Legal · Privacy Policy

Privacy Policy

Last updated: May 15, 2026

Maglis takes meeting data seriously because we have to. Calls contain clients, deals, salaries, strategies, and personal voices. This policy explains what we collect, how we use it, who we share it with, where we store it, and the rights you have over it.

This policy applies to the Maglis service at maglis.ai and any related applications. It does not apply to third-party services we link to; review their own privacy notices.

01Who we are

Maglis is operated by the founders of Maglis (the “data controller”). You can reach us at privacy@maglis.ai for any privacy question or request.

02What we collect

We collect three kinds of data:

  • Account data — your name, email, organization, language and currency preference, authentication tokens, connected calendar accounts, and billing information.
  • Meeting data — meeting metadata (title, participants, start time, platform), recordings, transcripts, AI-generated artifacts (minutes, action items, proposals), and edits you make to them.
  • Product telemetry — anonymous usage events, error reports, and performance metrics that help us improve the product.

03How we use it

We process data to:

  • provide the meeting recording, transcription, and artifact features;
  • authenticate and secure your account;
  • send transactional emails (verification, password resets, billing receipts);
  • improve product quality, debug errors, and measure feature usage;
  • comply with legal obligations and enforce our Terms.

We do not sell personal data, and we do not show advertising.

04AI providers and sub-processors

Maglis works with a small set of trusted sub-processors to generate the artifacts you ask for. We choose sub-processors that contract with us to handle Customer Content confidentially and not to use it for training their own models. The categories below describe the functions each sub-processor performs:

  • Meeting capture provider — sends a bot to your call and produces the audio recording.
  • Speech-to-text providers — convert the recording into a written transcript.
  • Large language model providers — classify the meeting and draft the artifact.
  • Managed database, authentication, and storage provider — hosts your account data and the encrypted artifacts you create.
  • Background job and workflow execution provider — runs the asynchronous processing pipeline.
  • Transactional email provider — delivers account-related emails such as confirmations and notifications.
  • Error monitoring, product analytics, and AI observability providers — help us detect bugs, measure feature usage, and improve quality.

A current list of named sub-processors is available to enterprise customers under a Data Processing Agreement. Contact privacy@maglis.ai to request it.

05Where we store your data

Customer data is stored in the European Union (Frankfurt, eu-central-1). When our first design partner in the GCC needs in-region storage, we plan to add UAE (me-central-1) and migrate organizations that select it. Backups remain in the same region as the primary store. Data at rest is encrypted, and data in transit uses TLS.

06How long we keep it

Recordings, transcripts, and artifacts are retained for as long as your account is active or until you delete them. After account deletion, we delete or anonymize personal data within 30 days, except where we are legally required to retain certain records (for example billing records under tax law).

You can delete an individual meeting, recording, or artifact from the dashboard at any time. Deletions propagate to backups within the standard backup-rotation window.

07Your rights

If you are in the European Economic Area, the UK, or a similar regime, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data;
  • request a portable export of your data;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • complain to your local data-protection authority.

To exercise a right, email privacy@maglis.ai. We respond within thirty days.

08Cookies

We use a small number of essential cookies — session, language preference (maglis_locale), and authentication tokens — plus a privacy-respecting product analytics tool. We do not use third-party advertising cookies. You can clear cookies at any time from your browser.

09Security

We use industry-standard practices: encryption at rest and in transit, least-privilege access, audit logging on every write to sensitive tables, multi-tenant isolation enforced by Postgres row-level security, and security-headers and vulnerability scans in CI. No system is perfectly secure; report concerns to security@maglis.ai.

10International data transfers

Some of our sub-processors are located outside the EEA, including providers based in the United States. Transfers rely on Standard Contractual Clauses and, where required, supplementary safeguards.

11Children

Maglis is not intended for children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child's data has been submitted to Maglis, contact us and we will delete it.

12Changes to this policy

We may update this policy as the product evolves. We will notify registered users by email of any material change before it takes effect.

See also Terms of Use.