The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
At Magic Muscle AI, we are committed to ensuring the protection of your personal data and complying with the GDPR. This page explains how we adhere to the GDPR principles and outlines your rights under this regulation.
2. Our Role Under GDPR
Under the GDPR, Magic Muscle AI acts as a "Data Controller" for the personal information you provide to us. This means we determine the purposes and means of processing your personal data.
For certain processing activities, we may engage third-party service providers who act as "Data Processors" on our behalf. We ensure that all our Data Processors provide sufficient guarantees to implement appropriate technical and organizational measures to comply with the GDPR.
3. GDPR Principles We Follow
We adhere to the following GDPR principles when processing your personal data:
Lawfulness, fairness, and transparency: We process your data lawfully, fairly, and in a transparent manner.
Purpose limitation: We collect your data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
Data minimization: We limit the collection of personal data to what is necessary for the purposes for which it is processed.
Accuracy: We take reasonable steps to ensure that your personal data is accurate and kept up to date.
Storage limitation: We keep your personal data for no longer than necessary for the purposes for which it is processed.
Integrity and confidentiality: We process your data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
Accountability: We are responsible for and can demonstrate compliance with the GDPR principles.
4. Legal Basis for Processing
Under the GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:
Consent: In certain cases, we process your data based on your explicit consent, which you can withdraw at any time.
Contract: We process your data when it is necessary for the performance of a contract with you (e.g., to provide our services).
Legitimate interests: We process your data when it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms.
Legal obligation: We process your data when we have a legal obligation to do so.
5. Your Rights Under GDPR
The GDPR provides you with several rights regarding your personal data. These rights include:
Right to be informed: You have the right to be informed about the collection and use of your personal data.
Right of access: You have the right to request a copy of the personal data we hold about you.
Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to erasure (right to be forgotten): You have the right to request that we delete your personal data in certain circumstances.
Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to data portability: You have the right to request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.
Right to object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
Rights related to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
To exercise any of these rights, please contact us using the information provided in the "Contact Us" section.
6. International Data Transfers
As a global service, we may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect your data, such as:
Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission
Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
Implementing appropriate technical and organizational measures to ensure the security of your data
7. Data Protection Officer
While we are not legally required to appoint a Data Protection Officer (DPO), we have designated a point of contact for data protection matters to ensure compliance with the GDPR and to address any concerns you may have regarding your personal data.
8. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly, unless we have implemented appropriate technical and organizational protection measures or taken subsequent measures to ensure that the high risk is no longer likely to materialize.
9. Third-Party Services and GDPR
We use various third-party services to operate our platform. We ensure that these services comply with GDPR requirements:
Google Analytics: We use Google Analytics with IP anonymization and have a Data Processing Agreement in place.
Stripe: Stripe acts as a data processor for payment information and is GDPR compliant.
Mixpanel: We use Mixpanel for analytics with appropriate data protection measures.
AWS (Amazon Web Services): AWS provides GDPR-compliant infrastructure for hosting our service.
OpenAI: We ensure that our use of OpenAI's services complies with GDPR requirements.
RemakerAI: We have appropriate data processing agreements in place for our use of RemakerAI's services.
10. Contact Us
If you have any questions about our GDPR compliance or wish to exercise your rights under the GDPR, please contact us at: