Privacy Policy
Magister Marketing AI Agent Platform
Effective date: March 14, 2026 · Last updated: March 14, 2026
Overview
Magister Marketing ("Magister," "we," "us") is an autonomous AI marketing agent platform. Each user gets a dedicated AI agent that can manage marketing tasks, interact with third-party services, send emails, search the web, and more. This privacy policy explains what data we collect, how we use it, who we share it with, and what rights you have over your data.
Data We Collect
Account Information
When you create an account, we collect your email address, password (encrypted and managed by Supabase — we never store or access plaintext passwords), display name, and avatar URL.
Billing Information
Payments are processed by Stripe. We store your Stripe subscription ID, plan tier, and subscription status. We do not store credit card numbers, bank account details, or other payment credentials — Stripe handles all payment data directly.
Chat & Conversations
We store the full conversation history between you and your AI agent, including message content, timestamps, and which AI model generated each response. This data is stored in Supabase and is scoped to your account.
Agent Machine Data
Each user is provisioned an isolated AI agent machine on Fly.io. We store the Fly.io app and machine IDs, region, status, and activity timestamps associated with your machine.
Usage Data
We track LLM token counts, costs, and the model used for each request. This data is used for billing enforcement and plan limits.
Integration Tokens
When you connect third-party services (GitHub, Vercel, Webflow, Wix, WordPress, PostHog, Slack), we store OAuth access and refresh tokens. DataforSEO credentials are stored if you provide them. All integration tokens are encrypted at rest using Fernet symmetric encryption.
BYOK API Keys
If you bring your own API keys for LLM providers (OpenRouter, Anthropic, OpenAI, Gemini), we store them encrypted at rest. These keys are used to route your AI requests directly to the provider of your choice instead of through our default provider.
Email Data
Your AI agent has a dedicated email address. Emails sent and received through the agent include sender, recipient, subject, and body. This data is stored to enable your agent to manage email-based marketing tasks.
Analytics
We use Fathom Analytics on our public marketing site only (not within the authenticated app). Fathom is a privacy-focused analytics service that does not use cookies, does not track individuals, and is GDPR compliant. We collect only anonymous page view data.
Cookies
We use Supabase session cookies solely for authentication. We do not use tracking cookies, advertising cookies, or any third-party cookie-based tracking.
How We Use Your Data
- To provide and operate the Magister platform and your personal AI agent
- To process your chat messages through AI language models
- To execute marketing tasks on your behalf via connected integrations
- To process payments and enforce plan limits
- To send transactional emails (account confirmation, billing receipts)
- To monitor usage for billing and abuse prevention
- To improve the service (using aggregated, non-identifying data only)
We do not sell your data. We do not use your data for advertising. We do not train AI models on your conversations.
Third-Party Services
We share data with the following third-party services as necessary to operate the platform:
| Service | Data Shared | Purpose |
|---|---|---|
| Supabase | All user data (encrypted at rest) | Database and authentication |
| Fly.io | Machine provisioning commands | AI agent infrastructure |
| Stripe | Billing events | Payment processing |
| OpenRouter / LLM providers | Chat prompts and conversation context | AI model inference |
| Resend | Email content and recipients | Transactional email delivery |
| Brave Search | Search queries | Web search (agent capability) |
| Fathom Analytics | Page views (anonymous, no cookies) | Website analytics |
| GitHub, Vercel, Webflow, Wix, WordPress, PostHog, Slack | API calls on your behalf | Third-party integrations (only when you connect them) |
Third-party integrations (GitHub, Vercel, Webflow, Wix, WordPress, PostHog, Slack) are only activated when you explicitly connect them from Settings. Your agent only accesses these services with the permissions you grant through OAuth.
Security
- Encryption at rest: All third-party API keys, OAuth tokens, and BYOK keys are encrypted using Fernet symmetric encryption before storage.
- Encryption in transit: All traffic between your browser, our servers, and third-party services is transmitted over HTTPS/TLS.
- Row-Level Security: All database tables use Supabase Row-Level Security (RLS) policies, ensuring users can only access their own data.
- Credential isolation: OAuth tokens and API keys are never stored on your AI agent machine. They are injected server-side by our gateway at request time. The only credential on your machine is a scoped, per-user gateway token.
- Isolated infrastructure: Each user gets a dedicated, isolated agent machine. Your data and agent environment are not shared with other users.
Your Rights
- Access: You can view your data at any time through the app dashboard, including chat history, usage data, and connected integrations.
- Deletion: Contact us at support@magister.so to request deletion of your account and all associated data, including your agent machine, chat history, and integration tokens.
- Export: Contact us to request an export of your data.
- Revoke integrations: You can disconnect any third-party service at any time from Settings → Connections. Revoking an integration immediately deletes the associated OAuth tokens from our database.
Data Retention
- Chat history: Stored until you delete your account.
- Usage data: Stored until you delete your account.
- Integration tokens: Stored until you disconnect the integration or delete your account.
- On account deletion: Your agent machine is destroyed, your Stripe subscription is cancelled, and all data is removed from our database. This action is irreversible.
Children
Magister is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal data, please contact us and we will delete it.
International Data Processing
Your data is processed and stored in the United States through our infrastructure providers (Supabase, Fly.io, Vercel). By using Magister, you consent to the transfer and processing of your data in the United States.
Changes to This Policy
We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through a notice in the app. The "Last updated" date at the top of this page reflects when the policy was most recently revised.
Contact
For privacy questions, data requests, or concerns, contact us at support@magister.so.