MagicDX

Theme

Privacy Policy / Datenschutzerklärung

Last updated: December 2025
Version: 1.0

Table of Contents

  1. Introduction
  2. Data Controller
  3. Types of Data Collected
  4. Legal Basis for Processing
  5. How We Use Your Data
  6. Data Sharing and Disclosure
  7. International Data Transfers
  8. Data Retention
  9. Your Rights (GDPR)
  10. Cookies and Tracking
  11. Third-Party Services
  12. Children's Privacy
  13. Security Measures
  14. Changes to This Policy
  15. Contact Information

1. Introduction

1.1 Commitment to Privacy

Al-Ahmad IT Services ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software products, website (magicdx.dev), and services.

1.2 Scope

This policy applies to:

  • Our website at magicdx.dev
  • All MagicDX software products (Magic-Link, Magic-Mail, Magic-Mark, Magic-Sessionmanager, Magic-Editor-X)
  • License management and validation services
  • Customer support interactions

1.3 Acceptance

By using our products or services, you consent to the data practices described in this policy.

2. Data Controller

2.1 Controller Information

The data controller responsible for your personal data is:

Al-Ahmad IT Services
Scherwan Al-Ahmad
Greifswalder Str. 200
10405 Berlin
Germany

Email: privacy@magicdx.dev
General Contact: support@magicdx.dev

2.2 EU Representative

As we are based in the EU (Germany), no separate EU representative is required under GDPR Article 27.

3. Types of Data Collected

3.1 Data You Provide Directly

Data TypePurposeLegal Basis
Email addressAccount creation, license management, supportContract performance
NamePersonalization, invoicingContract performance
Payment informationProcessing purchasesContract performance
Support inquiriesProviding customer supportContract performance

3.2 Data Collected Automatically

Data TypePurposeLegal Basis
IP addressSecurity, fraud prevention, analyticsLegitimate interest
Browser typeCompatibility, analyticsLegitimate interest
Device informationLicense validationLegitimate interest
Usage statisticsProduct improvementLegitimate interest
License validation dataPreventing unauthorized useContract performance

3.3 License Validation Data

Our software may transmit the following data for license validation:

  • License Key (hashed)
  • Device/System Identifier (anonymized hash)
  • Installation ID (random unique identifier)
  • Plugin version
  • Strapi version
  • Timestamp of validation
  • Feature usage counters (aggregate only)

This data is used solely for:

  • Verifying license validity
  • Enforcing license limits
  • Preventing unauthorized use
  • Providing usage-based features

3.4 Data We Do NOT Collect

We do NOT collect:

  • Content you create using our plugins
  • Passwords (we use passwordless authentication)
  • Sensitive personal data (racial origin, political opinions, religious beliefs, etc.)
  • Financial account details (handled by payment processors)
  • Precise geolocation data

4. Legal Basis for Processing

Under GDPR (and BDSG), we process your data based on the following legal grounds:

4.1 Contract Performance (Art. 6(1)(b) GDPR)

Processing necessary to fulfill our contract with you:

  • Providing access to purchased products
  • License activation and management
  • Customer support
  • Processing payments

4.2 Legitimate Interests (Art. 6(1)(f) GDPR)

Processing necessary for our legitimate interests:

  • Fraud prevention and security
  • Product improvement and analytics
  • Marketing our own products (with easy opt-out)
  • Enforcing our terms of service

4.3 Consent (Art. 6(1)(a) GDPR)

Where we rely on consent:

  • Marketing emails (opt-in required)
  • Non-essential cookies
  • Newsletter subscriptions

You can withdraw consent at any time.

4.4 Legal Obligation (Art. 6(1)(c) GDPR)

Processing required by law:

  • Tax records retention (6-10 years under German law)
  • Responding to legal requests

5. How We Use Your Data

5.1 Product Delivery

  • Activating and validating your license
  • Providing access to purchased features
  • Delivering software updates
  • Technical support

5.2 Communication

  • Transaction confirmations
  • License expiration reminders
  • Security notifications
  • Product updates (opt-out available)
  • Marketing (only with explicit consent)

5.3 Improvement

  • Analyzing usage patterns (aggregate data)
  • Identifying and fixing bugs
  • Developing new features
  • Improving documentation

5.4 Security

  • Detecting and preventing fraud
  • Identifying license violations
  • Protecting our infrastructure
  • Complying with legal obligations

6. Data Sharing and Disclosure

6.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal data to third parties.

6.2 Service Providers

We may share data with trusted service providers who assist us:

ProviderPurposeLocationSafeguards
Payment processorProcessing paymentsUSA/EUSCCs, DPA
Email serviceTransactional emailsEUDPA
Hosting providerWebsite and API hostingEU/GermanyGDPR compliant
AnalyticsUsage analyticsEUAnonymization

All service providers are bound by data processing agreements (DPAs).

6.3 Legal Requirements

We may disclose data if required by:

  • Court order or legal process
  • Law enforcement requests
  • Protection of our rights or property
  • Emergency situations involving personal safety

6.4 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change.

7. International Data Transfers

7.1 EU-Based Processing

Primary data processing occurs within the European Union (Germany).

7.2 Transfers Outside EU

When data is transferred outside the EU/EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Adequacy decisions (for countries deemed adequate)
  • Binding Corporate Rules (where applicable)

7.3 Your Rights

You can request information about specific transfers and safeguards by contacting privacy@magicdx.dev.

8. Data Retention

8.1 Retention Periods

Data CategoryRetention PeriodReason
Account dataDuration of account + 3 yearsContract + statute of limitations
License dataDuration of license + 3 yearsContract + statute of limitations
Payment records10 yearsGerman tax law (AO § 147)
Support tickets3 yearsStatute of limitations
Server logs90 daysSecurity analysis
Analytics data26 monthsProduct improvement

8.2 Deletion

After retention periods expire, data is securely deleted or anonymized. You can request earlier deletion where legally permitted.

9. Your Rights (GDPR)

9.1 Overview of Rights

Under GDPR, you have the following rights:

RightDescriptionArticle
AccessRequest a copy of your dataArt. 15
RectificationCorrect inaccurate dataArt. 16
ErasureRequest deletion ("right to be forgotten")Art. 17
RestrictionLimit how we use your dataArt. 18
PortabilityReceive data in machine-readable formatArt. 20
ObjectionObject to processing based on legitimate interestsArt. 21
Withdraw ConsentRevoke previously given consentArt. 7(3)
ComplaintLodge complaint with supervisory authorityArt. 77

9.2 How to Exercise Your Rights

Contact us at privacy@magicdx.dev with your request. We will respond within 30 days.

9.3 Identity Verification

We may need to verify your identity before processing requests.

9.4 Supervisory Authority

You have the right to lodge a complaint with the supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Germany
Website: https://www.datenschutz-berlin.de

10. Cookies and Tracking

10.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website.

10.2 Types of Cookies We Use

Cookie TypePurposeDurationConsent
EssentialSite functionality, securitySessionNot required
FunctionalRemember preferences1 yearNot required
AnalyticsUsage statistics26 monthsRequired
MarketingNone currently usedN/AN/A

10.3 Cookie Management

You can manage cookies through:

  • Our cookie consent banner
  • Browser settings
  • Browser extensions

For detailed information, see our Cookie Policy.

10.4 Do Not Track

We respect "Do Not Track" browser signals. When detected, we disable non-essential tracking.

11. Third-Party Services

11.1 Services We Use

ServicePurposePrivacy Policy
GitHubSource code hostingGitHub Privacy
npmPackage distributionnpm Privacy
Stripe*Payment processingStripe Privacy

*If/when payment processing is implemented.

11.2 Third-Party Responsibility

We are not responsible for the privacy practices of third-party services. Please review their privacy policies.

12. Children's Privacy

12.1 Age Requirement

Our products are not directed to children under 16. We do not knowingly collect data from children.

12.2 Parental Rights

If you believe we have collected data from a child, contact us immediately at privacy@magicdx.dev. We will delete such data promptly.

13. Security Measures

13.1 Technical Measures

We implement industry-standard security measures:

  • Encryption - TLS 1.3 for data in transit
  • Hashing - Secure hashing for sensitive identifiers
  • Access Controls - Role-based access to systems
  • Monitoring - Security event logging and alerting
  • Updates - Regular security patches

13.2 Organizational Measures

  • Limited data access on need-to-know basis
  • Security awareness
  • Incident response procedures
  • Regular security reviews

13.3 Breach Notification

In case of a data breach, we will:

  • Notify the supervisory authority within 72 hours (if required)
  • Notify affected users without undue delay
  • Document the breach and remediation steps

14. Changes to This Policy

14.1 Updates

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date.

14.2 Notification

For material changes, we will notify you via:

  • Email (if you have an account)
  • Prominent notice on our website
  • In-app notification

14.3 Review

We encourage you to review this policy regularly.

15. Contact Information

15.1 General Inquiries

Al-Ahmad IT Services
Scherwan Al-Ahmad
Greifswalder Str. 200
10405 Berlin
Germany

Email: support@magicdx.dev

15.2 Privacy-Specific Inquiries

Email: privacy@magicdx.dev

15.3 Response Time

We aim to respond to all inquiries within 30 days.

Zusammenfassung (German Summary)

Diese Datenschutzerklärung beschreibt, wie Al-Ahmad IT Services Ihre personenbezogenen Daten erhebt, verwendet und schützt. Wir halten uns an die DSGVO und das BDSG. Sie haben das Recht auf Auskunft, Berichtigung, Löschung, Einschränkung der Verarbeitung, Datenübertragbarkeit und Widerspruch. Bei Fragen wenden Sie sich an privacy@magicdx.dev.

Terms of Service | Imprint | Cookie Policy | License Agreement