Magnet – User Data Privacy Policy

This document describes how Magnet collects, uses, stores, protects, and discloses data obtained through Google services in production environments. This policy is intended to meet the requirements of the Google API Services User Data Policy, including Limited Use requirements, and to align with industry best practices and future SOC 2 Type I readiness.

1. Scope and Applicability

This policy applies to all users who interact with Google-integrated features on the Magnet platform, including Google Email Send.

2. Google Services Integrated

Magnet integrates with Google Sign-In (OAuth 2.0) for the Google Gmail API to read profile, email and send an email on behalf of user. No other Google APIs or services are accessed.

2.1 Google API Scopes Requested

Magnet requests only the following scopes:

  • email read
  • email send
  • profile

3. Google Gmail Integration

Our Platform Magnet integrates with Google Gmail to allow users to read, and send email communications.

3.1 With user authorization, we access and store following details

This data is used solely to provide Platform Magnet communication tracking, customer interaction history, and email sending functionality.

  • Email metadata (sender, recipient, subject, timestamps)
  • User profile information (name and email address)

4. Data Storage and Security Controls

Platform Magnet protects Google user data using administrative, technical, and organizational safeguards.

4.1 Encryption

All Google user data is encrypted at rest using industry-standard encryption mechanisms. All data is encrypted in transit using Transport Layer Security (TLS) version 1.2 or higher.

    4.2 Access Controls

    Access to production systems is restricted to authorized personnel only and granted on a least-privilege basis.

      4.3 Environment Segregation

      Production data is logically segregated from development and testing environments. Google user data is not copied into non-production systems.

        5. Data Sharing and Disclosure

        Magnet does not sell, rent, or share Google user data with third parties. Google user data is not disclosed except where required by applicable law or valid legal process, or to the extent necessary to provide the user-requested functionality. Google user data is never used for advertising or monetization.

        5.1 No AI Model Training

        Magnet does not use Google user data to train artificial intelligence models, machine learning models, or for any generalized analytics unrelated to the core functionality of the platform.

          5.2 Infrastructure Providers

          Magnet uses secure cloud infrastructure providers (such as Amazon Web Services) solely for hosting and storage. These providers do not have access to or use Google user data for their own purposes.

            6. Data Retention and Deletion

            Google user data is retained only for as long as necessary to provide the associated functionality.

            6.1 Account Deletion

            Upon account deletion, associated Google user data is deleted or anonymized within a reasonable timeframe, except where retention is required by law.

              6.2 How to Request Data Deletion

              Users may request deletion of their account and associated Google data by:

              • Contacting Support via email at support@letsmagnet.com
              • Alternately, by contacting the Data Controller at admin@letsmagnet.com
              • Requests will be processed within 30 days.

              7. User Rights

              Users have the right to:

              Requests can be made by contacting: support@letsmagnet.com

              8. Incident Response and Notification

              Magnet maintains incident detection and response procedures. In the event of a confirmed security incident involving Google user data, Magnet will investigate promptly and notify affected users without undue delay, and no later than 72 hours after confirmation, where legally required.

              9. Compliance with Google API Services User Data Policy

              Magnet's use of Google user data complies with the Google API Services User Data Policy, including Limited Use requirements. Google user data is accessed, used, and stored solely to provide user-requested functionality and is not reused for secondary purposes.

              10. Google user data is NOT used for, ever:

              Magnet's use of Google user data complies with the Google API Services User Data Policy, including Limited Use requirements. Google user data is accessed, used, and stored solely to provide user-requested functionality and is not reused for secondary purposes.

              Google user data is NOT used for, ever:

              11. Governance and Continuous Improvement

              Magnet continuously reviews and improves its security and privacy controls and is preparing for independent security assurance, including SOC 2 Type I certification.

              11.1 Data Controller Information

              • Legal Entity: Roxiler Systems Private Limited
              • Registered Address: 704 Yashada Business Zone, Baner Road, Pune – 411045 Maharashtra, India
              • Contact Email: admin@letsmagnet.com
              • Support Email: support@letsmagnet.com

              12. Changes to This Policy

              Magnet may update this Privacy Policy from time to time. Users will be notified of material changes through the platform and website.