# Privacy Policy ### Terminology and definitions Re Mago Ltd, 19 The Circle, Queen Elizabeth Street, London SE1 2JE, United Kingdom, hereinafter referred to as the “Company”.\ Mago, hereinafter referred to as the “Product” or “Services”.\ [https://mago.io](https://mago.io/), hereinafter referred to as the “Website”.\ , hereinafter referred to as the “Privacy Contact”. ### Introduction Mago is a Re Mago Ltd product. The Company respects your privacy and is committed to protecting your personal data. This privacy policy covers the use of personal data in the provision of our Product including our website and our software (together the Services). This privacy policy will inform you as to how we look after your personal data when you use our Services and tell you about your privacy rights and how the law protects you. It will help you understand what information we collect and use, and the choices you have associated with that information. By visiting Mago or Re Mago existing and future websites including its products, services and applications, you acknowledge that you have read and understand the terms in this Privacy Policy (“Policy”). Please note that this Policy applies where we are processing personal information on our own behalf. 1. #### Important information and who we are **Purpose of this privacy policy** This privacy policy aims to give you information on how the Company collects and processes your personal data through your use of our Services.\ It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them. **Controller** Re Mago Ltd, as owner of Mago, is the controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy policy).\ If you have any questions about this privacy policy or our privacy practices, please contact us at the Privacy Contact (). **Your right to complain** You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ([www.ico.org.uk](https://www.ico.org.uk/)). If you are in the European Economic Area, you may also lodge a complaint with the data protection authority of your country of residence (for example, the Italian *Garante per la protezione dei dati personali* at [www.garanteprivacy.it](https://www.garanteprivacy.it/)). We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. 2. #### What personal data we collect We collect personal data through different parts of the Services. The categories and fields we collect depend on which part of the Services you interact with. Below is a per-service breakdown. **Website (mago.io) — “Book a demo”, “Become a partner” and similar forms** When you submit one of our website forms we collect: * first and last name; * email address; * company name; * country; * location data (derived from your IP address, or GPS-based with your consent) — used to route you to the relevant country-specific form; * device and browser information. **Webinars (hosted on Zoom)** When you register for or attend our product webinars (hosted on Zoom on our behalf), we receive: * first and last name; * email address; * company name; * country; * session scheduling and attendance information; * session duration and whether your webcam was used; * device and browser information. **Mago Admin Console (admin.mago.io)** When a business administrator registers for and uses the Admin Console we collect: * first and last name; * email address; * company name; * company address; * country; * time zone; * language. **Mago app (iOS, Android, Web — app.mago.io)** When you register for and use the Mago app we collect: * first and last name; * a unique user ID; * email address; * time zone; * language; * device and browser information, including a device identifier; * date of birth (optional); * profile picture (optional); * country or address (optional); * files, documents, photos, videos and audio that you choose to import into a Mago app canvas (optional); * application activity and interaction data, application info and performance metrics, and crash logs — to support and improve the app. **Mago for display (Windows and Android) — stateless by design** Mago for display is stateless by design. We do not collect or store any personal data from Mago for display itself. Any personal data you enter into third-party applications running on top of Mago for display — for example videoconferencing tools, calendar applications, document editors or web browsers — is stored within those applications and their respective online services, or locally in an encrypted area on the device when strictly required. All such session data is erased from the device when the user ends the meeting or session. This design is intentional: because Mago for display is installed in shared spaces such as meeting rooms, we want to ensure that no user's personal data persists on the device after they leave the room. **Other sources** We may also receive information about you from other sources, including publicly available databases or affiliated companies that are part of our corporate group, and combine it with information we already have about you. This helps us update, expand and analyse our records, identify new prospects and provide products and other services that may be of interest to you. 3. #### How we use the information we collect We may access (which may include, with your consent, limited viewing or listening) and use the data we collect as necessary: (a) to provide, maintain and improve the Services; (b) to address and respond to service, security and customer support issues; (c) to detect, prevent or otherwise address fraud, security, unlawful or technical issues; (d) as required by law, legal process or regulation; (e) to fulfil our contracts; (f) to improve and enhance the Services; and (g) to provide analysis or valuable information back to you and other users. We may also use data to provide product and other product-related information to you if you have expressly consented to receiving marketing communications. We also collect and store meeting attendee information to fulfil our obligations to you and to provide the Services. With their express consent, we may also directly provide product and other product-related information to attendees. No automated decision-making. We do not use your personal data to make decisions about you based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 4. #### Your rights in relation to your information You have the right to: * Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. * Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. * Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. * Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. * Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: * If you want us to establish the data's accuracy. * Where our use of the data is unlawful, but you do not want us to erase it. * Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims. * You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. * Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. * Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. **How to exercise your rights** You can exercise some of these rights through your account with us. Otherwise, please write to us at and include, at a minimum: (i) your complete name, address and/or email address so we can respond to your request; (ii) documents establishing your identity; and (iii) a clear and concise description of the personal information with regard to which you seek to exercise any of your rights. **No fee usually required** You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. **What we may need from you** We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. **Time limit to respond** We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. **If you fail to provide personal data** Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time. If you wish to cancel your account, no longer require the use of our Services, or if we hold personal information about you and you want it to be removed from our database or inactivated, please use the relevant “Delete account” sections within the Services or contact us at . 5. #### Analytics, cookies and other website technologies We are continuously improving our websites and Services through the use of various third-party web analytics tools, which help us understand how visitors use our websites, desktop tools and mobile applications, what they like and dislike, and where they may have problems. While we maintain ownership of this data, we do not share this type of data about individual users with third parties. Our website uses a cookie consent banner that allows you to review the categories of cookies we use and to accept or refuse non-essential cookies. You can change your preferences at any time by reopening the cookie banner from the link in the website footer. We use the following website technologies: **Geolocation and other data** We may utilise precise Geolocation data but only if you specifically opt-in to collection of that data in connection with a particular service. We also use information such as IP addresses to determine the general geographic locations of our visitors and to route you to the relevant country-specific content or form. The web beacons used in conjunction with these web analytics tools may gather data such as what browser or operating system a person uses, as well as domain names, MIME types and what content, products and services are reviewed or downloaded when visiting or registering for services at one of our websites or using one of our mobile applications. **Google Analytics** We use Google Analytics. You can prevent your data from being used by Google Analytics on websites by installing the Google Analytics opt-out browser add-on. We also employ IP address masking, a technique used to truncate IP addresses collected by Google Analytics and store them in an abbreviated form to prevent them from being traced back to individual users. **Tracking technologies** We and our partners use cookies and similar tracking technologies to track user traffic patterns and hold certain registration information. Tracking technologies also used are beacons, tags and scripts to collect and track information and to improve and analyse our service. The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. **Mobile analytics** We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application. **Social media** Our sites include social media features, such as Facebook, Instagram and LinkedIn “share” buttons. Your interactions with these features are governed by the privacy policy of the company providing them. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. 6. #### Information sharing and subprocessors Your privacy is important to us. We do not share your personal information with third parties except as described in this privacy policy. We may share your personal information with: * Microsoft Azure — cloud hosting and infrastructure for the Services within the European Economic Area (see “International transfers” below); * HubSpot — CRM and marketing communications (see [HubSpot Privacy Policy ](https://legal.hubspot.com/privacy-policy)); * Sentry (Functional Software, Inc.) — application error monitoring; * Zoom — hosting of product webinars; * Payment processors — for the operation of billing and subscription payments (see “Financial data and information” below); * Business partners and affiliated companies within our corporate group; and * Authorities and third parties where required for legal purposes. Third-party service providers have access to personal information only as needed to perform their functions and must process the personal information in accordance with this Privacy Policy and applicable data protection law. We may also disclose your personal information to any third party with your prior consent. We will protect the privacy and security of personal information we collect in accordance with this privacy policy, regardless of where it is processed or stored. Data Processing Agreement (DPA). For business customers whose use of the Services involves the processing of personal data on their behalf, a DPA is available on request. Please contact to request a copy. 7. #### Communications We may need to communicate with you for a variety of different reasons, including: * Responding to your questions and requests. If you contact us with a problem or question, we will use your information to respond. * Sending you Service and administrative emails and messages. * Sending emails about new products or other news about us that we think you’d like to hear about, either from us or from our business partners. You may choose to opt out of any marketing emails by clicking the ‘Unsubscribe’ option provided in such emails. * Conducting surveys, offering referral programs and incentives. 8. #### Financial data and information We use third-party payment processing platforms. These platforms will request you to disclose sensitive personal data (e.g. credit card number, account username and password) to complete purchases and operations related to our Services. Such third-party payment processing platforms are governed by their own safety standards, policies and terms of use. We shall not be liable for their operation, safety or functioning. We strongly advise our users to engage in online safety measures to protect their financial information, both on our Website and elsewhere. We do not collect or store sensitive financial data ourselves. 9. #### Security We use industry-standard protocols and technology to protect your registered user information and personal data, including encryption of data in transit to prevent data theft by unauthorised third parties, internal reviews of our data collection, storage and processing practices, and physical security measures. However, please consider that the internet and email transmissions are not perfectly secure or error-free communication means. We recommend safeguarding your password, as it is one of the easiest ways you can manage the security of your own account — remember that if you lose control over your password, you may lose control over your personal information. We urge you to be aware that if you use or access our Services through a potentially non-secure internet connection, such use is solely at your own risk. It is your responsibility to check beforehand the privacy and/or security policy of your network prior to accessing the Services. We are not responsible for your handling, sharing, re-sharing and/or distribution of your information except as set forth in this Policy. 10. #### Personal data breach notification In accordance with Articles 33 and 34 of the GDPR, in the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. Where the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will also communicate the breach to the affected data subjects without undue delay, in clear and plain language. 11. #### International transfers **Where your personal data is hosted today** We host all of the Services that store or process personal data on Microsoft Azure within the European Economic Area (EEA). At the time of writing, no personal data is transferred outside the EEA. Some ancillary Services that do not store or process personal data (for example content delivery, signalling and real-time communication infrastructure) may run from regions outside the EEA, but no personal data is stored or processed in those regions. **Future expansion** In order to provide better and faster service to customers in other regions, we may in future host personal data in regions outside the EEA. When this option becomes available, we will inform our users and, where possible, allow you to choose the region where your personal data is hosted. By default, the region will be selected automatically based on your IP and location, and you will be able to change it from your account preferences. **Safeguards for transfers outside the UK / EEA** Whenever we transfer personal data outside the United Kingdom or the EEA, we ensure that an adequate level of protection is in place by relying on one or more of the following safeguards: * transfers to countries that have been deemed to provide an adequate level of protection by the European Commission or the UK government (adequacy decisions); * transfers to recipients in the United States certified under the EU-U.S. Data Privacy Framework and, where applicable, its UK Extension and Swiss-U.S. Privacy Framework; * Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) and the UK International Data Transfer Agreement (or UK Addendum) issued by the ICO, together with appropriate supplementary measures where required following a transfer impact assessment. You may contact us at to obtain a copy of the safeguards we have put in place for a specific transfer. 12. #### Children The Services are not directed to children under the age of 16 and we do not knowingly collect personal data from children without verifiable parental or guardian consent. Where Mago is used as a teaching resource, parental consent is collected by the education body that uses our application, and children and students register through their education board’s licence to access and participate in learning activities. If we collect personal information from a child, we will retain that information only for as long as reasonably necessary to fulfil the activity request or allow the child to continue to participate in the activity and ensure the security of our users and our Services, or as required by law. If we become aware that we have collected information from a child in a manner inconsistent with applicable law, we will either delete the information or seek the parent’s consent for that collection. If you believe we may have collected information from a child without appropriate consent, please contact us at . 13. #### Changes to this privacy policy We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will provide notice on this Website and we may notify you by email (sent to the email address specified in your account) prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. If you continue to use the Services after those changes are in effect, you agree to the revised policy. If you have any other questions about this policy, please contact us at . 14. #### GDPR and DPA 2018 compliance We maintain rigorous technical and organisational security practices and measures both in how we handle your personal data, including any personal information located therein, and in the capabilities of our services and products to assist you in safeguarding your content. We continue to evaluate industry standard practices with respect to data privacy and information security and strive to continuously meet or exceed those standards. We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK GDPR and the UK Data Protection Act 2018. We ensure that any transfer of personal data outside the United Kingdom or the European Economic Area in connection with your relationship with us is performed in compliance with applicable data protection law, as further described in the “International transfers” section above. ### Contact Re Mago Ltd, 19 The Circle, Queen Elizabeth Street, London SE1 2JE, United Kingdom.\ Privacy and data protection enquiries: . {% hint style="info" %} *Last updated: 28 May 2026* {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kb.mago.io/tech-docs/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.