Privacy Policy
Last updated: 4.2.2026
This Privacy Policy explains how Systemagic AI (Verso Consulting Oy) (“Systemagic”, “we”, “our”, or “us”) collects, uses, and protects personal data when you use:
The Systemagic website and web application at systemagic.ai (the “Platform”); and
The Systemagic AI – Autofill forms Chrome extension (the “Extension”).
Together, the Platform and the Extension are the “Services”. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Finnish data protection law.
1. Data Controller
Systemagic AI (Verso consulting Oy)
Joensuu, Finland
Email: privacy@systemagic.ai
Systemagic is the data controller for personal data processed through the Services, unless we state otherwise in this Policy.
2. GDPR Compliance Commitment
Systemagic is committed to complying with the EU General Data Protection Regulation (GDPR). We design our systems and processes with privacy and data protection in mind and apply the principles of data minimization, purpose limitation, and security by default.
We use primarily EU-based infrastructure and reputable service providers that offer GDPR-compliant data processing terms.
3. Chrome Web Store Limited Use Disclosure (Extension)
For the Extension, Systemagic complies with the Chrome Web Store User Data policies, including the Limited Use requirements.
We request and use Chrome permissions and any accessed data only to provide the Extension’s user-facing autofill features.
We do not sell user data.
We do not collect or use web browsing activity except to the extent strictly necessary to provide the Extension’s user-initiated functionality.
4. Scope: Platform vs Extension
Some data practices are specific to the Platform and others are specific to the Extension. Where relevant, we state which Service a section applies to.
5. Personal Data We Collect
We only collect personal data necessary to operate and improve the Services. These include:
5.1 Data You Provide
Account and profile data (name, email address, organization).
Authentication data and login tokens.
Billing metadata from our payment processor.
Customer support communications.
Documents you upload to the Platform.
5.2 Data Collected Automatically
IP address, device and browser type, and diagnostic logs.
Usage data such as features used and timestamps.
Cookies and similar technologies.
5.3 Data Processed When you use the Extension
The Extension scans webpages only when you explicitly trigger an action.
Form labels, questions, input types, and minimal technical identifiers.
The active page URL.
Local extension settings and cached templates.
Your authentication token.
Retrieved answers from your Systemagic account.
We do not collect general browsing history, website cookies, or payment information through the Extension.
5.4 No Special Category Data
We do not require or intentionally collect sensitive personal data. Please avoid uploading sensitive information unless necessary and lawful.
6. How We Use Your Data
We use your data to:
Provide and operate the Services
This includes account creation, authentication, managing user sessions, and enabling the features you interact with.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)Provide customer support
This includes responding to inquiries, troubleshooting issues, and offering help related to the Services.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR)Improve and develop the Services
This includes analyzing usage patterns, diagnosing technical problems, and enhancing functionality.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR)Monitor and secure the Services
This includes detecting abuse, preventing fraud, ensuring system reliability, and monitoring performance.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) and legal obligations where applicable.Send required service communications
These include security notices, system alerts, important updates, and administrative emails.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)Send optional marketing communications
With your consent or according to GDPR “soft opt-in” rules, we may send newsletters, product updates, or promotional information.
Legal basis: Consent (Article 6(1)(a) GDPR) or legitimate interest (Article 6(1)(f) GDPR)Comply with legal obligations
Such as tax requirements, accounting rules, and responding to lawful requests from authorities.
Legal basis: Legal obligation (Article 6(1)(c) GDPR)Process data through AI service providers
For functionality that relies on artificial intelligence (such as text generation, analysis, or automated assistance), your inputs may be transmitted to third-party AI model providers. These providers process the data only to generate the requested output.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)
7. AI Processing and Model Providers
To provide AI-powered functionality, certain user inputs (such as text, queries, or files) may be processed by third-party AI service providers.
These services are operated in EU/EEA. We select reputable AI providers and integrate them under contractual and technical safeguards. We do not authorize AI providers to use Customer Data for their own independent purposes beyond generating the requested output. For instance, we do not permit Customer Data to be used for training purposes.
8. Sharing of Personal Data
We use trusted service providers that keep all data in Europe, ensuring GDPR compliance. These include
Hosting and infrastructure providers.
Authentication and database providers.
Email and notification providers.
Payment processors.
AI and monitoring providers.
These service providers process personal data only on our behalf and in accordance with our Privacy Policy. We require all processors to implement appropriate technical and organizational security measures and to comply with applicable data protection laws.
A detailed list of specific sub-processors is available upon request.
9. International Data Transfers
All data is processed within the European Union using EU-based infrastructure. This aims to ensure that your personal data remains protected to a standard essentially equivalent to that required under EU law.
10. Cookies and Similar Technologies (Platform)
On the Platform we use:
Essential authentication and security cookies.
Analytics and performance cookies to improve the Service
Optional marketing cookies (only with your prior consent).
You can manage your preferences through our cookie banner or browser settings.
Declining non-essential cookies does not affect core functionality.
11. Extension Local Storage and Caching
For the extension we use:
Authentication tokens.
User preferences.
Cached form mappings.
You may clear this data in the extension or by uninstalling the Extension.
12. Data Retention
We retain personal data only for as long as required for the purposes described in this Privacy Policy, unless a longer retention period is required by law. Different categories of data are retained for different lengths of time:
Account and Profile Information
Retained for as long as your account remains active.
If you delete your account, we delete this data unless legal retention rules apply.Service Usage Data and Logs
Retained for a limited period (typically between 30 and 180 days) to ensure security, monitoring, and troubleshooting.
Aggregate and anonymized data may be retained longer.Customer Support Data
Retained until your inquiry or issue has been fully resolved, plus a short safety period to allow for follow-up.Billing and Financial Data
Retained for as long as required under tax and accounting law (in Finland this is generally 6–10 years).Backups
Backups are kept for limited cycles and automatically overwritten.
Backup retention periods depend on the system but are not used for any active processing.Marketing Data
Retained until you withdraw your consent or opt out of marketing emails.
Once the applicable retention period expires, data is securely deleted or irreversibly anonymized.
13. Security
We implement appropriate technical and organizational measures to protect personal data, including:
Hosting of core infrastructure and databases within the European Union
Use of row-level security and access control mechanisms in our database
HTTPS/TLS encryption for data in transit
Encrypted storage and secure cloud infrastructure
Role-based access controls and least-privilege policies
Monitoring, logging, and abuse detection
Secure authentication systems
Access to production systems is restricted to authorized personnel only.
While we take reasonable steps to protect personal data, no system can be guaranteed to be completely secure.
14. Your Rights Under GDPR
You have the right to:
Access your personal data
Correct inaccurate data
Request deletion
Restrict processing
Object to processing (including marketing)
Data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority
In Finland: Office of the Data Protection Ombudsman https://tietosuoja.fi/en/
15. Children’s Privacy
The Services are not intended for individuals under 18 years old.
We do not knowingly process children’s personal data.
If you believe such data has been provided, contact us and we will delete it.
16. Links to Other Sites
We may link to third-party sites not operated by us.
We are not responsible for their privacy practices.
17. Changes to This Policy
We may update this Privacy Policy periodically.
We will update the “Last updated” date and, where appropriate, provide additional notice.
Your continued use of the Services after changes take effect constitutes acceptance.
18. Contact Us
If you have questions or requests regarding this Privacy Policy, please contact:
Systemagic, Joensuu, Finland
TThis Privacy Policy explains how Systemagic AI (Verso Consulting Oy) (“Systemagic”, “we”, “our”, or “us”) collects, uses, and protects personal data when you use:
The Systemagic website and web application at systemagic.ai (the “Platform”); and
The Systemagic AI – Autofill forms Chrome extension (the “Extension”).
Together, the Platform and the Extension are the “Services”. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Finnish data protection law.
1. Data Controller
Systemagic AI (Verso consulting Oy)
Joensuu, Finland
Email: privacy@systemagic.ai
Systemagic is the data controller for personal data processed through the Services, unless we state otherwise in this Policy.
2. GDPR Compliance Commitment
Systemagic is committed to complying with the EU General Data Protection Regulation (GDPR). We design our systems and processes with privacy and data protection in mind and apply the principles of data minimization, purpose limitation, and security by default.
We use primarily EU-based infrastructure and reputable service providers that offer GDPR-compliant data processing terms.
3. Chrome Web Store Limited Use Disclosure (Extension)
For the Extension, Systemagic complies with the Chrome Web Store User Data policies, including the Limited Use requirements.
We request and use Chrome permissions and any accessed data only to provide the Extension’s user-facing autofill features.
We do not sell user data.
We do not collect or use web browsing activity except to the extent strictly necessary to provide the Extension’s user-initiated functionality.
4. Scope: Platform vs Extension
Some data practices are specific to the Platform and others are specific to the Extension. Where relevant, we state which Service a section applies to.
5. Personal Data We Collect
We only collect personal data necessary to operate and improve the Services. These include:
5.1 Data You Provide
Account and profile data (name, email address, organization).
Authentication data and login tokens.
Billing metadata from our payment processor.
Customer support communications.
Documents you upload to the Platform.
5.2 Data Collected Automatically
IP address, device and browser type, and diagnostic logs.
Usage data such as features used and timestamps.
Cookies and similar technologies.
5.3 Data Processed When you use the Extension
The Extension scans webpages only when you explicitly trigger an action.
Form labels, questions, input types, and minimal technical identifiers.
The active page URL.
Local extension settings and cached templates.
Your authentication token.
Retrieved answers from your Systemagic account.
We do not collect general browsing history, website cookies, or payment information through the Extension.
5.4 No Special Category Data
We do not require or intentionally collect sensitive personal data. Please avoid uploading sensitive information unless necessary and lawful.
6. How We Use Your Data
We use your data to:
Provide and operate the Services
This includes account creation, authentication, managing user sessions, and enabling the features you interact with.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)Provide customer support
This includes responding to inquiries, troubleshooting issues, and offering help related to the Services.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR)Improve and develop the Services
This includes analyzing usage patterns, diagnosing technical problems, and enhancing functionality.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR)Monitor and secure the Services
This includes detecting abuse, preventing fraud, ensuring system reliability, and monitoring performance.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) and legal obligations where applicable.Send required service communications
These include security notices, system alerts, important updates, and administrative emails.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)Send optional marketing communications
With your consent or according to GDPR “soft opt-in” rules, we may send newsletters, product updates, or promotional information.
Legal basis: Consent (Article 6(1)(a) GDPR) or legitimate interest (Article 6(1)(f) GDPR)Comply with legal obligations
Such as tax requirements, accounting rules, and responding to lawful requests from authorities.
Legal basis: Legal obligation (Article 6(1)(c) GDPR)Process data through AI service providers
For functionality that relies on artificial intelligence (such as text generation, analysis, or automated assistance), your inputs may be transmitted to third-party AI model providers. These providers process the data only to generate the requested output.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR)
7. AI Processing and Model Providers
To provide AI-powered functionality, certain user inputs (such as text, queries, or files) may be processed by third-party AI service providers.
These services are operated in EU/EEA. We select reputable AI providers and integrate them under contractual and technical safeguards. We do not authorize AI providers to use Customer Data for their own independent purposes beyond generating the requested output. For instance, we do not permit Customer Data to be used for training purposes.
8. Sharing of Personal Data
We use trusted service providers that keep all data in Europe, ensuring GDPR compliance. These include
Hosting and infrastructure providers.
Authentication and database providers.
Email and notification providers.
Payment processors.
AI and monitoring providers.
These service providers process personal data only on our behalf and in accordance with our Privacy Policy. We require all processors to implement appropriate technical and organizational security measures and to comply with applicable data protection laws.
A detailed list of specific sub-processors is available upon request.
9. International Data Transfers
All data is processed within the European Union using EU-based infrastructure. This aims to ensure that your personal data remains protected to a standard essentially equivalent to that required under EU law.
10. Cookies and Similar Technologies (Platform)
On the Platform we use:
Essential authentication and security cookies.
Analytics and performance cookies to improve the Service
Optional marketing cookies (only with your prior consent).
You can manage your preferences through our cookie banner or browser settings.
Declining non-essential cookies does not affect core functionality.
11. Extension Local Storage and Caching
For the extension we use:
Authentication tokens.
User preferences.
Cached form mappings.
You may clear this data in the extension or by uninstalling the Extension.
12. Data Retention
We retain personal data only for as long as required for the purposes described in this Privacy Policy, unless a longer retention period is required by law. Different categories of data are retained for different lengths of time:
Account and Profile Information
Retained for as long as your account remains active.
If you delete your account, we delete this data unless legal retention rules apply.Service Usage Data and Logs
Retained for a limited period (typically between 30 and 180 days) to ensure security, monitoring, and troubleshooting.
Aggregate and anonymized data may be retained longer.Customer Support Data
Retained until your inquiry or issue has been fully resolved, plus a short safety period to allow for follow-up.Billing and Financial Data
Retained for as long as required under tax and accounting law (in Finland this is generally 6–10 years).Backups
Backups are kept for limited cycles and automatically overwritten.
Backup retention periods depend on the system but are not used for any active processing.Marketing Data
Retained until you withdraw your consent or opt out of marketing emails.
Once the applicable retention period expires, data is securely deleted or irreversibly anonymized.
13. Security
We implement appropriate technical and organizational measures to protect personal data, including:
Hosting of core infrastructure and databases within the European Union
Use of row-level security and access control mechanisms in our database
HTTPS/TLS encryption for data in transit
Encrypted storage and secure cloud infrastructure
Role-based access controls and least-privilege policies
Monitoring, logging, and abuse detection
Secure authentication systems
Access to production systems is restricted to authorized personnel only.
While we take reasonable steps to protect personal data, no system can be guaranteed to be completely secure.
14. Your Rights Under GDPR
You have the right to:
Access your personal data
Correct inaccurate data
Request deletion
Restrict processing
Object to processing (including marketing)
Data portability
Withdraw consent at any time
Lodge a complaint with a supervisory authority
In Finland: Office of the Data Protection Ombudsman https://tietosuoja.fi/en/
15. Children’s Privacy
The Services are not intended for individuals under 18 years old.
We do not knowingly process children’s personal data.
If you believe such data has been provided, contact us and we will delete it.
16. Links to Other Sites
We may link to third-party sites not operated by us.
We are not responsible for their privacy practices.
17. Changes to This Policy
We may update this Privacy Policy periodically.
We will update the “Last updated” date and, where appropriate, provide additional notice.
Your continued use of the Services after changes take effect constitutes acceptance.
18. Contact Us
If you have questions or requests regarding this Privacy Policy, please contact:
Systemagic, Joensuu, Finland