Legal & Policies

Welcome to our legal and policies center. Here you'll find detailed information about our terms of service, privacy practices, and customer support commitments.

Privacy Policy

Introduction

This Privacy Policy (“Policy”) describes the practices of Toruk Magic Deep Tech Ltd. (“Company”, “we”, “our”) with respect to the collection, use, disclosure, and protection of personal data processed through our Web SaaS platform (“Service”). This Policy applies to all individuals (“Users”, “you”) who access or use the Service. It is effective as of 18 June 2025 and has been drafted in accordance with the UK GDPR (United Kingdom General Data Protection Regulation), the Data Protection Act 2018, and, where applicable, the EU GDPR for Users in the European Economic Area.

  • Legal Entity: Toruk Magic Deep Tech Ltd.
  • Registered Address: Unit 8, Dock Offices, Surrey Quays Road, London, Greater London, SE16 2XU, United Kingdom
  • Contact Email: info@torukmagic.com

By accessing or continuing to use the Service, you acknowledge that you have read and accept this Policy. For any questions, requests, or clarifications regarding this Policy, please contact us at info@torukmagic.com.

1. Data Controller

Toruk Magic Deep Tech Ltd. is the data controller for personal data processed in connection with the Service. We are responsible for determining the purposes and means of processing personal data. Any inquiries concerning data processing activities, data subject rights, or this Policy should be directed to info@torukmagic.com.

2. Categories of Personal Data Collected

When you register, use, or interact with the Service, we may collect and process the following categories of personal data:

Account and Identity Information

Name, surname, username, email address, password (stored securely using industry-standard hashing/encryption). Organizational or company details if you register a corporate account.

Contact Information

Email address, telephone number (where provided), and any additional details you supply when submitting support requests or inquiries.

Payment and Billing Information

If payments are processed via third-party providers (e.g., Stripe, PayPal), we receive confirmation and minimal billing details (e.g., invoice address, transaction reference). We do not store full payment credentials on our servers; payment processors’ own privacy practices apply.

Usage and Technical Data

IP address, browser type and version, device model, operating system, timestamps of access, session logs, API call metadata, error logs, and other diagnostic data. Information on how you use the Service (features accessed, frequency, settings, usage patterns).

Cookies and Tracking Technologies

HTTP cookies, web beacons, and similar technologies for session management, analytics, performance measurement, personalization, and marketing (where consented).

Communications Data

Content of emails, support tickets, chat transcripts, feedback, or other correspondence you initiate or receive in relation to the Service.

Additional or Supplementary Data

Where required by law or contractual obligations (e.g., KYC/KYB checks), we may request identity documents or other proofs. Responses to surveys or questionnaires, including satisfaction surveys or optional feedback.

2.1 Sensitive Personal Data

The Service does not require or intentionally request sensitive categories of personal data (e.g., health data, biometric data, racial or ethnic origin, political opinions, religious beliefs). Should any future feature or integration require such data, we will request explicit, informed consent prior to collection and processing, and will handle it in strict compliance with applicable law.

3. Purposes of Processing & Legal Basis

We process personal data for the following purposes, under the legal bases indicated:

Provision of the Service and Contract Performance

Account creation, authentication, subscription management, invoicing, delivering features, and fulfilling contractual obligations.

Legal Basis: Performance of a contract or pre-contractual steps (UK GDPR Art. 6(1)(b)).

Service Improvement and Analytics

Monitoring, analyzing, and optimizing platform performance; identifying and resolving errors; developing new features; improving user experience.

Legal Basis: Legitimate interests (improving and maintaining the Service) (UK GDPR Art. 6(1)(f)), provided these interests do not override your rights. For certain analytics cookies or tracking, we will obtain your consent where required.

Security, Fraud Prevention, and Abuse Detection

Detecting and preventing unauthorized access, fraudulent activity, or other security incidents; implementing safeguards to protect the Service and Users.

Legal Basis: Legitimate interests (platform security and fraud prevention) (UK GDPR Art. 6(1)(f)), or compliance with legal obligations.

Communication and Notifications

Sending transactional emails (e.g., account confirmations, password resets, billing notifications, important Service announcements). Where you have opted in, sending marketing communications, newsletters, product updates, or promotional materials.

Transactional notifications: Performance of contract or legitimate interests (ensuring you receive essential information). Marketing: Your explicit consent (UK GDPR Art. 6(1)(a)); you may opt out at any time.

Compliance with Legal Obligations

Retaining data for tax, accounting, auditing, or regulatory requirements; responding to lawful requests from authorities; fulfilling statutory obligations.

Legal Basis: Compliance with legal obligations (UK GDPR Art. 6(1)(c)).

Responding to Data Subject Requests

Handling requests to access, rectify, erase, or port personal data; responding to objections or restrictions on processing; withdrawing consent.

Legal Basis: Compliance with legal obligations and ensuring data subject rights (UK GDPR Arts. 6(1)(c), 6(1)(e)).

4. Cookies and Tracking Technologies

We use cookies and similar technologies to provide, secure, and improve the Service:

  • Essential Cookies: Required for core functionality (e.g., session management, authentication). No consent required.
  • Performance & Analytics Cookies: Collect aggregated data on Service usage and performance. We obtain consent where legally required.
  • Functional Cookies: Enable features such as language preferences or user settings.
  • Marketing & Advertising Cookies: Where relevant, used to deliver targeted content or measure campaign effectiveness; only used after obtaining your explicit consent.

You may manage or disable cookies via browser settings or through our cookie consent mechanisms. Note that disabling certain cookies may impair Service functionality or user experience.

5. Third-Party Service Providers & Data Sharing

We may share personal data with third parties in the following contexts:

Service Providers and Subprocessors

Cloud hosting providers, infrastructure and platform services, analytics tools, email service providers, payment processors, customer support platforms, and other vendors necessary to operate and maintain the Service. We enter into Data Processing Agreements with such providers to ensure compliance with UK GDPR and data security standards. Data shared is limited to what is necessary for the specified purpose.

Legal and Regulatory Authorities

If required by applicable law, court order, or governmental request, we may disclose personal data to comply with legal obligations or protect rights, property, or safety of the Company, Users, or others.

Business Transfers

In the event of a merger, acquisition, sale of assets, or reorganization, personal data may be transferred as part of the business transaction. We will ensure that the recipient continues to protect personal data in accordance with this Policy and applicable law.

User Consent

In any other situation where we share data beyond the foregoing, we will obtain your explicit consent in advance.

Specific Statement on Google User Data:

Notwithstanding anything else in this Privacy Policy, if you provide the App access to your Google data, the App's use of that data will be subject to these additional restrictions:

  • The App will only use access to read, write, modify, or control Google message bodies (including attachments), metadata, headers, and settings to provide a web client that allows users to compose, send, read, and process emails and will not transfer this Google data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • The App will not use this Google data for serving advertisements.
  • The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App's internal operations and even then only when the data have been aggregated and anonymized.

6. Data Security

We implement appropriate technical and organizational measures to safeguard personal data:

  • Encryption: TLS/SSL for data in transit; encryption at rest for sensitive data where applicable. This specifically includes any data received via Google APIs, which is encrypted both in transit and at rest to ensure confidentiality and integrity.
  • Access Controls: Role-based access, least-privilege principles, strong authentication mechanisms (including support for two-factor authentication where available).
  • Secure Development Practices: Regular code reviews, vulnerability scanning, and patch management.
  • Monitoring & Incident Response: Continuous monitoring for anomalies; procedures for identifying, containing, and remediating security incidents or data breaches. In case of a notifiable breach, we will notify relevant supervisory authorities and affected individuals in accordance with legal timelines.
  • Personnel Training & Policies: Employees and contractors undergo data protection and security training; strict confidentiality and data handling policies are enforced.
  • Regular Audits & Testing: Periodic penetration tests, vulnerability assessments, and security audits to maintain a strong security posture.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described:

  • Account Data: Retained while your account is active. Upon account deletion or closure, personal data is deleted or anonymized, except for data we must retain for legal or legitimate business purposes (e.g., bookkeeping, dispute resolution).
  • Billing & Financial Records: Retained for statutory periods as required by applicable law (e.g., typically six years in the UK for tax and accounting).
  • Logs and Analytics: Retained for a reasonable period to support security monitoring, analytics, and troubleshooting; thereafter deleted or anonymized.
  • Support and Communication Records: Retained as long as reasonably necessary to address requests or disputes; after that period, deleted or archived in compliance with legal obligations.
  • Retention of Google User Data: Data accessed via Google APIs is retained only for as long as necessary to provide the specific functionality requested by the user. When a user disconnects their Google account or requests deletion, all associated Google user data is deleted from our active servers immediately and from backups within a reasonable timeframe, in accordance with our general deletion policy.

If you request deletion of your personal data, we will honor the request unless retention is required for legal compliance or legitimate interests that do not override your rights; in such cases, we will inform you of any residual retention requirements.

8. International Data Transfers

Your data may be stored, processed, or accessed in jurisdictions outside your country of residence (e.g., United Kingdom, European Economic Area, or other locations where our service providers operate). When transferring personal data internationally:

  • We ensure appropriate safeguards, such as Standard Contractual Clauses, adequacy decisions, or other mechanisms approved under UK GDPR/EU GDPR.
  • We inform Users in advance if a transfer requires their explicit consent or if there are additional risks.
  • Data transfers are conducted in compliance with applicable data protection laws, ensuring adequate protection of personal data.

9. Data Subject Rights

Under the UK GDPR and, where applicable, the EU GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request confirmation whether we process your personal data and obtain a copy of such data.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of personal data where permitted (e.g., where processing is no longer necessary, or you withdraw consent and no other legal basis applies).
  • Right to Restrict Processing: Request limitation of processing under certain conditions.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and, where technically feasible, transmit it to another controller.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Rights in Relation to Automated Decision-Making: If any automated profiling or decision-making occurs, you may request human intervention, explanation, or contest the decision, where applicable.
  • Right to Withdraw Consent: If processing is based on consent (e.g., marketing communications, analytics cookies), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint: With UK Information Commissioner’s Office (ICO) or relevant supervisory authority in your jurisdiction if you believe our processing infringes data protection law.

To exercise any of these rights, please contact us at info@torukmagic.com. We will respond within the timeframe required by law (generally within one month, extendable by up to two additional months for complex or numerous requests, with notice).

10. Children’s Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from persons under 18 without parental or guardian consent. If a parent or guardian becomes aware that their child under 18 has provided us with personal data, they may contact us at info@torukmagic.com to request deletion of such data.

11. Changes to This Privacy Policy

We may update this Policy periodically to reflect changes in legal requirements, our practices, or the Service’s functionality. Whenever we make material changes:

  • We will update the “Effective Date” at the top of this Policy.
  • We will notify you via email or through in-Service notifications if the changes significantly affect your rights or how we process your personal data.
  • Continued use of the Service after changes indicates acceptance of the updated Policy.

It is your responsibility to review this Policy periodically.

12. Contact Information

For any questions, exercising data subject rights, or other concerns regarding this Policy or our data practices, please contact:

  • Email: info@torukmagic.com
  • Postal Address: Unit 8, Dock Offices, Surrey Quays Road, London, Greater London, SE16 2XU, United Kingdom

If you remain unsatisfied after contacting us, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or the relevant supervisory authority in your jurisdiction.

13. Additional Considerations & Recommendations

Third-Party Links

The Service may link to or integrate with third-party websites or services. This Policy does not cover their practices. Please review their privacy policies separately.

Security Best Practices for Users

Use strong, unique passwords; enable two-factor authentication if available; keep credentials confidential.

Data Minimization

Only provide personal data that is necessary for the Service or as legally required. Refrain from submitting sensitive data unless explicitly requested and necessary.

Data Breach Notification

In the event of a personal data breach affecting your data, we will follow our incident response plan and notify you and relevant authorities in accordance with legal requirements.

Legal Advice

This Policy is provided for informational purposes and does not constitute legal advice. We recommend consulting qualified legal counsel to tailor the Policy to your specific operations, jurisdictions, or regulatory environment.

By using the Service, you consent to the collection and processing of your personal data as described herein. For any clarifications or to exercise your rights, please reach out via info@torukmagic.com.

Customer Support Policy

Introduction

  • Legal Entity: Toruk Magic Deep Tech Ltd.
  • Registered Address: Unit 8, Dock Offices, Surrey Quays Road, London, SE16 2XU
  • Contact Email: info@torukmagic.com

We are committed to providing high-quality support to ensure you get the most out of our Service. This policy outlines our support channels, hours, and scope.

Purpose of Support

  • To assist users with technical issues regarding the platform.
  • To guide users on how to use specific features.
  • To handle billing inquiries and account management requests.
  • To receive and process bug reports and feature requests.

Scope of Support

Our support covers issues related to the functionality of our SaaS platform. It does not include support for third-party services, custom coding, or issues resulting from user hardware limitations.

Support Channels

You can reach our support team through the following methods:

Email Support

Send detailed inquiries to info@torukmagic.com. We aim to respond within 24 hours.

Live Chat

Available on our dashboard for subscribed users during business hours (09:00 - 18:00 UK Time).

Documentation

Access our comprehensive help center and API documentation 24/7.

Contact Us

For any support-related questions, please use:

  • General Support: info@torukmagic.com
  • Billing Support: billing@torukmagic.com

Terms of Service

Introduction

  • Provider: Toruk Magic Deep Tech Ltd.
  • Jurisdiction: England & Wales
  • Contact: info@torukmagic.com

These Terms of Service ('Terms') govern your access to and use of our Service. By using the Service, you agree to be bound by these Terms.

Definitions

Service: The Web SaaS platform provided by Toruk Magic Deep Tech Ltd.

User: Any individual or entity accessing or using the Service.

Subscription: The paid plan granting access to specific features of the Service.

Acceptance & Updates

  • By creating an account, you accept these Terms in full.
  • We reserve the right to modify these Terms at any time. Significant changes will be communicated via email.
  • Continued use of the Service after changes constitutes acceptance of the new Terms.

Commerce Disclosures

Legal Information

In compliance with electronic commerce regulations, we provide the following information regarding our company and services.

Company Details

  • Company Name: Toruk Magic Deep Tech Ltd.
  • Registration Number: 16407823
  • VAT Number: -
  • Registered Office: Unit 8, Dock Offices, Surrey Quays Road, London, SE16 2XU, UK

Contact Information

  • Email: info@torukmagic.com
  • Phone: +44 7448 261 288
  • Website: www.torukmagic.com

Updates to Information

We aim to keep this information up to date. Last updated: June 2025.