Legal

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (the Customer) and Magicad.

Magicad Legal Entity: ROIG CERRUDO ANA 000950091R SL

Registered Address: MAO 22 B2, 08022 Barcelona

Effective date: January 16, 2026

1. Roles

Customer is the Controller of Personal Data. Magicad processes Personal Data only on Customer’s documented instructions and solely to provide the Services.

2. Scope of Processing

2.1 Categories of data subjects: merchant staff, customers, and store visitors whose data is included in ecommerce and marketing records.

2.2 Categories of Personal Data (minimized):

  • Order and line item data (order ID, order date/time, currency, product/variant IDs, quantity, price, discounts).
  • Store identifiers (shop domain).
  • User account data (email address for sign-in).

Magicad does not intentionally store customer names, emails, phone numbers, addresses, or notes. If such data is transmitted by Shopify, Magicad discards it and does not persist it.

3. Purpose Limitation

Magicad uses Personal Data only to provide analytics, reporting, and workspace functionality for the Customer.

4. Security

Magicad implements appropriate technical and organizational measures, including:

  • Encryption in transit (TLS).
  • Encryption at rest for stored credentials and data.
  • Access controls and least-privilege access.
  • Monitoring and incident response procedures.

5. Subprocessors

Magicad may use subprocessors to provide the Services (e.g., hosting, email delivery, billing). A current list of subprocessors is available upon request at hello@magicad.ai.

6. Data Retention & Deletion

Personal Data is retained only for as long as necessary to provide the Services. Upon account termination, uninstall, or valid data deletion request, Magicad deletes Customer data within 30 days unless retention is required by law.

7. Data Subject Requests

Magicad will assist Customer in responding to data subject requests (access, deletion) as required by applicable law.

8. Audit & Compliance

Magicad will provide reasonable information needed to demonstrate compliance upon written request, subject to confidentiality and security requirements.

9. International Transfers

Where Personal Data is transferred outside the EEA/UK, Magicad will ensure appropriate safeguards (e.g., SCCs) are in place.

10. Liability

Each party’s liability under this DPA is subject to the limitations of liability in the Terms of Service.

11. Contact

Privacy contact: hello@magicad.ai