Effective February 12, 2026. This document tells you exactly what Magical Nodes stores, who we share it with, and the rights you have. We act as a Technology Provider when you connect Meta-owned destinations — the platform-specific rules are in the Meta section below.
Magical Nodes is a research canvas where you connect content sources (videos, websites, PDFs, social feeds, ads libraries, spreadsheets) and chat with them through large language models. This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights.
Magical Nodes acts as a Technology Provider when our customers use ours platform to build chatbots, embedded widgets, or messaging workflows on top of third-party services such as Meta (Facebook, Instagram, WhatsApp), Google, Stripe, Calendly, and OpenAI/Anthropic/Google/OpenRouter LLM providers. We do not sell personal data.
"Magical Nodes", "we", "us" and "our" refers to the operator of magicalnodes.com and the Magical Nodes application. We're a small independent SaaS team based in Canada and the United Kingdom.
If you have any privacy question, you can reach us at privacy@magicalnodes.com.
Account data: email address, password hash (bcrypt), display name, OAuth identifier (when you sign in with Google).
Workspace data: boards, nodes, chat messages, generated reports / decks / images, lead-capture submissions, templates and published pages you create.
Source content: transcripts, page text, spreadsheet rows, social posts, ad creatives and review snippets that you connect to a board. We process this content on your behalf to power AI chat and reports.
Billing data: subscription plan, billing email, Stripe customer ID and last 4 digits of the card. Full card numbers are handled by Stripe and never touch our servers.
BYOK credentials: when you bring your own API keys (OpenAI, Anthropic, Gemini, OpenRouter, Apify, Calendly) we encrypt them at rest using Fernet (AES-128 in CBC + HMAC-SHA256). They are decrypted in memory only when a call is made on your behalf.
Telemetry: log lines, request timings, error stacks and IP address (kept for up to 30 days for abuse-prevention and debugging).
To run the service: store your boards, run LLM calls, render reports, send transactional emails, deliver embedded chat widgets.
To improve reliability: monitor error rates, debug failed scrapes, tune token budgets.
To prevent abuse: rate-limit failed logins, detect scraping of our own service, comply with third-party platform terms (e.g., Meta, Google).
To bill you: relay subscription events to Stripe and update your plan in our database.
We do not use your private workspace content to train any AI model. Anthropic, OpenAI, Google and OpenRouter contractually agree (in their API terms) not to use API content for model training.
When Magical Nodes customers connect a Meta-owned destination (Facebook Page, Instagram, WhatsApp Business, Messenger), Magical Nodes acts solely as a Technology Provider for that customer (the "Business User"). Messages, leads and audience data flowing through Meta surfaces belong to the Business User; we process them only on their instructions.
We comply with the Meta Platform Terms, the Messenger Platform Policy and the WhatsApp Business Solution Terms. We do not retain Meta-sourced content longer than reasonably necessary to deliver the service. Customers can request deletion of all Meta-sourced records by emailing privacy@magicalnodes.com.
If you arrived at Magical Nodes via a Meta-hosted ad or page, you can request a copy of your data, ask us to delete it, or withdraw consent by emailing privacy@magicalnodes.com. We respond within 30 days.
Boards, nodes and chats live in our database for as long as your account is active. Deleting a board moves it to trash for 7 days, after which it is permanently purged.
Backups are kept for up to 30 days and then rolled off.
Closing your account deletes all your workspace data within 14 days, except billing records we are legally required to retain (typically up to 7 years).
You can access, export, correct, restrict, port or delete your personal data at any time. Most actions are self-serve in Settings; for anything else, email privacy@magicalnodes.com and we'll respond within 30 days.
If you're in the EEA, UK, Switzerland or California you have additional rights under the GDPR / UK GDPR / CCPA — those rights are honoured here regardless of where you live.
You can lodge a complaint with your local data protection authority. We'd appreciate the chance to fix things first — please email us before escalating.
Passwords are hashed with bcrypt. BYOK API keys are encrypted with Fernet (AES-128 + HMAC). All traffic is served over HTTPS / TLS 1.2+. Login attempts are rate-limited and locked out after repeated failures.
No system is perfectly secure. If you discover a vulnerability, please email privacy@magicalnodes.com and we'll respond within 72 hours.
Magical Nodes is built for professional research workflows and is not directed at children under 16. If we learn that a child under 16 has created an account, we will delete it.
We may update this policy as the product evolves. Material changes will be announced in-app and by email to the registered account. The "Effective Date" at the top of this page always reflects the current version.
Questions, requests or complaints: privacy@magicalnodes.com.