Home

v2026-04-20

MagicTicket is in active beta. These documents are reviewed each release; we’ll notify all account holders by email if a substantive change requires re-acceptance. Current revision: v2026-04-20. Questions? Get in touch.

Privacy Policy

Last updated: v2026-04-20 · Operated by DigiDom Advanced Technology

This Privacy Policy explains how MagicTicket (the “Service”) collects, uses, shares, and protects personal information. It applies to anyone who creates an account, accepts an invitation to a Workspace, or visits our website. If you have questions, see our contact page.

1. Roles

MagicTicket is a multi-tenant application. For data your Workspace admins enter or that your Workspace members and end customers submit (tickets, messages, attachments, knowledge-base entries, location profiles, etc.), your Workspace is the data controller and MagicTicket is a data processorhandling that data on the Workspace’s behalf. For data we collect directly about you as a person using our website or signing up for an account (your email, billing details, support requests to us), MagicTicket is the controller.

2. What we collect

We collect the following categories of personal information:

  • Account data — email, optional display name, hashed password, authentication timestamps and session metadata.
  • Workspace data — organization name, member roles, invitations, billing identifiers (managed by Stripe), plan choice, news source preferences.
  • Ticket content — ticket titles, descriptions, messages, attachments uploaded by you and your end customers, location profiles, knowledge-base entries.
  • Customer satisfaction signals — emoji ratings and optional comments left by end customers on resolved tickets.
  • AI usage data— when MagicAI features are invoked, the relevant ticket text and the Workspace’s knowledge base are sent to xAI for a single inference. We do not retain MagicAI prompts on our servers beyond the cached ticket summary.
  • Technical and usage data — IP address, browser and operating system identifiers, request logs, error reports, and similar information needed to operate and secure the Service.
  • Legal acceptance audit — at signup we record which version of these documents you accepted, plus your IP and user agent, so we can demonstrate consent if required.

3. How we use your information

We use personal information to:

  • Provide, maintain, secure, and improve the Service;
  • Authenticate users and prevent fraud or abuse;
  • Send transactional notifications (ticket activity, billing, security alerts) by email and, if your Workspace enables it, SMS;
  • Process payments through our payment processor (Stripe);
  • Generate AI responses, summaries, and suggestions on tickets when MagicAI features are enabled for your Workspace;
  • Comply with legal obligations and respond to lawful requests from authorities.

Our legal bases for processing (where European data-protection law applies): contract (operating the Service you signed up for), legitimate interest (security, debugging, fraud prevention, product improvement), consent (e.g. marketing emails — currently we do not send any), and legal obligation (tax, regulatory).

4. Subprocessors and sharing

We share data with the third-party service providers listed on our subprocessors pagestrictly to operate the Service on your behalf. We do not sell your personal information, and we do not share it with advertisers. TeamViewer is intentionally not a subprocessor — MagicTicket only links to TeamViewer’s public download page; we do not observe or record remote-control sessions.

We may also disclose information if required by law, in response to valid legal process, to protect our rights or the safety of others, or in connection with a corporate transaction (merger, acquisition, asset sale) — in which case we will notify users before personal information becomes subject to a different privacy policy.

5. International transfers

Our hosting and primary subprocessors operate in the United States. If you access the Service from outside the United States, your information will be transferred to and processed there. We rely on the European Commission’s Standard Contractual Clauses (or equivalent safeguards) where required.

6. Data retention

Active Workspace data is retained while your subscription is active. On account or Workspace closure, primary records remain available for export for 30 days, after which they are deleted from primary stores. Database backups created by our hosting provider (Supabase) expire on their normal retention schedule (the exact window depends on the plan). When a Workspace admin uses the “permanent delete” ticket action, attachment files are removed from object storage immediately and database rows are purged from primary stores; rows may persist in backups until they expire on schedule.

Legal-acceptance audit rows in terms_acceptance are retained as long as your account exists, plus a reasonable period afterwards, for evidentiary purposes.

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your information (subject to our retention rules);
  • Receive your information in a portable format;
  • Object to or restrict certain processing, or withdraw consent where we rely on consent;
  • Lodge a complaint with your local data-protection authority (EU / UK residents) or your state attorney general (U.S. state privacy laws).

To exercise any of these rights, email us via the contact page. We respond within 30 days (sooner where required by law).

8. Children

The Service is not intended for, and we do not knowingly collect personal information from, children under 16. If you believe a child has provided personal information, please contact us so we can delete it.

9. Security

We take reasonable technical and organizational measures to protect personal information. Data in transit is encrypted with TLS; data at rest is encrypted by our hosting provider. Workspace isolation is enforced via row-level security policies in Postgres. Access to production systems is limited and audited. No system is perfectly secure, however, and we cannot guarantee absolute security.

10. Cookies and similar technologies

We use a small number of strictly necessary cookies to keep you signed in, remember your active Workspace, and protect against cross-site request forgery. We do not currently use advertising or third-party analytics cookies. If we add analytics in the future, we will update this section and (where required) add a cookie consent banner.

11. Changes to this Policy

We may revise this Privacy Policy from time to time. The current revision is identified by the version stamp at the top of this page. When a revision is material, signed-in users will be prompted to re-accept and we may also notify account holders by email.

12. Contact

Privacy questions or data-rights requests: contact us.