Privacy Policy

This Privacy Policy applies to the Magic Circle website, application, APIs, document-processing workflows, cloud integrations, and related support services provided by TECHTACK.

Customer content means documents, files, prompts, extracted text, metadata, generated outputs, annotations, folders, projects, and other information submitted to or generated within a customer workspace.

Personal information means information that identifies or can reasonably be linked to an individual, including account details, contact information, usage records, and security logs.

We collect account information such as name, email address, phone number, organization, job title, role, authentication settings, billing status, plan information, and support communications.

When you use Magic Circle, you may upload documents, matter files, prompts, extracted text, generated answers, annotations, metadata, and workflow configuration. We refer to this as customer content.

We also collect service telemetry such as device type, browser, IP address, approximate location derived from IP, access time, pages viewed, feature usage, upload status, model run status, integration events, and audit logs.

We use information to provide Magic Circle, process documents, run AI-assisted workflows, maintain user accounts, authenticate access, support collaboration, and deliver customer support.

We use operational data to secure the service, detect abuse, troubleshoot errors, measure reliability, improve product performance, notify users about important product or security updates, and meet legal or compliance obligations.

We may use aggregated or de-identified usage information to understand adoption, prioritize improvements, and report high-level service performance. This information is not used to identify customer documents or train shared AI models.

We do not sell customer content. We do not use customer documents, prompts, or outputs to train shared AI models.

Customer content remains controlled by the customer. Magic Circle processes customer content only to provide the service, complete user-requested workflows, maintain security, and support authorized troubleshooting.

AI outputs may be incomplete or require professional review. Users remain responsible for reviewing outputs before relying on them in legal, financial, regulatory, or business decisions.

We may use trusted infrastructure, storage, analytics, payment, email, authentication, and AI service providers to operate Magic Circle. These providers are authorized only for the purposes required to deliver the service.

If you connect third-party storage or productivity tools, Magic Circle accesses those services based on the permissions you grant and the workflows you initiate.

Third-party providers and integrations may process information under their own terms and privacy policies. Customers should review those policies before enabling integrations or granting organization-wide permissions.

Data accessed: when you connect a Google account to Magic Circle, we request the minimum OAuth scopes required for the workflow you initiate. This may include basic profile information (name, email, profile picture) for authentication, and Google Drive file metadata and file contents you explicitly select for import, OCR, or AI processing. We do not request access to Gmail, Calendar, Contacts, or other Google services unless that integration is explicitly offered and authorized by you.

Data usage: Google user data is used only to (a) authenticate you into Magic Circle, (b) list and import the specific Drive files or folders you choose, (c) run OCR, extraction, indexing, search, and AI-assisted workflows on imported content at your request, and (d) maintain audit and security logs of those actions. Google user data is not used to train shared or generalized AI models, is not used for advertising, and is not sold.

Data sharing: Google user data is shared only with subprocessors strictly necessary to deliver the requested functionality — cloud infrastructure and storage providers (e.g. AWS), AI model providers invoked to process the content you submit, and authentication, email, and monitoring providers that operate the service. These providers are bound by contractual confidentiality and data-protection terms and are authorized only for the purposes required to deliver Magic Circle. We do not share Google user data with third parties for advertising, profiling, or independent use.

Data storage and protection: Google user data is stored in tenant-isolated workspaces with encryption in transit (TLS) and at rest. Access by TECHTACK personnel is limited to authorized staff with a documented operational, security, or support need, subject to access controls and audit logging. OAuth refresh tokens and credentials for connected Google accounts are encrypted at rest with key rotation supported via fallback secrets.

Data retention and deletion: imported Google content is retained for as long as the corresponding workspace, project, or file remains in your account, or until you delete it through product controls. You may disconnect the Google integration at any time from the integrations settings, which revokes the stored OAuth tokens and stops further access. You may also revoke access directly at https://myaccount.google.com/permissions. To request deletion of imported Google content or related logs, use in-product delete controls or contact contact@techtack.com.vn; we will action verified requests within a commercially reasonable period, subject to backups, legal-hold, and audit-record retention requirements described elsewhere in this policy.

Compliance: our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Public areas of the website may use cookies, analytics tools, and similar technologies to understand traffic, improve page performance, measure marketing effectiveness, and protect against abuse.

Restricted areas of the application require authentication and may record security, access, and activity logs to support auditability and account protection.

You can control certain cookie settings through your browser. Some cookies or local storage entries are necessary for authentication, localization, security, and core product functionality.

We retain account, billing, security, and customer content for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

Customers may delete files, projects, and account data through product controls or by contacting us. Some records may remain in backups, audit logs, transaction records, security evidence, or legally required records for a limited period.

When an organization terminates service, we will make commercially reasonable efforts to support data export or deletion according to product capabilities, contractual commitments, and applicable law.

We use administrative, technical, and organizational safeguards designed for sensitive document workflows, including tenant isolation, encryption, access controls, audit logging, and role-based permissions.

Access to customer information by TECHTACK personnel is limited to authorized personnel who need access to perform support, security, operations, or legal responsibilities.

No system can be guaranteed to be perfectly secure. Customers should configure strong authentication, manage user access carefully, review connected integrations, and promptly notify us of suspected unauthorized access.

We may disclose information when required by law, legal process, regulatory request, or to protect the rights, safety, and security of customers, TECHTACK, or the public.

Where legally permitted, we will attempt to notify affected customers before disclosing customer content in response to a government or legal request.

Depending on infrastructure and service-provider configuration, information may be processed in jurisdictions outside the customer location. We use contractual and operational safeguards intended to protect such processing.

Customers are responsible for deciding which documents and personal information are uploaded to Magic Circle and for ensuring they have the rights and permissions required to process that information.

Customers are responsible for user provisioning, role assignment, connected accounts, endpoint security, internal approvals, and reviewing exports or AI outputs before external use.

Depending on your location, you may have rights to access, correct, export, restrict, object to, or delete certain personal information.

We may need to verify your identity or authority before fulfilling a request. If your account is managed by an organization, we may direct the request to that organization administrator.

To make a privacy request, report a concern, or ask a question, contact us at contact@techtack.com.vn.