Privacy Policy
This Privacy Policy describes how VoxMagna ("we", "us", "our"), registered in the United Arab Emirates, collects, uses, stores, and protects your personal data in accordance with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, "PDPL") and its executive regulations.
Contents
Data Controller
VoxMagna is the data controller for personal data processed through the Service. Our details:
- Company name: VoxMagna
- Jurisdiction: United Arab Emirates
- Privacy contact: info@voxmagna.com
Data We Collect
We collect the following categories of personal data:
| Category | Data Items | Source |
|---|---|---|
| Account data | Email address, hashed password | Provided by you at registration |
| X account data | X username, display name, profile picture URL, OAuth access tokens | X (Twitter) OAuth flow |
| Usage data | Actions performed (replies, posts), credits consumed, timestamps, job configurations | Generated automatically as you use the Service |
| Payment data | Subscription plan, billing cycle, transaction IDs | Processed by Paddle (we do not store payment card details) |
| Technical data | IP address, browser type, session identifiers (session cookie) | Collected automatically |
| Content data | Keywords you configure, AI-generated posts and replies, post ideas | Provided by you or generated by AI on your behalf |
How We Use Your Data
We use your personal data for the following purposes:
- Service delivery: Authenticating you, running your automation bots, scheduling posts, managing your X accounts.
- Billing & payments: Processing subscription payments, issuing credits, preventing fraud.
- Communications: Sending transactional emails (welcome, credit alerts, plan changes, scheduled post notifications, error alerts). We do not send unsolicited marketing emails without your explicit consent.
- Analytics & improvement: Understanding aggregate usage patterns to improve the Service. We do not sell individual-level usage data.
- Legal compliance: Responding to lawful requests from UAE authorities, complying with applicable legislation.
- Security: Detecting and preventing abuse, fraud, and unauthorized access.
Legal Basis for Processing
Under the UAE PDPL, we process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide the Service you have subscribed to (account management, bot execution, billing).
- Legitimate interests: Security monitoring, fraud prevention, aggregate analytics, and improving the Service — where these interests are not overridden by your rights.
- Legal obligation: Compliance with UAE law, including responding to court orders and regulatory requests.
- Consent: Where we send optional marketing communications (you may withdraw consent at any time).
Third-Party Sharing
We share your data only with the following categories of third parties, and only to the extent necessary:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Paddle (payment processor) | Payment processing, subscription management | Email, billing plan, transaction data |
| xAI (AI provider) | Generating AI-powered replies, posts, ideas, and analyses | Prompt content (tweet text + your profile settings) |
| X (Twitter) Corp | Publishing tweets via OAuth API, searching tweets | OAuth tokens, tweet content, search queries |
| Google (reCAPTCHA) | Bot protection during registration | IP address, browser metadata |
| Google (Analytics) | Anonymous website usage analytics | Page views, events, anonymised IP |
| Hostinger (SMTP) | Sending transactional emails | Your email address, email content |
We do not sell, rent, or trade your personal data with third parties for their own marketing purposes.
We may disclose personal data if required by UAE law, court order, or lawful request by UAE government authorities including law enforcement agencies.
International Transfers
Some of our third-party service providers operate outside the UAE (including the United States and European Economic Area). Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or reliance on the recipient country's adequacy status, in compliance with UAE PDPL requirements.
Data Retention
We retain your personal data for as long as your account is active. Specifically:
- Account data: Retained until you delete your account. Upon deletion, account data is permanently removed within 30 days.
- X OAuth tokens: Deleted immediately upon disconnecting the X account or deleting your account.
- Analytics & usage logs: Retained for up to 12 months after your last activity.
- Billing records: Retained for 5 years as required by UAE Federal Law No. 8 of 2017 (VAT Law) and general accounting requirements.
- Session data: Expires after 7 days of inactivity.
Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:
- Passwords stored as salted bcrypt hashes — we never store plaintext passwords.
- HTTPS encryption for all data in transit.
- Session-based authentication with HttpOnly cookies.
- X OAuth tokens stored with server-side access controls.
- Regular security reviews of access controls and dependencies.
In the event of a personal data breach that poses a risk to your rights, we will notify affected users and, where required by UAE PDPL, the UAE Data Office within the prescribed timeframe.
Your Rights
Under the UAE PDPL (Federal Decree-Law No. 45 of 2021), you have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data (subject to legal retention obligations).
Right to Restriction
Request that we restrict processing of your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
To exercise any of these rights, contact us at info@voxmagna.com. We will respond within 30 days of receiving your request, as required by UAE PDPL. Where we are unable to comply with a request, we will explain the reason.
You also have the right to lodge a complaint with the UAE Data Office (dataoffice.gov.ae) if you believe we have not handled your data lawfully.
Children
The Service is not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at info@voxmagna.com and we will take steps to delete that information.
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified by email to registered users. The "Last updated" date at the top of this page will always reflect the most recent revision.
Contact & Data Requests
For all privacy-related enquiries, data subject requests, or to report a data breach:
- Email: info@voxmagna.com
- Response time: Within 5 business days (acknowledgement), 30 days (full response)
Please include your registered email address and the nature of your request. We may need to verify your identity before processing requests.