L.2 PRIVACY POLICY

Privacy.

Scope

This privacy policy applies to mimagic.ai, the public informational website of MiMagic GmbH. The site does not host an application, does not require registration, and does not process user accounts. Commercial product privacy is governed separately at getenchilada.com.

Responsible party

The data controller within the meaning of Art. 4 No. 7 GDPR is:

MiMagic GmbH
Pappelallee 78/79
10437 Berlin · Germany
Email: hello@mimagic.ai

Data protection officer

MiMagic GmbH is not required to designate a data protection officer under § 38 BDSG, as the company has fewer than 20 employees regularly engaged in automated processing of personal data. For privacy inquiries, contact hello@mimagic.ai.

Hosting and infrastructure

mimagic.ai is hosted on infrastructure operated by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany), in data centers located in Falkenstein and Nuremberg, Germany. The hosting orchestration uses Coolify, an open-source self-hosted deployment platform. All site content, including assets, fonts, and styles, is served from this EU infrastructure. No content delivery network (CDN) outside the EU is involved.

Domain name service (DNS)

DNS for mimagic.ai is currently provided by Cloudflare, Inc. (San Francisco, USA). DNS lookups expose request metadata (timestamps, requesting IP, queried hostname) to Cloudflare's edge network for the purpose of resolving the domain. We are evaluating EU-based DNS alternatives to align fully with our sovereignty principle and intend to migrate.

Server logs

The hosting infrastructure produces standard technical server logs (HTTP access logs) for the operation of the service: source IP address, timestamp, request URL, response status, user-agent string, and referrer. These logs are processed under Art. 6(1)(f) GDPR (legitimate interest in security, performance monitoring, and abuse detection) and are retained for short periods consistent with operational needs. They are not used to build user profiles or to track individuals across sessions.

Analytics

We operate Plausible Analytics, a privacy-respecting open-source analytics platform, self-hosted on analytics.mimagic.ai within our EU infrastructure. Plausible is cookieless by design: it does not set persistent identifiers, does not store IP addresses, and does not track visitors across sessions or sites. Aggregate page views, referrers, and approximate country-level location are recorded to understand general site traffic. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in service improvement). No analytics data is shared with third parties.

Cookies and tracking

mimagic.ai sets no tracking cookies. There are no third-party advertising scripts, no cross-site trackers, no fingerprinting tools, and no marketing pixels. Plausible Analytics is cookieless by design (see above). If a session cookie is set in future for technical purposes, this policy will be updated accordingly.

Email contact

If you contact us via email at hello@mimagic.ai, your message and any personal data it contains are processed by our email provider for the purpose of replying to your inquiry. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in handling correspondence) or Art. 6(1)(b) GDPR if the inquiry concerns a contractual matter. Email content is not used for marketing and is not transferred to third parties without your consent.

Your rights (GDPR)

You have the following rights regarding your personal data, where applicable:

  • Right of access (Art. 15) — confirmation of, and access to, personal data we hold about you.
  • Right to rectification (Art. 16) — correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — deletion of personal data, where applicable.
  • Right to restriction (Art. 18) — restriction of processing under specified conditions.
  • Right to data portability (Art. 20) — receipt of your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21) — to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)) — where processing is based on consent.

Requests can be sent to hello@mimagic.ai.

Supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority for MiMagic GmbH is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin · Germany
datenschutz-berlin.de

Changes

This privacy policy may be updated. The current version is always published at mimagic.ai/privacy.