Privacy

Privacy Policy

Crossan Systems Ltd of 124 City Road, London, United Kingdom, EC1V 2NX is the controller of the personal data described in this policy unless stated otherwise. Magspy is a web-based software service.

Effective date: 26 April 2026

1. Controller identity

Crossan Systems Ltd is a company registered in the United Kingdom and is the controller of the personal data described in this policy for the purposes of UK data protection law. This policy applies to Magspy accounts, subscriptions, website usage, support interactions and related services.

We act as a data controller in respect of the personal data described in this policy.

Our Information Commissioner's Office registration reference is ZC133581.

2. Categories of personal data we collect

  • Account data, such as your name, email address, organisation name, account identifiers, authentication records and account preferences.
  • Billing data, such as subscription plan, invoices, payment status, billing country and limited payment metadata supplied by our payment processor. We do not store full card details.
  • Usage data, such as searches run, filters used, saved searches, exports requested, feature interactions and support history.
  • Technical and log data, such as IP address, device and browser information, timestamps, request logs, security events and diagnostic data.
  • Analytics data collected through Google Analytics 4 when you consent to analytics cookies.

3. How we collect personal data

We collect personal data directly from you when you create an account, subscribe, contact us or use the service. We also collect certain information automatically from your device and browser when you use Magspy.

Some personal data is supplied by service providers that help us operate Magspy, such as authentication, hosting, payment, analytics and email providers.

4. Lawful bases and how we use personal data

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms.

We rely on the following lawful bases under UK GDPR, depending on the category of personal data and the purpose involved.

Where we rely on consent, you can withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.

  • Account data: contract, to create and manage your account, authenticate access, deliver the service and communicate essential service messages; and legitimate interests, to protect the platform, prevent abuse and improve account administration.
  • Billing data: contract, to process subscriptions, renewals, cancellations and account changes; and legal obligation, to keep financial, accounting and tax records and to deal with fraud prevention or regulatory requests.
  • Usage data: contract, where needed to provide features you use such as saved searches, exports and account history; and legitimate interests, to understand how Magspy is used, support users, investigate misuse, improve product performance and plan service changes.
  • Technical and log data: legitimate interests, to maintain security, detect suspicious behaviour, troubleshoot incidents, enforce our terms and keep the service reliable; and legal obligation where logs are needed for legal compliance or dispute handling.
  • Analytics data: consent, where analytics cookies are enabled through our cookie banner or preferences controls. You can withdraw consent at any time.

5. Purposes for using personal data

  • To create accounts, authenticate users and provide Magspy functionality.
  • To process subscriptions, payments, renewals, refunds where applicable and account administration.
  • To operate, secure, monitor and improve the service, including preventing abuse and enforcing our terms.
  • To respond to support requests, complaints and service enquiries.
  • To measure product performance and website usage through analytics where you have consented.
  • To comply with legal, regulatory, tax, accounting and law enforcement obligations.

6. Data sharing

We share personal data only where necessary to operate Magspy, provide support, process payments, meet legal obligations or protect our rights. We do not sell personal data in the ordinary meaning of that term.

Categories of recipients include hosting and infrastructure providers, authentication and database providers, payment processors, analytics providers, transactional email providers, support tools, professional advisers and regulators or law enforcement where required.

Examples of providers used or expected to be used for these purposes include Supabase for authentication and database services, Stripe for payments, Google Analytics 4 for consent-based analytics, and hosting or deployment providers such as Vercel.

7. International transfers

Some providers may be based in or process personal data in the United States.

Some of our service providers may process personal data outside the UK. Where that happens, we use recognised safeguards appropriate to the destination and provider. These may include UK adequacy regulations, the UK International Data Transfer Agreement, the UK addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms.

You can contact us using the details below if you want more information about the safeguards used for relevant transfers.

8. Retention

We keep personal data only for as long as reasonably necessary for the purposes set out in this policy, including to provide the service, keep required records, resolve disputes and enforce our agreements.

  • Account data: for the life of the account and for up to 24 months afterwards unless a longer period is needed for legal claims, fraud prevention or compliance.
  • Billing and transaction data: normally for at least 6 years after the end of the relevant financial year to meet UK tax, accounting and record-keeping requirements.
  • Usage data and support records: typically for up to 24 months after collection unless longer retention is reasonably needed for service continuity, abuse prevention or dispute handling.
  • Technical and security logs: typically for up to 12 months, subject to longer retention where required for security investigations, legal compliance or incident response.
  • Analytics cookie data: retained according to the settings of the analytics service and our cookie configuration, unless you withdraw consent earlier where deletion or cessation is technically available.

9. Cookies and tracking

Cookies are small text files or similar technologies stored on your device when you use a website. Magspy uses necessary cookies to enable core functions such as authentication, security and user preferences.

We use analytics cookies only where you consent. Analytics helps us understand how users navigate Magspy, which features are used and where journeys break down so that we can improve the service.

You can manage your analytics choice through our cookie banner and cookie preferences controls. Withdrawing consent does not affect the lawfulness of analytics processing carried out before withdrawal.

For more detail on the cookies we use, see our Cookie Notice and Cookie Preferences page.

10. Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include access controls, authentication safeguards, logging, provider security controls and reasonable administrative procedures.

No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

11. Legal disclosures

We may disclose personal data where reasonably necessary to comply with a legal obligation, court order, regulatory request or lawful request from law enforcement, or to establish, exercise or defend legal claims.

We may also disclose information where necessary to investigate fraud, misuse, security incidents or suspected breaches of our terms.

12. Your rights

Depending on the circumstances, you may have the right to request access to your personal data, rectification of inaccurate data, erasure, restriction of processing, objection to processing, and portability of data provided by you. Where we rely on consent, you also have the right to withdraw that consent at any time. Rights requests can be sent to privacy@magspy.app.

We may ask for information necessary to verify your identity before acting on a request. Some rights are subject to legal exceptions and limitations.

13. Complaints

If you have a concern about how we handle personal data, please contact us first so we can try to resolve it. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, if you believe your data protection rights have been infringed.

14. Contact details

Crossan Systems Ltd, 124 City Road, London, United Kingdom, EC1V 2NX.

ICO reference: ZC133581.

Privacy contact: privacy@magspy.app.

15. Updates to this policy

We may update this Privacy Policy from time to time to reflect changes to Magspy, our providers, legal requirements or our processing practices. The latest version published on our website applies from its effective date.

These public-facing terms are a website version of the internal legal pack in the repository. If you need copies or want to raise a rights request, use the contact details in the footer or visit Contact.

Cookie choices

Help us tailor and improve Magspy

Essential cookies are always on for login, security, and site preferences. If you allow analytics, we can see which searches, filters, and journeys are most useful so we can improve the product faster and reduce broken flows.

Why accepting helps

Analytics helps us prioritise search UX fixes, improve premium discovery workflows, and understand where users get stuck. It stays off unless you choose to allow it.

Read our Privacy Policy and Cookie Notice.

Manage preferences