Magpie

Privacy Policy

Last Updated: June 2026

Magpie.chat ("we", "us", or "our") respects your privacy.

In plain language: Magpie is meant to help turn useful moments from conversation into usable material. It is not meant to turn your original words into a background dataset. We try to learn first from simple results, such as whether a card was copied, instead of defaulting to reading what you said.

1. Our Basic Commitments

  • Your original words are not sent to us by default for product analytics.
  • We record simple use results, such as whether a page was visited, a download button was clicked, or a card was shown or copied, so we can understand whether Magpie is useful.
  • We do not default to reading your full recording, full transcript, full card text, or local context.
  • If you actively share logs or diagnostic material with us, we use it only for troubleshooting and product improvement.
  • Not sharing diagnostic material does not block core product use.
  • We do not sell your personal information.

2. What We Process

Public website, download entry points, and campaign links

When you browse public pages on Magpie.chat, such as the blog, download page, and privacy page, we may record:

  • page views, page leaves, button clicks, and download entry clicks;
  • campaign source parameters such as utm_source, utm_campaign, or ph_ref;
  • page language, time window, and coarse device or browser information;
  • website analytics events generated by PostHog or Plausible.

This helps us understand whether content is seen, whether download links work, and whether campaigns lead to real product use. These are event-level website analytics that are usually analyzed in aggregate. By default, they do not include your recordings, full transcripts, full card text, or local context fields.

Browser storage

To make download and campaign attribution work reliably, we may store campaign source parameters in your browser:

  • source parameters for the current browsing session are usually stored in sessionStorage and expire when the browser session ends;
  • first-touch source parameters may be stored in localStorage for up to 7 days in the current code;
  • you can clear this local browser data through your browser settings.

Website interaction replay and autocapture

We may use PostHog autocapture or privacy-masked website replay to find layout, button, or download-flow issues on public pages. This is for public website troubleshooting. It does not record microphone audio, and it is not used to collect what you said in the Magpie App. Inputs are masked where the tool supports masking; public page text, button states, and page structure may appear in these recordings.

Beta product usage statistics

In beta product usage, we may record simple use results such as:

  • whether a card was shown;
  • whether a card was copied;
  • the card type or archetype;
  • a session identifier, card identifier, and time window.

These statistics help us understand which cards are useful. A session identifier or card identifier is not the card text itself, but it can become sensitive if later joined to content tables. That kind of join requires separate review and should not happen by default.

These usage statistics do not include by default:

  • original recordings;
  • full transcripts;
  • full card text;
  • concrete local context terms or meanings;
  • why you copied a card.

Microphone, voice, and transcription

When you use recording, Magpie needs microphone access. The current beta uses network services for speech-to-text: short audio chunks needed for transcription are sent over encrypted connections to our secure API proxy and then forwarded to the configured transcription service, currently OpenAI audio transcription APIs or similar services.

We process these audio chunks to provide real-time transcription, conversation understanding, and card generation. We do not use your recordings for purposes unrelated to those features.

Conversation analysis and card generation

To extract points, action signals, and copyable cards from a conversation, text produced from transcription may be sent through our API proxy to configured Large Language Model services. Depending on configuration, these services may include OpenAI, DeepSeek, Gemini, or similar API providers.

These text snippets are used for real-time content extraction, analysis, and card generation. We do not save them as ordinary product analytics by default, and we do not use them to train Magpie's own models. Third-party model services handle API data under their own terms and privacy policies; we prioritize providers and settings that do not use submitted API content to train public models.

Local sessions, cards, and logs

Session records, generated cards, and logs are saved locally on your device by default. We only receive the specific logs or materials you choose to send if you actively share them through a product entry point, system Share Sheet, email, or another explicit action. These materials are used only for troubleshooting, quality review, and product improvement.

Local context and reference understanding

In features that support local context, Magpie may keep short temporary context on your device to understand what phrases such as "that direction" or "the card from earlier" mean in the current session. This context is used for the local experience by default and is not uploaded as ordinary analytics data.

If we need to remotely evaluate whether this kind of local feature is working, the default artifact is a local summary of counts and status, such as how often the context was used, how often it matched, how many tokens were injected, or whether something looked stale or wrong. We do not default to uploading concrete local terms, full transcripts, or full card bodies.

Account, support, and feedback

If you sign up, log in, send email, join TestFlight, or report a problem, we may process your email address, device information, operating system version, error logs, feedback content, and context related to the support request. We use this for sign-in, support, troubleshooting, security, and communication.

3. Third-Party Services

To run the website and beta product, we may use these types of third-party services:

  • website analytics and campaign attribution: PostHog and Plausible;
  • beta distribution and crash feedback: Apple TestFlight;
  • speech transcription, model analysis, or generation: OpenAI, DeepSeek, Gemini, or other configured model API providers;
  • hosting, database, logging, and security infrastructure: cloud services used to operate the website, API proxy, sign-in, quotas, and security audits.

We share data only as needed to provide features, troubleshoot issues, maintain security, measure product effectiveness, or comply with law. We do not sell, rent, or trade your personal information with unrelated third parties.

4. How Long We Keep Information

We follow a "keep only what is useful" principle:

  • first-touch campaign parameters in your browser are currently kept for up to 7 days;
  • ordinary website and product usage events are kept for the period needed for statistics, troubleshooting, security, and product evaluation, and we try to review them as aggregate metrics where possible;
  • logs or diagnostic materials you actively share are kept only while needed for troubleshooting, quality review, and necessary follow-up;
  • recordings, full transcripts, full card text, and local context values are not saved to our servers as ordinary telemetry by default;
  • when information is no longer needed, we delete, anonymize, or aggregate it unless law, security, accounting, or dispute handling requires a longer period.

Third-party services may have their own logs and retention periods. When we select and configure providers, we treat data minimization, access control, and training-use restrictions as important requirements.

5. How We Protect Your Information

We use safeguards such as encrypted transmission, access control, least-necessary access, separation of permissions, and log auditing. We prioritize aggregate statistics, counts, time windows, completeness status, and redacted review material before raw content.

No internet service can guarantee absolute security. If a data security incident may affect your rights, we will investigate, remediate, and notify as required by applicable law.

6. Special Note for TestFlight Beta

During the TestFlight beta period, Apple may collect crash logs, installation information, and usage data depending on your iOS and TestFlight settings. That collection is governed by Apple's Privacy Policy and TestFlight terms.

7. Your Controls

You can:

  • revoke Magpie.chat's microphone access in system settings;
  • refuse to actively send any logs or diagnostic material;
  • clear or limit cookies, localStorage, and sessionStorage through browser settings;
  • contact us to request access, correction, deletion, or restriction of information related to you;
  • withdraw consent where a processing activity depends on consent. Withdrawal does not affect processing already completed before withdrawal.

If we add a separate product analytics control in the future, turning off ordinary product analytics should not block core features unless the processing is necessary to provide the feature, maintain security, or comply with law.

8. Regional Notes

European Economic Area, United Kingdom, and Switzerland

Where applicable, our legal bases may include processing necessary to provide the service, your consent, our legitimate interests in improving the product and maintaining security, and compliance with legal obligations. You may have rights to access, correct, delete, restrict, object, port your data, withdraw consent, and complain to a local data protection authority.

If data is transferred outside your region, we will use appropriate transfer mechanisms or safeguards as required by applicable law.

Japan

Where applicable, we use personal information for the purposes described in this policy. You may contact us to request disclosure, correction, addition, deletion, suspension of use, suspension of third-party provision, or disclosure of third-party provision records. We will handle these requests under applicable Japanese privacy law.

California and Other U.S. Regions

Where applicable, the categories of personal information we may process include identifiers such as email or device/session identifiers, internet or electronic network activity such as page visits and button clicks, audio and transcription content only to provide the feature or when you actively share it, product usage events, diagnostic information, and feedback content you provide.

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising unless we state otherwise in this policy and provide any required opt-out. You may have rights to know, access, delete, correct, opt out of certain sale or sharing, limit certain sensitive information use, and not be discriminated against for exercising privacy rights.

9. Children's Privacy

Magpie.chat is not directed to children under 13. If you believe a child has provided personal information to us, please contact us and we will handle it under applicable law.

10. Updates To This Policy

We may update this policy as our product, providers, or legal requirements change. When we update it, we will revise the date at the top of this page. If changes are material, we will provide appropriate notice.

11. Contact Us

If you have any questions, requests, comments, or suggestions regarding this Privacy Policy, please contact us at: