Privacy Policy
This policy explains how TS Robotics Limited ("TS Robotics", "we", "us") processes personal data through the Magic Auth platform and its four products, Verify, Sign, Authenticate and Vault. It covers our website at magicauth.ai, our mobile applications, and the Magic Auth API.
1. Our two roles
Magic Auth is business-to-business infrastructure. Which role we hold depends on whose data it is.
- Processor. When a business (a relying party) uses Magic Auth to verify, sign, authenticate or protect the data of its own customers, that business is the controller and we process the personal data on its documented instructions under a data processing agreement.
- Controller. For our own business contacts, prospective customers, website visitors and account administrators, we are the controller and this policy governs directly.
If you are an end user who verified your identity or signed in through a business that uses Magic Auth, that business is your first point of contact and its privacy notice governs the purpose of the processing.
2. What we process
| Category | Examples | Where it arises |
|---|---|---|
| Identity evidence | Identity document images and extracted fields, date of birth, name | Verify |
| Biometric data (special category) | A facial image and liveness signals used only to match a person to their document | Verify |
| Signature evidence | A document hash, the action approved, a device signature and a signed receipt | Sign |
| Authentication data | Passwordless sign-in tokens, TOTP secrets held as ciphertext, device attestations | Authenticate |
| Vault contents | End-to-end encrypted ciphertext we cannot read; we never hold the key | Vault |
| Account and contact data | Name, work email, company, correspondence | Onboarding, support |
| Technical data | IP address, device and browser metadata, request logs, usage counts | Every product |
3. Biometric and special category data
In Verify, a facial image and liveness signals are processed for the single purpose of confirming that the person presenting a document is its genuine holder. This is special category data. Where we act as controller, we rely on your explicit consent; where we act as processor, the relying party is responsible for the lawful basis and for obtaining any consent. Biometric evidence is used for the match and the resulting assurance decision, and is not used to build a facial-recognition database or for any secondary purpose.
4. Purposes and legal bases
| Purpose | Lawful basis (where we are controller) |
|---|---|
| Providing and operating the platform | Performance of a contract |
| Identity verification and biometric matching | Explicit consent; substantial public interest (fraud prevention) where applicable |
| Producing signed, tamper-evident receipts and audit trails | Legal obligation and legitimate interests in evidential integrity |
| Security, fraud prevention and abuse monitoring | Legitimate interests |
| Billing and account administration | Performance of a contract; legal obligation |
| Service communications | Legitimate interests; consent for marketing |
5. Retention
Where we are a processor, we retain end-user data for as long as the relying party instructs and then delete or return it. Where we are a controller: verification receipts and signing receipts are tamper-evident audit records retained for the period required to evidence the transaction, typically up to six years for signatures in line with limitation periods; Vault ciphertext is retained until you delete it; account and contact data is retained for the life of the account and a reasonable period afterwards. Technical logs are retained on a rolling short-term basis for security and operations.
6. Security
Security is the product, so it is not an afterthought.
- Data is encrypted in transit with TLS and at rest with customer-managed encryption keys.
- Signing keys are held in a hardware security module; receipts are cryptographically signed and verifiable.
- Every tenant is isolated at the database layer with row-level security enforced on the serving role.
- The Vault is zero-knowledge: your data is encrypted on your device and we store only ciphertext we cannot decrypt.
- The production API sits behind an edge firewall and is not directly reachable.
7. Sharing and sub-processors
We do not sell personal data. We share it only with the infrastructure providers that run the service:
- Google Cloud — hosting, database and key management, London region.
- Cloudflare — edge security, TLS termination and content delivery.
- Stripe — payment processing for billing.
- An identity-verification provider for document and biometric checks, engaged under contract.
8. International transfers
Primary processing takes place in the United Kingdom and the European Economic Area (Google Cloud europe-west2, London). Where a sub-processor transfers data outside the UK or EEA, we rely on adequacy decisions or the International Data Transfer Agreement and the UK Addendum to the Standard Contractual Clauses, with appropriate safeguards.
9. Your rights
Subject to the applicable law and to our role, you have the right to access, rectify, erase, restrict and object to processing, to data portability, and to withdraw consent at any time without affecting prior processing. Where a business used Magic Auth to process your data, please raise the request with that business first; we will support it as processor. To exercise a right against us as controller, contact us below.
10. Changes
We may update this policy as the platform evolves. Material changes will be reflected in the "last updated" date above and, where appropriate, notified to account administrators.
11. Contact and complaints
Contact TS Robotics Limited at [email protected]. If you are in the UK and are not satisfied with our response, you may complain to the Information Commissioner's Office at ico.org.uk.
Questions about this document: [email protected].