Magnum

Privacy Policy

Effective April 22, 2026

This Privacy Policy describes what information Magnum ("we") collects when you use magnum.cx, how we use it, and the rights you have over it.

1. Data we collect

  • Account: email address, hashed password, account role, sign-up and last-seen timestamps.
  • Orders: products purchased, prices, currency, payment provider reference, and order status. We do not store card numbers — payment details are handled by Stripe.
  • Licenses: a one-way hash of each license key (we never store plaintext keys), issue and expiry dates, activation device fingerprints, IP addresses, and user agents for anti-fraud and activation-limit enforcement.
  • Downloads: per-request log of asset ID, license ID, user ID, IP address, and timestamp.
  • Email delivery: a record of transactional emails sent (template, provider message ID, status) for auditability.
  • Operational: server and error logs (structured JSON, stored on our infrastructure), aggregated request metrics. No third-party advertising or analytics cookies.

2. How we use data

  • To operate your account, deliver licenses and downloads, and send transactional email.
  • To prevent fraud, abuse, and license sharing (activation tracking, IP rate limits).
  • To comply with legal obligations and respond to lawful requests.
  • To diagnose errors and improve reliability.

We do not sell your personal information. We do not use it for cross-site advertising profiling.

3. Sharing

We share data only with processors that help operate the service:

  • Stripe and, where offered, NOWPayments — payment processing.
  • Resend — transactional email delivery.
  • Cloudflare R2 — downloadable file storage.
  • Upstash — rate-limit state.

These providers process data under their own terms and only on our instructions. We will disclose data to law enforcement when required by a valid legal process.

4. Retention

  • Account data is retained for as long as your account is active.
  • Order, license, and email records are retained for up to seven (7) years for tax and accounting purposes.
  • Activation and download audit logs are retained for up to twelve (12) months.
  • Error logs are retained for up to ninety (90) days.

5. Your rights

Depending on where you live (for example under GDPR or CCPA), you may have the right to access, correct, delete, or export your personal data, and to object to certain uses. To exercise these rights, contact us at /legal/contact. We will respond within thirty (30) days.

6. Security

We use TLS for all traffic, hash passwords and license keys, store binaries behind time-limited signed URLs, enforce rate limits on sensitive endpoints, and monitor errors. No system is perfectly secure — if you believe your account has been compromised, contact us immediately.

7. Cookies

We use a single first-party session cookie to keep you signed in. We do not use advertising cookies or third-party tracking cookies.

8. International transfers

Our processors may store data in regions outside your own. Where required, we rely on standard contractual clauses or equivalent safeguards.

9. Children

Magnum is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has created an account, contact us and we will delete it.

10. Changes

We may update this Policy. Material changes will be announced on the site or by email.

11. Contact

Data requests and privacy questions: /legal/contact.