MAG OptiAI Policies
Privacy Policy
This Privacy Policy explains how MAG OptiAI handles information across the public website, authenticated Pro Console, billing, support, and product workflows.
It describes the main categories of information MAG OptiAI collects, how that information is used, and the service providers involved in operating the product.
Information we collect
We collect information users provide through contact forms, authentication flows, billing flows, support requests, and authenticated product workflows.
This may include contact details, account and workspace details, billing identifiers, subscription state, product usage records, uploaded files, operational datasets, document text, scenarios, model metadata, saved project state, prompts, AI-assisted outputs, support messages, device/browser information, IP-derived traffic data, operational logs, diagnostics, and backup or restore data where configured.
How we use information
We use information to provide and secure MAG OptiAI services, authenticate users, provision workspaces, operate subscriptions, process uploads, run optimization and AI workflows, store customer-selected work, provide support, measure usage, and improve product reliability.
MAG OptiAI does not sell customer content to advertisers. MAG OptiAI does not use customer product content to train its own models unless it separately publishes such a feature or obtains appropriate permission.
We may also use operational logs and metadata to diagnose errors, investigate abuse, enforce product limits, maintain billing records, evaluate service reliability, support security review, and satisfy legal or operational obligations.
AI, model, and document processing
MAG OptiAI product workflows may process customer inputs through AI and compute systems to provide requested functionality such as extraction, grounded document answers, forecasting, fraud/risk scoring, anomaly detection, optimization explanation, and scenario comparison.
Supported AI workflows may use OpenAI for generation, embeddings, extraction assistance, or explanation features. DocAI document retrieval uses Qdrant-backed vector storage for indexed document chunks and retrieval metadata.
AI providers may process submitted prompts, retrieved context, and outputs as needed to deliver the requested AI feature. AI-assisted outputs may be incomplete or inaccurate and should be reviewed before operational, legal, financial, safety, or personnel decisions.
Customers should avoid submitting highly sensitive personal information unless the product explicitly supports that use case and the customer has appropriate rights or consents.
Service providers and subprocessors
We use service providers to operate the product. These providers include Clerk for authentication and user management, Stripe for payments and billing, Google Cloud for backend infrastructure and artifact storage, OpenAI for supported AI processing, Qdrant for vector retrieval, Vercel for frontend hosting, Google Analytics or gtag for website and Pro Console analytics where configured, email/contact systems for support and request handling, and logging, monitoring, backup, or recovery systems where configured.
These providers process information as needed to deliver their services to MAG OptiAI and are subject to their own service, privacy, security, and data-processing terms.
The current launch/beta provider list is available on the Subprocessors & Service Providers page. That page is informational and is not itself a signed DPA.
Cross-border processing
Information may be processed in Canada, the United States, or other locations where MAG OptiAI or its service providers operate systems or infrastructure.
Storage region, logging, backup, and vendor processing behavior can depend on the deployed configuration, customer-selected workflow, and vendor terms. MAG OptiAI does not claim that customer data never leaves Canada unless a separate written configuration or agreement says so.
Analytics and cookies
MAG OptiAI may use analytics and similar technologies to understand page views, product interest, feature usage, errors, and beta-launch activity. Analytics events may include page paths, product or workspace identifiers, action names, section names, file type categories, normalized error categories, device/browser information, approximate traffic data, and timestamps.
Additional details are available in the Analytics & Cookie Notice.
Security and access
We restrict access to customer data to authorized operational, support, security, billing, and legal needs. We do not claim that no person can ever access customer data, because secure operation, support, legal compliance, and incident response may require limited authorized access.
MAG OptiAI may review account, workspace, usage, log, or submitted-content information when needed to provide support, debug incidents, investigate abuse, maintain billing or product limits, protect the service, or comply with legal obligations.
We do not publish compliance certifications or security guarantees unless they are separately approved and made available in official MAG OptiAI materials.
Breach and incident handling
If MAG OptiAI becomes aware of a suspected security or privacy incident, we review the facts, affected systems, information involved, containment steps, and whether notification or reporting is required. For Canadian privacy matters, MAG OptiAI considers whether a breach of security safeguards creates a real risk of significant harm and keeps incident records where required.
Retention and deletion
Product data may be retained while needed to provide the service, preserve saved work, maintain billing and usage records, support security, resolve disputes, or satisfy legal obligations. Logs, backups, billing records, support records, and legal or security records may follow different retention periods than active workspace data.
Current product retention windows, cleanup behavior, and deletion limitations are described in the Data Processing & Retention policy. Some technical deletion paths mark records as deleted, archive records, or make them unavailable from active product views. Depending on the product workflow, related files, vectors, conversation data, model artifacts, document indexes, or artifact references may be removed, marked for deletion, or queued for cleanup.
Customer data requests
Customers may request access, correction, export, deletion, or support review for product data. Requests are reviewed against account ownership, product state, technical feasibility, legal obligations, vendor limitations, billing records, security logs, audit records, and current commercial arrangements.
Privacy contact
Privacy, data access, export, deletion, and support requests should be submitted through the current MAG OptiAI contact channel until a dedicated privacy request address is published or operationally confirmed. Current published channels are privacy@magoptiai.com for privacy requests, security@magoptiai.com for security reports, and support@magoptiai.com for support requests.
These aliases are published contact channels, but mailbox provisioning, inbound routing, ownership, and response process should be verified operationally before marking them complete in launch readiness materials.
