Effective date: 22 May 2025
Magic Engine (“we”, “us”, or “our”) is an AI-powered SEO, social-media, advertising, and GEO execution platform operated by Magic Lab. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data when you use our platform at https://magicengine.com.au.
When you sign up, we collect your name, email address, and password (stored as a salted hash). We also record your organisation name and any client workspaces you create.
If you or your clients choose to connect a Google account, we request the following OAuth 2.0 scopes via Google’s secure authorisation flow:
We store only the OAuth access token, refresh token, and the connected Google email address. We never read, store, or share the contents of your Gmail, Google Drive, Google Calendar, or any other Google product beyond the scopes listed above.
We collect standard server logs (IP address, browser type, pages visited, timestamps) for security monitoring and performance optimisation. This data is retained for 90 days and is not linked to individual user profiles.
When you use Magic Engine on behalf of your clients, you may upload or input data such as website URLs, keywords, advertising performance figures, and content briefs. This data is processed to generate reports and recommendations and is not used for any other purpose.
Magic Engine’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We do not sell your personal data. We share data only in the following limited circumstances:
You can disconnect your Google account at any time in two ways:
Upon disconnection, all stored tokens are deleted within 7 days.
Under the Australian Privacy Act 1988 and the New Zealand Privacy Act 2020, you have the right to:
To exercise any of these rights, email us at raydeng@magicengine.com.au. We will respond within 30 days.
We protect your data using industry-standard measures: TLS encryption in transit, AES-256 encryption at rest, HMAC-signed session tokens, and role-based access controls. OAuth tokens are stored encrypted and are never exposed to client-side code. Despite these measures, no system is perfectly secure; we encourage you to use a strong, unique password and to report any suspected security issues to raydeng@magicengine.com.au.
We use a single session cookie to keep you signed in. We do not use advertising cookies, third-party tracking pixels, or fingerprinting technologies. You can disable cookies in your browser settings, but this will prevent you from staying signed in.
Magic Engine is intended for business use and is not directed at persons under the age of 18. We do not knowingly collect personal information from minors.
We may update this Privacy Policy from time to time. Material changes will be notified by email or by a prominent banner on the platform at least 14 days before taking effect. Continued use of Magic Engine after the effective date constitutes acceptance of the updated policy.
For privacy-related questions, data access requests, or to report a concern, contact us at:
Magic Lab