Get ROAS plan

Privacy Policy

Last updated: February 20, 2026

Overview

Magicad provides marketing intelligence for Shopify brands and agencies. We process data only to deliver the service requested by the account owner. We do not sell customer data.

Information we collect

We collect account details (name, email), workspace configuration, and data you authorize us to access through connected platforms like Shopify, Meta Ads, Google Ads, and Stripe.

How we use your data

We use your data to sync sources, build dashboards, and power AI insights. Data is processed only within your workspace and never shared with other customers.

Security

Access tokens are encrypted at rest. We isolate each workspace and apply strict access controls to protect your information.

Data protection mechanisms for sensitive data

For sensitive personal data, including data accessed from connected Google Ads accounts, Magicad applies layered technical and organizational safeguards designed to prevent unauthorized access, disclosure, or loss.

  • Encryption in transit via HTTPS/TLS and encryption at rest for stored data and credentials.
  • OAuth tokens are stored encrypted and only services that need them can access them.
  • Workspace-level isolation and least-privilege access controls for systems and personnel.
  • Security logging and monitoring to detect and investigate suspicious access.
  • Data minimization: we request only the OAuth scopes needed for product functionality.
  • Retention and deletion controls, including customer-requested deletion workflows.

Google API Services data

When a customer connects Google Ads, Magicad uses Google API Services data only to provide the requested reporting, synchronization, and analytics features within that customer workspace.

We do not sell Google API Services data, and we do not use Google API Services data to train generalized AI or machine learning models. Access to this data is restricted to authorized service operations and contracted subprocessors that support the service under confidentiality and security obligations.

Data retention

You can request deletion of your workspace data at any time. Backups are retained for a limited period for operational recovery.

Government and public authority requests

Magicad is operated by ROIG CERRUDO ANA 000950091R SL, MAO 22 B2, 08022 Barcelona, Spain. We apply the following process when we receive a request for personal data from law enforcement or public authorities.

  • Requests must be in writing and sent to hello@magicad.ai for legal review.
  • We challenge or seek clarification for requests that are unlawful or overbroad.
  • We disclose only the minimum data required to comply with a valid request.
  • We document each request, our response, and the legal basis for disclosure.
  • Where legally permitted, we notify affected customers or merchants.

Access is limited to authorized personnel and data is shared through secure channels.

Contact

If you have questions about this policy, email us at hello@magicad.ai.