magnis
Try Magnis

Privacy Policy

How we handle your data.

Last updated · 8 May 2026

1. Who we are (the data controller)

This Privacy Policy is issued by DLTXPERTS LIMITED («we», «us», «our»), a private limited company registered in Ireland. Registered office: 13 Adelaide Road, D02 P950, Dublin, Ireland. We operate the website magnis.ai and the Magnis software application (together, the «Service»).

For the purposes of the EU General Data Protection Regulation (GDPR) and applicable Irish data protection law, DLTXPERTS LIMITED is the data controller of the personal data described in this Policy.

2. Scope and local-first design

The Magnis application is local-first. When you install Magnis, your communication graph (email, calendar, notes, project data and any source content you connect) is stored on infrastructure you control — your own machine in solo mode, your own server in team self-hosted mode. We do not receive a copy of that data. We do not have access to its contents.

This Policy primarily covers data that we, as controller, do process: usage of the website magnis.ai, communications you send to us, and any optional opt-in telemetry from the application.

3. Categories of personal data we process

We process the following categories of data:

  • Information you provide. Email address and message content if you contact us (for example via hi@magnis.ai or by joining a waitlist).
  • Usage data (website). Aggregate page views, referrer URL, country (derived from IP, IP itself not stored), device class, approximate session length. Collected via Vercel Analytics and PostHog product analytics (see Section 6).
  • Cookies and similar technologies. Strictly necessary cookies for site functionality and analytics-related identifiers (see Section 7).
  • Optional application telemetry. If you explicitly opt into product telemetry inside the Magnis application, we receive anonymous crash reports and aggregate feature-usage counters. No content of your inbox, calendar, notes, or graph is included. Telemetry is off by default.

We do not knowingly collect special categories of data (health, biometric, religious, political opinions, etc.) and we do not process such data through the Service.

4. Purposes and legal bases for processing

Under GDPR Article 6, we rely on the following legal bases:

  • Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the website and the application, to understand which content lands and which does not, and to respond to enquiries.
  • Consent (Art. 6(1)(a)) — for non-essential cookies and for opt-in application telemetry. You may withdraw consent at any time; withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Performance of a contract (Art. 6(1)(b)) — where applicable, when we provide a paid plan or contractual service to you in the future.
  • Legal obligation (Art. 6(1)(c)) — where we are required by law to retain or disclose certain data.

5. How we use the data

  • To provide and maintain the website and the application.
  • To respond to enquiries, support requests, or waitlist signups.
  • To analyse aggregate website usage (which content lands, where visitors come from, which pages bounce) so we can improve the product narrative and documentation.
  • To detect, prevent, and address abuse, fraud, or security incidents.
  • To comply with our legal obligations and to defend legal claims.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects on you, and we do not sell your personal data to third parties.

6. Service providers (data processors)

We share personal data only with vetted service providers who process it on our behalf and are bound by written agreements including GDPR-required data-protection clauses:

  • Vercel Inc. — website hosting and built-in analytics. Data may be processed in the United States and the European Union.
  • PostHog Inc. — product analytics for the website. Data may be processed in the United States and the European Union.
  • Email service providers — used to handle replies to messages you send to hi@magnis.ai and similar addresses.

7. Cookies and similar technologies

We use only the cookies necessary for the analytics described in Section 6. We do not use advertising or marketing cookies, and we do not embed third-party advertising trackers. You can disable cookies in your browser settings without breaking the site; functionality may be marginally reduced.

8. International data transfers

Some of our service providers (Section 6) are located outside the European Economic Area, including in the United States. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, on adequacy decisions, to ensure an essentially equivalent level of protection.

9. Data retention

We retain personal data only for as long as necessary for the purposes set out in this Policy. Specifically:

  • Email correspondence — kept while the relationship is active and for up to 24 months thereafter, or longer if required by law.
  • Aggregate usage analytics — retained in aggregated, non-identifying form indefinitely; raw event-level analytics are retained for up to 12 months.
  • Telemetry from the application (if opted in) — kept for up to 12 months in aggregate, anonymised form.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit, access controls, and the principle of least privilege. The Magnis application is local-first, which means your communication graph is not stored on our infrastructure at all.

No method of transmission or storage is fully secure. We cannot guarantee absolute security but we work to apply industry-recognised practices.

11. Your rights under GDPR

You have the following rights with respect to personal data we process about you:

  • Access — to obtain confirmation of and a copy of the personal data we hold about you.
  • Rectification — to have inaccurate data corrected.
  • Erasure(«right to be forgotten») — to request deletion of personal data, subject to legal exceptions.
  • Restriction — to ask us to limit processing in certain circumstances.
  • Portability — to receive personal data in a structured, commonly used, machine-readable format.
  • Objection — to object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent — where processing is based on consent.
  • Lodge a complaint with the supervisory authority. The supervisory authority for Ireland is the Data Protection Commission (DPC) — see Section 14.

To exercise any of these rights, email hi@magnis.ai. We respond within 30 days (extendable to 90 days for complex requests under Art. 12(3) GDPR). We may need to verify your identity before acting on a request.

12. Notice for California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act of 2018 (as amended by the CPRA, together «CCPA») gives you the rights set out below.

Categories of personal information.In the twelve months preceding the «Last updated» date, we have collected the following categories of personal information: identifiers (email if you write to us), Internet or other electronic network activity (aggregate website usage via analytics), and inferences drawn from the foregoing (which content lands on which audience). Sources are described in Section 3.

No sale or sharing.We do not sell personal information, and we do not share it for cross-context behavioural advertising. We have not done so in the twelve months preceding the «Last updated» date.

Your rights under CCPA. Subject to verification:

  • Right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
  • Right to delete personal information we have collected.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information (we do not sell or share, but you may exercise this right at any time).
  • Right to limit the use of sensitive personal information (we do not knowingly process sensitive personal information).
  • Right to non-discrimination for exercising any CCPA right.

To exercise these rights, email hi@magnis.ai. We respond within 45 days (extendable to 90 days where necessary, with notice). We may need to verify your identity before acting on a request.

Authorised agents. You may designate an authorised agent to make a request on your behalf, accompanied by proof of authorisation.

13. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, contact us and we will take reasonable steps to delete it.

14. Changes to this Policy

We may update this Policy from time to time. The «Last updated» date at the top reflects the most recent change. Material changes will be notified through the website and, where appropriate, by email to users with whom we have an active relationship.

15. Contact and supervisory authority

For any privacy-related question or to exercise your rights, email hi@magnis.ai.

Controller:
DLTXPERTS LIMITED
13 Adelaide Road
D02 P950, Dublin
Ireland

Supervisory authority (Ireland):
Data Protection Commission (DPC)
21 Fitzwilliam Square South
Dublin 2, D02 RD28, Ireland
Web: www.dataprotection.ie