Legal

Privacy Policy

Last updated: November 20, 2025

This Privacy Policy explains how Blue Magma, Inc. ("Blue Magma", "we", "us", or "our") collects, uses, and protects personal data when you use the Blue Magma application (the "Service").

By using the Service, you agree to this Privacy Policy.

On this page

1. Overview

This Privacy Policy explains how Blue Magma, Inc. ("Blue Magma", "we", "us", or "our") collects, uses, and protects personal data when you use the Blue Magma application (the "Service").

By using the Service, you agree to this Privacy Policy.

2. Information We Collect

We collect the following categories of information when you use the Service:

A. Account Information

  • Email address;
  • Password (stored using secure hashing); and
  • OAuth or identity provider ID, if applicable.

B. Usage Data

We automatically collect certain usage-related data, such as:

  • Application and system logs;
  • Telemetry and performance metrics;
  • Error reports;
  • Device and browser information;
  • IP address; and
  • Timestamps and related metadata.

C. Chat History & User Inputs

We store prompts, chat history, and AI-generated responses you create within the Service. This enables features such as chat continuity, auditing, and user experience improvements.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and operate the Service;
  • Improve model performance and overall Service quality;
  • Diagnose, troubleshoot, and fix technical issues;
  • Analyze usage patterns and improve the user experience;
  • Keep user sessions persistent and manage authentication;
  • Detect, investigate, and prevent fraud, abuse, or security incidents; and
  • Comply with legal obligations and enforce our terms and policies.

We do not sell your personal data.

4. How We Share Your Information

We share your information only as described in this Policy:

A. OpenAI (Subprocessor)

We send prompts, messages, and other necessary data to OpenAI for the purpose of generating AI-powered responses. OpenAI processes this data in accordance with its own terms, policies, and security obligations.

B. Service Providers

We may share data with infrastructure and service providers, such as hosting, logging, monitoring, and analytics vendors, that help us operate and support the Service. These providers are contractually required to protect your data and may only process it on our instructions.

C. Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage & Retention

We store:

  • Account information for as long as your account remains active or until you request deletion;
  • Log and telemetry data in accordance with our internal retention policies; and
  • Chat history for as long as your account exists, unless and until we offer or you use specific chat-level deletion controls.

Data is stored on secure cloud infrastructure. We retain personal data only for as long as reasonably necessary to fulfill the purposes described in this Policy or as required by law.

6. Security

We implement technical and organizational measures such as:

  • Encryption in transit for data sent to and from the Service;
  • Secure password hashing for stored credentials;
  • Role-based access controls and least-privilege principles; and
  • Monitoring and logging to help detect abuse or suspicious activity.

However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security of your information.

7. Your Rights

Depending on your location, you may have certain rights with respect to your personal data, which can include the right to:

  • Access a copy of the personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your account and associated personal data, subject to legal obligations; and
  • Request an export of certain data in a portable format, where applicable.

You can request account deletion or exercise other rights by contacting us using the details in the "Contact Us" section below. We will respond in accordance with applicable data protection laws.

8. Children's Data

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete such information.

9. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice. Your continued use of the Service after the changes become effective constitutes your acceptance of the revised Policy.

10. Contact Us

If you have questions about this Privacy Policy or how Blue Magma, Inc. handles your information, please contact us at  sales@bluemagma.net.