Legal

Privacy Policy

Last updated: December 2024

TL;DR

  • Your video and audio are end-to-end encrypted. We cannot see or hear your calls.
  • We only collect what we need: email for accounts, minimal server logs for security.
  • We never sell your data. We never use it for advertising.
  • We don't use tracking cookies or third-party analytics that profile you.
  • You can delete your account and data at any time.

1. Who we are

Magicall is operated by Symbolic Software, a company registered in Paris, France. We are a boutique applied cryptography consultancy that builds privacy-respecting software.

Contact: hello@magicall.online

2. What data we collect

2.1 Account information

When you create an account, we collect:

  • Email address — Used for account verification, login, and important service communications.
  • Password — Stored using scrypt hashing. We cannot see your actual password.
  • Room name — The URL slug you choose for your personal room.

2.2 Call data

We do not have access to your call content.

Magicall uses end-to-end encryption (SRTP) for all video and audio streams. This means:

  • Video and audio are encrypted on your device before transmission
  • Only participants in the call have the keys to decrypt
  • Our servers relay encrypted data but cannot decrypt it
  • We cannot see your video, hear your audio, or read your in-call chats

2.3 Technical data

We collect minimal technical data necessary for service operation:

  • IP addresses — Temporarily logged for security and abuse prevention. Deleted within 7 days.
  • Browser type and version — For compatibility and debugging purposes.
  • Session tokens — Encrypted tokens to keep you logged in.

2.4 What we do NOT collect

  • Call recordings or transcripts
  • Chat message contents
  • Participant lists or meeting metadata
  • Location data beyond IP-derived country
  • Device identifiers or fingerprints
  • Social media profiles
  • Behavioral or usage analytics that could profile you

3. How we use your data

We use the data we collect to:

  • Provide and maintain the Magicall service
  • Authenticate you and protect your account
  • Send essential service communications (e.g., password resets)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not:

  • Sell your personal data to third parties
  • Use your data for advertising or marketing profiles
  • Share your data with data brokers
  • Train AI models on your data

4. Cookies and tracking

We use only essential cookies required for the service to function:

  • Session cookie — Keeps you logged in. Expires when you log out or after 24 hours of inactivity.

We do not use:

  • Third-party tracking cookies
  • Advertising cookies
  • Social media tracking pixels
  • Google Analytics or similar profiling tools

5. Data retention

  • Account data — Retained until you delete your account
  • Server logs — Automatically deleted after 7 days
  • Call data — Not stored. Streams are relayed in real-time and not recorded.

6. Data security

We implement industry-standard security measures:

  • All data in transit is encrypted with TLS 1.3
  • Video/audio streams use SRTP end-to-end encryption
  • Passwords are hashed with scrypt
  • Database access is strictly controlled and audited
  • Regular security assessments by our cryptography team

7. Your rights

Under GDPR and similar regulations, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Delete your account and all associated data
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to certain processing activities

To exercise these rights, contact us at hello@magicall.online.

8. International transfers

Our servers are located in the European Union. If you access Magicall from outside the EU, your data may be transferred to our EU servers. We ensure appropriate safeguards are in place for any data transfers.

9. Children's privacy

Magicall is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top indicates when this policy was last revised.

11. Contact us

For privacy-related questions or concerns: