FeaturesPricingBlog

Traffic Intelligence Platform

Product

  • Features
  • Pricing
  • Documentation

Company

  • About
  • Blog
  • Contact

Legal

  • Privacy
  • Terms

© 2026 Magicgate. All rights reserved.

Legal

Privacy Policy

Last updated: February 2026

This policy applies to all users of Magicgate services worldwide. For region-specific rights, see Sections 10.1 (GDPR) and 10.2 (CCPA).

Table of Contents

01Introduction02Information We Collect03How We Use Your Information04Legal Basis for Processing (GDPR)05Cookies and Tracking Technologies06Data Sharing and Third-Party Services07Data Security08Data Retention09International Data Transfers10Your Rights11Children's Privacy12Changes to This Policy13Contact Us
01

Introduction

At Magicgate ("we", "us", "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you use our traffic filtering and cloaking platform (the "Service"), accessible at magicgate.io and its subdomains.

By creating an account or using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.

For GDPR purposes, Magicgate acts as the data controller for personal data collected through the Service. For traffic data processed on behalf of our users (visitor IP addresses, user agents, etc.), Magicgate acts as a data processor.

02

Information We Collect

2.1 Information You Provide

  • Account registration data: name, email address, and password
  • Billing information: wallet top-up details processed through our payment processors (we do not store full payment card numbers)
  • Support requests and correspondence
  • Domain verification records (DNS configuration)
  • Flow and rule configurations you create within the platform

2.2 Automatically Collected Data

  • IP address, browser type, operating system, device type, and screen resolution
  • Access timestamps, pages visited, and interaction patterns within the dashboard
  • Referral URLs and session duration
  • API usage metrics (request counts, response times, error rates)

2.3 Traffic Data (Processed on Your Behalf)

  • Visitor IP addresses, geolocation data (country, region, city via MaxMind GeoIP2)
  • VPN/proxy/Tor detection results (via IP2Proxy database)
  • User-Agent strings, device fingerprints, ISP information, and connection types
  • Bot detection signals, referer headers, and language preferences
  • Verdict results (offer/white) and filter match details
03

How We Use Your Information

We use collected information for the following purposes:

  • Providing and maintaining the Service, including traffic filtering, cloaking, and analytics features
  • Processing subscriptions, wallet transactions, and managing billing cycles
  • Authenticating users and securing accounts (JWT-based authentication, CSRF protection)
  • Generating aggregated statistics and analytics dashboards (hourly stats, geo breakdowns, threat reports)
  • Monitoring and enforcing plan usage limits (click quotas, flow limits, rule limits)
  • Detecting and preventing abuse, fraud, and unauthorized access to the platform
  • Sending service-related notifications (usage alerts at 80%/90%/100%, subscription renewals, security alerts)
  • Improving Service performance, reliability, and feature development
  • Providing customer support and responding to inquiries
  • Complying with legal obligations and resolving disputes
04

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service you signed up for (account management, billing, traffic filtering)
  • Legitimate interests: Improving our Service, preventing fraud and abuse, ensuring platform security, and conducting analytics
  • Consent: Where you have given explicit consent, such as for marketing communications or optional data collection
  • Legal obligation: Where processing is required to comply with applicable laws, regulations, or legal proceedings
05

Cookies and Tracking Technologies

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

5.1 Cookies We Use

  • Essential cookies: Authentication tokens (HTTP-only, secure), CSRF tokens, and session management — required for the Service to function
  • Preference cookies: Theme selection (light/dark mode), language preference, sidebar state, and dashboard layout settings
  • Analytics cookies: Aggregated usage patterns to improve the Service (no personal data is shared with third-party analytics providers)

5.2 Third-Party Cookies

  • Our payment processors may set cookies during wallet top-up flows
  • We do not use third-party advertising cookies or tracking pixels on our platform
06

Data Sharing and Third-Party Services

We do not sell, trade, or rent your personal information to third parties. We share data only in the following limited circumstances:

  • Payment processors: Our payment processors process wallet top-ups and subscription payments. They receive only the minimum data necessary to process transactions and are PCI DSS compliant
  • Email delivery: Transactional emails (verification, password reset, billing alerts) are sent through our email service provider
  • DNS and domain management: Our DNS provider is used for custom domain DNS verification and management
  • GeoIP and IP intelligence: MaxMind GeoIP2 and IP2Proxy databases are hosted locally on our infrastructure — no visitor data is sent to external IP intelligence APIs
  • Legal requirements: We may disclose information when required by law, court order, or governmental authority, or when necessary to protect our rights, safety, or property
  • Business transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred to the successor entity, which will be bound by this Privacy Policy
07

Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS 1.3
  • Passwords are securely hashed using industry-standard adaptive algorithms
  • Asymmetric JWT authentication with short-lived access tokens and secure HTTP-only refresh tokens
  • CSRF protection on all state-changing operations
  • Rate limiting and abuse detection at multiple levels (global, per-user, per-endpoint)
  • Input sanitization to prevent injection attacks (SQL injection, XSS)
  • Database encryption at rest with native encryption
  • Regular security audits and vulnerability assessments

While we strive to protect your information using commercially reasonable measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

08

Data Retention

  • Account data: Retained for the duration of your account plus 30 days after deletion request
  • Traffic/visit data: Stored in time-partitioned tables and retained according to your plan tier (Free: 7 days, Lite: 14 days, Starter: 30 days, Pro: 90 days, Business: 180 days, Enterprise: 365 days)
  • Aggregated statistics (hourly stats): Retained for 12 months, then automatically purged
  • Billing and transaction records: Retained for 7 years as required by applicable tax and financial regulations
  • Server logs: Retained for 30 days for security and debugging purposes
  • Blacklist entries: Retained until manually deleted by the user or account closure
09

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. Our infrastructure is hosted in the European Union. When data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

10

Your Rights

To exercise any of these rights, contact us at [email protected] or use the data export/deletion features available in your dashboard Settings page. We will respond to all requests within 30 days.

10.1 GDPR Rights (EEA Users)

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restriction: Request limitation of processing in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format (JSON export available from dashboard)
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent at any time without affecting prior processing
  • Right to lodge a complaint: File a complaint with your local data protection authority

10.2 CCPA Rights (California Residents)

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us
  • Right to opt-out of the sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising your privacy rights
11

Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected], and we will promptly delete such information.

12

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date, and for significant changes, we will notify you via email and/or a prominent notice in the dashboard. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: [email protected]
  • Support: [email protected]
  • Data Protection Officer: [email protected]

We are committed to resolving any concerns you may have about your privacy and will respond to all inquiries within 30 days.