Privacy Policy

This Privacy Policy describes how MAGNATEX LLP (“MagnateX”, “SocioGenie”, “we”, “our”, “us”) collects, uses, discloses, stores, and protects information about you (“you”, “your”, “User”) when you visit www.sociogenie.ai, create an account, or use the SocioGenie platform and related services (collectively, the “Services”).

We are committed to processing personal data lawfully, fairly, and transparently in accordance with the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 and its rules, the EU General Data Protection Regulation (GDPR) 2016/679, the UK GDPR, the California Consumer Privacy Act / CPRA, and other applicable data-protection laws.

1. Who We Are (Data Controller)

The data controller / data fiduciary responsible for your personal data is:

• MAGNATEX LLP (LLPIN: ACU-5689)
• Registered office: 111, Fortune Business Hub, Sola, Nr. Satyamev Elysium, Ahmedabad, Gujarat 380060, India
• General contact: support@magnatex.co
• Privacy & data requests: founder@magnatex.co

2. Scope of This Policy

This Policy applies to personal data we process when you:

• visit our website, marketing pages, or blog;
• create or maintain a SocioGenie account;
• subscribe to a plan, start a free trial, or purchase Top-Up Credits;
• connect third-party social-media accounts (e.g., Instagram, Facebook, LinkedIn);
• upload brand assets, products, or media;
• use AI-powered features such as the AI Engine, Bulk Create, Quick Create, Product Advert Generator, Festival Post Generator, the AI Chatbot Assistant, or the Approval Workflow;
• contact us for support, sales, or any other reason.

3. Categories of Personal Data We Collect

3.1 Information you provide directly

• Account data: full name, email address, phone number, password (stored hashed), profile picture, time zone, language, country.
• Business / brand data: business name, website URL, industry, brand logo(s), brand colours, hashtags, slogans, product images, product descriptions, marketing assets, contact details shown on creatives, and any other content uploaded to your Media Library or Brand DNA.
• AI Memory Layer data: answers about brand personality, communication tone, target audience, marketing direction, preferred style, and positioning.
• Content data: prompts you enter, references you upload, captions, AI-generated images, drafts, scheduled posts, and published posts.
• Communications: support tickets, emails, chatbot transcripts, survey responses, and feedback.

3.2 Information collected automatically

• Device & technical data: IP address, device type, operating system, browser type and version, screen resolution, language, referring URL, and crash logs.
• Usage data: pages and features accessed, clicks, session duration, AI generation events, posts scheduled/published, credits consumed, and approval actions.
• Cookies & similar technologies: see our Cookie Policy for details. We currently use Google Analytics 4 for product analytics and standard session/auth cookies for platform functionality.

3.3 Information from third parties

• Social-media platforms. When you connect Instagram, Facebook, or LinkedIn through OAuth, we receive access tokens, account identifiers, page/business IDs, basic profile data, permissions, and (where you authorise it) post insights such as reach, impressions, and engagement. We use these tokens only to perform the actions you have authorised (publishing, scheduling, analytics). We do not store your social-media password.
• Payment processor. Subscription and Top-Up purchases are processed by Dodo Payments Inc. (“Dodo”), which acts as the Merchant of Record for SocioGenie. Dodo collects your billing name, billing address, country, tax identifiers (where applicable) and payment-instrument details directly. We receive only a limited transaction record (plan, amount, currency, last 4 digits of card, status, invoice ID). We never see or store your full card number, CVV, or bank credentials.
• Website scraping for onboarding. If you provide your business website during onboarding, we fetch publicly available pages to extract business name, industry, slogans, brand colours, logo references, contact details and brand descriptions for your Brand DNA.

4. Purposes of Processing & Legal Bases

We process personal data only for the purposes described below, and only where we have a valid legal basis under the GDPR (or an equivalent ground under the DPDP Act and other applicable laws).

• To provide the Services — create your account, authenticate you, run the AI Engine, generate content, schedule and publish posts, deliver analytics, operate the approval workflow, and provide customer support. Legal basis: performance of a contract.
• To process payments and prevent fraud — via Dodo Payments. Legal basis: contract; legal obligation.
• To send service communications — transactional emails (account, billing, security, trial expiry, credit depletion). Legal basis: contract; legitimate interest.
• To improve the platform — monitor performance, fix bugs, conduct product analytics, and develop new features. Legal basis: legitimate interest.
• To send marketing and product updates — only where you have opted in or where permitted by law (you can opt out at any time). Legal basis: consent; legitimate interest.
• To comply with law — tax, accounting, anti-fraud, anti-money-laundering, and lawful requests from authorities. Legal basis: legal obligation.

5. AI Processing & Automated Decision-Making

SocioGenie is an AI-powered platform. To deliver core features (Brand DNA analysis, AI Memory Layer, AI Engine, Bulk Create, Quick Create, Product Advert Generator, Festival Post Generator, Chatbot Assistant), we send relevant content and brand data to enterprise AI providers acting as our processors / sub-processors:

• OpenAI, L.L.C. (United States)
• Anthropic, PBC (United States)
• Google LLC — Google AI / Gemini / Vertex AI (United States)

These providers are contractually prohibited from using your data to train their public models in our standard configuration, and we configure their APIs accordingly where the option is available.

We do not use your personal data, brand assets, or generated content to train our own AI models.

The AI Engine makes automated suggestions about what to post, when to post, and how to present it. These are suggestions — final publication only occurs after either (a) automatic execution that you have explicitly configured, or (b) human review via the User Approval Mode or the Managed Approval Mode. You retain the right to disable automation at any time. The processing does not produce legal effects on you within the meaning of GDPR Article 22.

6. Human Review (Managed Approval Mode)

If you opt into Managed Approval Mode, members of the SocioGenie operations team review the AI-generated post (caption + creative) strictly to check branding consistency, caption quality, creative presentation, and posting readiness. Reviewers see only the generated post; they do not access your raw social-media account data, audience details, or message inboxes. All reviewers are bound by confidentiality obligations.

7. How We Share Personal Data

We do not sell your personal data and we do not “share” it for cross-context behavioural advertising within the meaning of the CCPA/CPRA. We disclose personal data only to the following categories of recipients:

• Service providers / sub-processors who operate the platform on our behalf, including:
  • Google LLC (Firebase / Google Cloud Platform, us-central1) — hosting, database, authentication, file storage.
  • OpenAI, Anthropic, Google AI — generative-AI processing (see Section 5).
  • Dodo Payments Inc. — Merchant of Record for subscription billing and tax compliance.
  • Google LLC (Google Analytics 4) — product analytics.
• Social-media platforms you have connected — we transmit the content you authorise us to publish (Meta Platforms for Instagram & Facebook; LinkedIn Corporation for LinkedIn).
• Professional advisors — lawyers, auditors, accountants, and insurers under confidentiality.
• Government, regulators, and law enforcement — when required by law, court order, or to protect our rights, users, or the public.
• Successors — in connection with a merger, acquisition, reorganisation, or sale of assets, subject to equivalent privacy protections.

8. International Data Transfers

MAGNATEX LLP is based in India. Our infrastructure and several sub-processors are based in the United States (Firebase / Google Cloud us-central1, OpenAI, Anthropic, Google AI, Dodo Payments). Where personal data is transferred outside your country of residence — including from the European Economic Area, the United Kingdom, or Switzerland to India or the United States — we rely on appropriate safeguards such as:

• the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum;
• adequacy decisions where they apply (e.g., the EU-US Data Privacy Framework, for participating sub-processors);
• equivalent contractual protections with all our processors and sub-processors.

A copy of the safeguards we use is available on request from founder@magnatex.co.

9. Data Retention

• Active accounts: We retain personal data for as long as your account is active.
• After account deletion: We delete or anonymise account data, brand assets, AI Memory Layer content, generated posts, and connected-account tokens within 30 days of confirmed deletion, except where retention is required by law (see below).
• Billing & tax records: Invoices, transaction records, and tax data are retained for up to 8 (eight) years as required under Indian tax/company law and equivalent obligations in other jurisdictions.
• Backups: Encrypted backups containing deleted data may persist for up to 90 days before being rotated out.
• Legal holds: Where data is subject to ongoing litigation, investigation, or regulatory request, we retain it until the matter is resolved.

10. Your Rights

Depending on where you live, you have some or all of the following rights in relation to your personal data:

• Right of access — obtain a copy of your personal data.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) — delete personal data, subject to legal-retention exceptions.
• Right to restrict processing.
• Right to object — including to direct marketing and to processing based on legitimate interest.
• Right to data portability — receive data in a structured, machine-readable format.
• Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.
• Right to lodge a complaint — with your local data protection authority (e.g., the Data Protection Board of India for DPDP, your EU/UK supervisory authority for GDPR, or the California Privacy Protection Agency for CCPA/CPRA).
• CCPA/CPRA-specific rights — California residents have the right to know, delete, correct, and limit the use of sensitive personal information, and the right to non-discrimination for exercising these rights. We do not sell or share personal information for cross-context behavioural advertising.
• DPDP-specific rights — Indian Data Principals may nominate another individual to exercise rights in the event of death or incapacity, and may contact our Grievance Officer (see Section 14).

To exercise any of these rights, email founder@magnatex.co from the address associated with your account. We respond within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling the request.

11. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data, including: encryption in transit (TLS 1.2+) and at rest, hashed passwords, scoped access control, audit logging, secret-management for API keys and OAuth tokens, vendor security reviews, and least-privilege access for employees. No system is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential. If you suspect unauthorised access, contact support@magnatex.co immediately.

In the event of a personal-data breach likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected users without undue delay, in line with GDPR Article 33/34, DPDP Section 8(6), and other applicable laws.

12. Cookies & Tracking

We use a limited set of cookies and similar technologies for (a) authentication and security, (b) remembering preferences such as language and time zone, and (c) Google Analytics 4 for aggregated product analytics. We do not run advertising pixels by default. Details and your choices are described in our Cookie Policy.

13. Children’s Privacy

The Services are intended only for users who are 18 years of age or older. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact founder@magnatex.co and we will delete it.

14. Grievance Officer (India)

In compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the DPDP Act, 2023, the following officer is designated to address grievances regarding the processing of your personal data:

• Name: Naman Patel
• Designation: Founder, MAGNATEX LLP
• Email: founder@magnatex.co
• Working hours: Monday – Friday, 09:00 – 18:00 IST
• Address: 111, Fortune Business Hub, Sola, Nr. Satyamev Elysium, Ahmedabad, Gujarat 380060, India

The Grievance Officer will acknowledge complaints within 48 hours and resolve them within 30 days of receipt.

15. Third-Party Platforms & Links

The Services integrate with third-party platforms (Meta, LinkedIn, Google, Dodo Payments, etc.) and may contain links to third-party websites. Their privacy practices are governed by their own policies, and we are not responsible for them. We encourage you to read those policies before connecting an account or sharing data.

Where you delete data from SocioGenie, you can also request deletion of data we hold from Meta integrations via our Facebook Data Deletion Instructions and Instagram Data Deletion Instructions.

16. Payments & Currency

All subscription and Top-Up Credit charges on SocioGenie are billed and settled in United States Dollars (USD) through our Merchant of Record, Dodo Payments Inc. Where you are eligible for a refund, the refund is issued by Dodo Payments to the original payment instrument in USD. The amount actually credited to you in your local currency may vary based on exchange rates and bank or card-issuer fees over which we have no control. See our Refund Policy for full details.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where required by law, provide additional notice (such as an in-app message or email). Your continued use of the Services after the changes take effect constitutes acceptance of the updated Policy.

18. Contact Us

For any questions about this Privacy Policy or our data practices:

• Privacy & data requests: founder@magnatex.co
• General support: support@magnatex.co
• Sales: sales@magnatex.co
• Website: https://www.sociogenie.ai
• Postal: MAGNATEX LLP, 111, Fortune Business Hub, Sola, Nr. Satyamev Elysium, Ahmedabad, Gujarat 380060, India