- Limited data access on a need-to-know basis
- Regular security audits
- Encrypted API key storage
6. Data Retention
We retain your personal data for as long as necessary to:
- The duration of your active subscription
- Comply with our legal obligations (especially tax: 10 years)
- Resolve any disputes
After account deletion, your data is anonymized or deleted within 30 days, unless otherwise required by law.
7. Your Rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your personal data
- Right to rectification: correct inaccurate data
- Right to erasure: request deletion of your data
- Right to restriction: restrict processing of your data
- Right to portability: receive your data in a structured format
- Right to object: object to processing of your data
- Right to withdraw consent: at any time
To exercise these rights, contact us at: privacy@magicposition.com
You also have the right to file a complaint with your local data protection authority.
8. International Transfers
Your data may be transferred to countries outside the European Economic Area. In such cases, we ensure that appropriate safeguards are in place (standard contractual clauses, Privacy Shield certification where applicable).
9. Changes
We may modify this Privacy Policy at any time. In case of substantial changes, we will inform you by email or via a notification in the application.
10. Contact
For any questions regarding this policy or your personal data:
Email: privacy@magicposition.com
Last updated: January 1, 2025