Privacy Policy

Overview

This Privacy Policy explains how Magicworks IT Solutions Pvt. Ltd. collects, uses, stores, shares and protects personal data in connection with MagicFlow AI.

MagicFlow AI is an AI-powered lead-generation and chatbot platform provided by Magicworks IT Solutions Pvt. Ltd., Pune, Maharashtra, India. This Privacy Policy applies to visitors to our website, customers, authorised users, demo requesters, billing contacts, support contacts and End Users who interact with MagicFlow AI chatbots or forms.

Our Role

Depending on the context, MagicFlow AI may act in different roles. For visitors to our website, account holders, demo requesters, billing contacts and direct business contacts, Magicworks IT Solutions Pvt. Ltd. determines the purposes and means of processing personal data.

For chatbot conversations, lead data, Customer website data, CRM fields and End User data processed on behalf of a Customer, the Customer generally determines what data is collected and why. In such cases, MagicFlow AI processes data to provide the service to the Customer.

Customers are responsible for ensuring that their own privacy policy, cookie policy, consent banner, chatbot notice and data collection practices comply with applicable law.

Personal Data We Collect

Account and business information: name, company name, business email, phone number, job title, website URL, industry, country, billing details, GST or tax details, plan information, user roles, login details and account preferences.

Website and usage information: IP address, browser type, device type, operating system, referring page, pages visited, session data, timestamps, approximate location, clicks, form submissions, source/medium/campaign data, landing pages, UTM parameters and analytics events.

Chatbot and lead data: messages submitted through a chatbot, name, email, phone number, company name, business requirements, budget range, timeline, interest level, product enquiries, source attribution, lead score, routing status, conversation notes, uploaded files and follow-up status.

Customer Content: website content, FAQs, product descriptions, pricing information, business documents, chatbot instructions, prompts, knowledge-base entries, URLs, training materials and configuration settings provided by Customers.

Billing and payment information: plan, invoice, payment status, transaction references, billing address, tax information, subscription status, renewal date and payment method metadata. Full payment card details are typically processed by payment gateways and not stored directly by us.

Support, technical and security data: emails, tickets, call notes, chat messages, feedback, bug reports, support attachments, meeting notes, authentication records, API usage, error logs, integration activity, security events, audit trails, suspicious activity signals and diagnostic data.

How We Collect Information

• When you visit our website, request a demo, submit an enquiry, subscribe or contact support.
• When you create or use an account, install or embed the MagicFlow AI widget, upload Customer Content or connect integrations.
• When End Users interact with a MagicFlow AI chatbot, lead form or conversation flow.
• Through cookies, scripts, tags, pixels, log files and similar technologies.
• From third-party tools such as payment gateways, analytics providers, CRM systems, cloud providers and integration partners where necessary to provide the service.

How We Use Personal Data

• Provide, operate, secure and maintain MagicFlow AI.
• Create and manage accounts.
• Respond to enquiries and support requests.
• Run chatbot conversations and lead capture.
• Generate AI responses, summaries, classifications, lead scores and routing suggestions.
• Process subscriptions, invoices, payments, renewals, taxes and refunds.
• Configure onboarding, managed launch and customer support.
• Provide analytics, reporting, source attribution and usage insights.
• Detect, prevent and investigate fraud, spam, abuse, security incidents and policy violations.
• Send service notifications, billing reminders, product updates and administrative messages.
• Send marketing communications where permitted by law or consent.
• Comply with legal, regulatory, tax, accounting, audit and dispute-resolution obligations.
• Enforce our Terms, policies and agreements.

AI Processing

MagicFlow AI may process Customer Content, End User messages, conversation history, chatbot configuration, knowledge-base content and lead data using AI technologies.

• Generating chatbot replies.
• Retrieving relevant knowledge-base information.
• Summarising conversations.
• Scoring or classifying leads.
• Detecting intent, language, urgency or routing category.
• Creating follow-up notes.
• Improving service quality, safety and reliability.

Customers should avoid entering highly sensitive personal data into chatbot flows unless they have confirmed that appropriate legal and security controls are in place. Where model providers or subprocessors are used, data may be processed according to applicable contracts, safeguards and service configurations.

Legal Grounds for Processing

• Consent.
• Performance of a contract.
• Compliance with legal obligations.
• Legitimate business purposes such as security, service improvement, fraud prevention, support, analytics and business communication.
• Customer instructions where we process End User data on behalf of a Customer.

Under Indian data protection principles, we aim to process personal data for specified, lawful and necessary purposes and to provide individuals with reasonable means to exercise applicable rights.

Sharing of Personal Data

We may share personal data with cloud hosting providers, AI model and infrastructure providers, analytics and monitoring providers, payment gateways, billing tools, CRM tools, email and communication systems, support tools, security and fraud-prevention providers, professional advisers, auditors, accountants, lawyers, consultants, government authorities and business transferees where appropriate or legally required.

We may also share data with Customer-selected integrations configured in the dashboard. We do not sell personal data in the ordinary course of business.

Customer-configured Integrations

Customers may connect MagicFlow AI to third-party tools such as CRMs, email platforms, analytics tools, WhatsApp or messaging channels, spreadsheets, webhooks, APIs and internal systems. When a Customer enables an integration, data may be sent to that third-party service according to the Customer's configuration. The Customer is responsible for ensuring that the integration is lawful, secure and disclosed to End Users.

Cookies and Tracking

We use cookies and similar technologies for website functionality, chatbot operation, security, analytics, preferences, source attribution and marketing where applicable. For more information, see our Cookie Policy.

Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, prevent fraud and support business operations.

Retention periods may vary depending on data type, plan, legal requirements, customer settings, backup cycles and contractual obligations. Customers may request deletion or export of certain account or Customer Content, subject to technical, legal, billing, security, backup and dispute-resolution limitations.

Security

We use reasonable technical, organisational and administrative safeguards designed to protect personal data against unauthorised access, loss, misuse, alteration, disclosure or destruction. Measures may include encryption in transit, access controls, authentication, logging, monitoring, backups, network security, least-privilege access, internal policies and vendor review.

No internet-based service is completely secure. Customers are responsible for using strong passwords, restricting user access, protecting API keys, securing integrations and promptly notifying us of suspected unauthorised access.

International Data Transfers

MagicFlow AI may use cloud providers, AI providers, payment processors, analytics providers and other vendors located in India or other countries. Where personal data is transferred outside India or the country where it was collected, we use reasonable safeguards as required by applicable law and vendor contracts.

Your Rights

Depending on applicable law, individuals may have rights to access personal data, correct inaccurate data, complete incomplete data, update data, request deletion or erasure, withdraw consent where processing is based on consent, object to or restrict certain processing, request information about processing, nominate another person to exercise rights where applicable, and raise a grievance regarding personal data processing.

To exercise rights relating to data controlled by a Customer, End Users should first contact the Customer whose website or chatbot collected the data. We may assist the Customer in responding where appropriate. For data directly controlled by MagicFlow AI, contact us using the details below.

Children's Data

MagicFlow AI is intended for business use and is not directed to children. Customers must not knowingly use MagicFlow AI to collect personal data from children without appropriate parental consent, legal basis and safeguards required by applicable law. If we learn that children's personal data has been collected improperly, we may delete it or take other appropriate action.

Marketing Communications

We may send service updates, product announcements, newsletters, offers or educational content where permitted by law. You may opt out of marketing emails by using the unsubscribe link or contacting us. Even after opting out, we may still send transactional, billing, security, legal or service-related communications.

Data Breach and Incident Response

If we become aware of a personal data breach affecting data for which we are responsible, we will take reasonable steps to investigate, contain, remediate and notify affected Customers, users, authorities or individuals where required by applicable law. Customers are responsible for notifying their own End Users or regulators where legally required for Customer-controlled data.

Third-party Websites

Our website or dashboard may link to third-party websites, apps, platforms, integrations, documentation, payment pages or partner services. We are not responsible for the privacy practices, security or content of third-party services.