Privacy Policy

Last updated: 19.11.2025

This Privacy Policy explains how Systemagic (“Systemagic”, “we”, “our”, or “us”) collects, uses, and protects personal data when you use our website, platform, and related services at systemagic.ai (the “Services”).

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Finnish data protection law.

If you do not agree with this Privacy Policy, please do not use the Services.

1. Data Controller

Systemagic
Joensuu, Finland
Email: privacy@systemagic.ai

Systemagic is the data controller for the personal data we process, except where stated otherwise.

2. Personal Data We Collect

We only collect personal data necessary to operate and improve the Services.

2.1 Data You Provide

  • Name, email address

  • Account information

  • Authentication information

  • Billing and payment details (processed by third-party payment processors)

  • Customer support messages

  • Uploaded content or inputs provided to the Services

2.2 Data Collected Automatically

  • IP address

  • Device and browser type

  • Log files and diagnostic information

  • Usage data (pages visited, features used, timestamps)

  • Cookies and similar identifiers

2.3 Third-Party Sources

  • Authentication providers

  • Analytics providers

  • Payment processors

  • Public sources (never sensitive data)

2.4 No Special Category Data

When providing Data to our Service, please do not providing sensitive or special-category personal data, as we do not require such information to deliver the Services. We do not intentionally collect sensitive personal data (e.g., health, biometric, political, religious, children’s data).

3. How We Use Your Data

We use your data to:

  1. Provide and operate the Services
    This includes account creation, authentication, managing user sessions, and enabling the features you interact with.
    Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

  2. Provide customer support
    This includes responding to inquiries, troubleshooting issues, and offering help related to the Services.
    Legal basis: Legitimate interest (Article 6(1)(f) GDPR)

  3. Improve and develop the Services
    This includes analyzing usage patterns, diagnosing technical problems, and enhancing functionality.
    Legal basis: Legitimate interest (Article 6(1)(f) GDPR)

  4. Monitor and secure the Services
    This includes detecting abuse, preventing fraud, ensuring system reliability, and monitoring performance.
    Legal basis: Legitimate interest (Article 6(1)(f) GDPR) and legal obligations where applicable.

  5. Send required service communications
    These include security notices, system alerts, important updates, and administrative emails.
    Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

  6. Send optional marketing communications
    With your consent or according to GDPR “soft opt-in” rules, we may send newsletters, product updates, or promotional information.
    Legal basis: Consent (Article 6(1)(a) GDPR) or legitimate interest (Article 6(1)(f) GDPR)

  7. Comply with legal obligations
    Such as tax requirements, accounting rules, and responding to lawful requests from authorities.
    Legal basis: Legal obligation (Article 6(1)(c) GDPR)

  8. Process data through AI service providers
    For functionality that relies on artificial intelligence (such as text generation, analysis, or automated assistance), your inputs may be transmitted to third-party AI model providers. These providers process the data only to generate the requested output. Processing may occur outside the EU/EEA, and transfers rely on the provider’s applicable data protection mechanisms such as Standard Contractual Clauses or equivalent safeguards.
    Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

4. Marketing Communications

We may send:

A. Service Emails

Essential messages such as security updates, account notices, or system changes.
These do not require consent.

B. Marketing Emails / Product Updates

Based on your consent, or under the GDPR soft-opt in rules, we may send product updates, feature announcements, or newsletters. You can unsubscribe at any time.

5. Cookies and Tracking Technologies

We use:

  • Essential cookies for authentication and security

  • Analytics cookies to improve the Service

  • Performance cookies

  • Optional advertising/remarketing cookies (only with your prior consent)

You can manage your preferences through our cookie banner or browser settings.
Declining non-essential cookies does not affect core functionality.

6. AI Processing

To provide AI-powered functionality, certain user inputs (such as text, queries, or files) may be processed by third-party AI model providers, including but not limited to OpenAI, Anthropic, Grok, through AI infrastructure vendors.

These providers process data under their own privacy and security terms and may be located outside the EU/EEA. Where international transfers occur, we rely on lawful mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) or adequacy decisions.

We do not authorize any provider to use Customer Data for their own purposes beyond delivering the service, unless explicitly disclosed in their documentation. Users should avoid submitting sensitive or confidential information to AI features.

7. Third-Party Service Providers

We use trusted third-party service providers to operate and support the Services. These include services such as:

  • Infrastructure and hosting providers (e.g., application hosting, databases, storage)

  • Authentication and user management providers

  • Payment processors

  • Email and communication providers

  • Analytics and monitoring providers

  • AI model and machine-learning service providers

These service providers process personal data on our behalf and only in accordance with our documented instructions. We require all third-party processors to comply with GDPR and to implement appropriate technical and organizational safeguards.

Some of these providers may be located outside the EU/EEA, in which case we ensure that international transfers are protected through approved legal mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) or adequacy decisions.

A detailed list of specific sub-processors is available upon request.

8. International Data Transfers

Some personal data may be transferred to, or processed in, countries outside the EU/EEA, for example, when using global cloud providers, authentication services, or AI processing tools. These countries may have data protection laws that differ from those of the EU.

When such transfers occur, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions where applicable

  • Other lawful mechanisms under GDPR

These measures aim to ensure that personal data remains protected to a standard essentially equivalent to that required under EU law.

9.      Data Retention

We retain personal data only for as long as required for the purposes described in this Privacy Policy, unless a longer retention period is required by law. Different categories of data are retained for different lengths of time:

  1. Account and Profile Information
    Retained for as long as your account remains active.
    If you delete your account, we delete this data unless legal retention rules apply.

  2. Service Usage Data and Logs
    Retained for a limited period (typically between 30 and 180 days) to ensure security, monitoring, and troubleshooting.
    Aggregate and anonymized data may be retained longer.

  3. Customer Support Data
    Retained until your inquiry or issue has been fully resolved, plus a short safety period to allow for follow-up.

  4. Billing and Financial Data
    Retained for as long as required under tax and accounting law (in Finland this is generally 6–10 years).

  5. Backups
    Backups are kept for limited cycles and automatically overwritten.
    Backup retention periods depend on the system but are not used for any active processing.

  6. Marketing Data
    Retained until you withdraw your consent or opt out of marketing emails.

Once the applicable retention period expires, data is securely deleted or irreversibly anonymized.

10. Security

We implement reasonable technical and organizational measures:

  • HTTPS/TLS encryption

  • Secure cloud infrastructure

  • Access controls

  • Monitoring and logging

  • Industry-standard authentication

However, no system is 100% secure.

11. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion

  • Restrict processing

  • Object to processing (including marketing)

  • Data portability

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority

In Finland: Office of the Data Protection Ombudsman https://tietosuoja.fi/en/

12. Children’s Privacy

The Services are not intended for individuals under 18 years old.
We do not knowingly process children’s personal data.
If you believe such data has been provided, contact us and we will delete it.

13. Links to Other Sites

We may link to third-party sites not operated by us.
We are not responsible for their privacy practices.

14. Changes to This Policy

We may update this Privacy Policy periodically.
We will update the “Last updated” date and, where appropriate, provide additional notice.

Your continued use of the Services after changes take effect constitutes acceptance.

15. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact:

privacy@systemagic.ai

Systemagic, Joensuu, Finland


This Privacy Policy explains how Systemagic (“Systemagic”, “we”, “our”, or “us”) collects, uses, and protects personal data when you use our website, platform, and related services at systemagic.ai (the “Services”).

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Finnish data protection law.

If you do not agree with this Privacy Policy, please do not use the Services.

1. Data Controller

Systemagic
Joensuu, Finland
Email: privacy@systemagic.ai

Systemagic is the data controller for the personal data we process, except where stated otherwise.

2. Personal Data We Collect

We only collect personal data necessary to operate and improve the Services.

2.1 Data You Provide

  • Name, email address

  • Account information

  • Authentication information

  • Billing and payment details (processed by third-party payment processors)

  • Customer support messages

  • Uploaded content or inputs provided to the Services

2.2 Data Collected Automatically

  • IP address

  • Device and browser type

  • Log files and diagnostic information

  • Usage data (pages visited, features used, timestamps)

  • Cookies and similar identifiers

2.3 Third-Party Sources

  • Authentication providers

  • Analytics providers

  • Payment processors

  • Public sources (never sensitive data)

2.4 No Special Category Data

When providing Data to our Service, please do not providing sensitive or special-category personal data, as we do not require such information to deliver the Services. We do not intentionally collect sensitive personal data (e.g., health, biometric, political, religious, children’s data).

3. How We Use Your Data

We use your data to:

  1. Provide and operate the Services
    This includes account creation, authentication, managing user sessions, and enabling the features you interact with.
    Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

  2. Provide customer support
    This includes responding to inquiries, troubleshooting issues, and offering help related to the Services.
    Legal basis: Legitimate interest (Article 6(1)(f) GDPR)

  3. Improve and develop the Services
    This includes analyzing usage patterns, diagnosing technical problems, and enhancing functionality.
    Legal basis: Legitimate interest (Article 6(1)(f) GDPR)

  4. Monitor and secure the Services
    This includes detecting abuse, preventing fraud, ensuring system reliability, and monitoring performance.
    Legal basis: Legitimate interest (Article 6(1)(f) GDPR) and legal obligations where applicable.

  5. Send required service communications
    These include security notices, system alerts, important updates, and administrative emails.
    Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

  6. Send optional marketing communications
    With your consent or according to GDPR “soft opt-in” rules, we may send newsletters, product updates, or promotional information.
    Legal basis: Consent (Article 6(1)(a) GDPR) or legitimate interest (Article 6(1)(f) GDPR)

  7. Comply with legal obligations
    Such as tax requirements, accounting rules, and responding to lawful requests from authorities.
    Legal basis: Legal obligation (Article 6(1)(c) GDPR)

  8. Process data through AI service providers
    For functionality that relies on artificial intelligence (such as text generation, analysis, or automated assistance), your inputs may be transmitted to third-party AI model providers. These providers process the data only to generate the requested output. Processing may occur outside the EU/EEA, and transfers rely on the provider’s applicable data protection mechanisms such as Standard Contractual Clauses or equivalent safeguards.
    Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

4. Marketing Communications

We may send:

A. Service Emails

Essential messages such as security updates, account notices, or system changes.
These do not require consent.

B. Marketing Emails / Product Updates

Based on your consent, or under the GDPR soft-opt in rules, we may send product updates, feature announcements, or newsletters. You can unsubscribe at any time.

5. Cookies and Tracking Technologies

We use:

  • Essential cookies for authentication and security

  • Analytics cookies to improve the Service

  • Performance cookies

  • Optional advertising/remarketing cookies (only with your prior consent)

You can manage your preferences through our cookie banner or browser settings.
Declining non-essential cookies does not affect core functionality.

6. AI Processing

To provide AI-powered functionality, certain user inputs (such as text, queries, or files) may be processed by third-party AI model providers, including but not limited to OpenAI, Anthropic, Grok, through AI infrastructure vendors.

These providers process data under their own privacy and security terms and may be located outside the EU/EEA. Where international transfers occur, we rely on lawful mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) or adequacy decisions.

We do not authorize any provider to use Customer Data for their own purposes beyond delivering the service, unless explicitly disclosed in their documentation. Users should avoid submitting sensitive or confidential information to AI features.

7. Third-Party Service Providers

We use trusted third-party service providers to operate and support the Services. These include services such as:

  • Infrastructure and hosting providers (e.g., application hosting, databases, storage)

  • Authentication and user management providers

  • Payment processors

  • Email and communication providers

  • Analytics and monitoring providers

  • AI model and machine-learning service providers

These service providers process personal data on our behalf and only in accordance with our documented instructions. We require all third-party processors to comply with GDPR and to implement appropriate technical and organizational safeguards.

Some of these providers may be located outside the EU/EEA, in which case we ensure that international transfers are protected through approved legal mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) or adequacy decisions.

A detailed list of specific sub-processors is available upon request.

8. International Data Transfers

Some personal data may be transferred to, or processed in, countries outside the EU/EEA, for example, when using global cloud providers, authentication services, or AI processing tools. These countries may have data protection laws that differ from those of the EU.

When such transfers occur, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions where applicable

  • Other lawful mechanisms under GDPR

These measures aim to ensure that personal data remains protected to a standard essentially equivalent to that required under EU law.

9.      Data Retention

We retain personal data only for as long as required for the purposes described in this Privacy Policy, unless a longer retention period is required by law. Different categories of data are retained for different lengths of time:

  1. Account and Profile Information
    Retained for as long as your account remains active.
    If you delete your account, we delete this data unless legal retention rules apply.

  2. Service Usage Data and Logs
    Retained for a limited period (typically between 30 and 180 days) to ensure security, monitoring, and troubleshooting.
    Aggregate and anonymized data may be retained longer.

  3. Customer Support Data
    Retained until your inquiry or issue has been fully resolved, plus a short safety period to allow for follow-up.

  4. Billing and Financial Data
    Retained for as long as required under tax and accounting law (in Finland this is generally 6–10 years).

  5. Backups
    Backups are kept for limited cycles and automatically overwritten.
    Backup retention periods depend on the system but are not used for any active processing.

  6. Marketing Data
    Retained until you withdraw your consent or opt out of marketing emails.

Once the applicable retention period expires, data is securely deleted or irreversibly anonymized.

10. Security

We implement reasonable technical and organizational measures:

  • HTTPS/TLS encryption

  • Secure cloud infrastructure

  • Access controls

  • Monitoring and logging

  • Industry-standard authentication

However, no system is 100% secure.

11. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion

  • Restrict processing

  • Object to processing (including marketing)

  • Data portability

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority (In Finland: Office of the Data Protection Ombudsman https://tietosuoja.fi/en/)

12. Children’s Privacy

The Services are not intended for individuals under 18 years old.
We do not knowingly process children’s personal data.
If you believe such data has been provided, contact us and we will delete it.

13. Links to Other Sites

We may link to third-party sites not operated by us.
We are not responsible for their privacy practices.

14. Changes to This Policy

We may update this Privacy Policy periodically.
We will update the “Last updated” date and, where appropriate, provide additional notice.

Your continued use of the Services after changes take effect constitutes acceptance.

15. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact:

privacy@systemagic.ai

Systemagic, Joensuu, Finland