Magic Stack Technology ("Company", "we", "us", "our") is a cybersecurity and
managed security services provider (SOC / MSSP). This Privacy Policy explains
how we collect, process, store, and protect personal data and security telemetry
in accordance with the Digital Personal Data Protection Act, 2023 (India).
1. Definitions
- Data Principal: Individual to whom personal data relates
- Data Fiduciary: Magic Stack Technology
- Processing: Collection, storage, analysis, transmission
- Security Data: Logs, metadata, alerts, configurations
2. Scope & Applicability
This policy applies to all websites, platforms, APIs, appliances, managed services,
and security operations delivered by Magic Stack Technology.
3. Categories of Data Collected
3.1 Customer Provided Data
- Name, designation, organization
- Email address, phone number
- Billing and invoicing details
- Authentication credentials, certificates
3.2 Automatically Collected Security Data
- Firewall, IDS/IPS, VPN logs
- NetFlow, IPFIX, traffic metadata
- CASB and TLS policy events
- Device identifiers and IP addresses
We do not inspect application payloads unless explicitly authorized by contract.
4. Purpose of Processing
- Threat detection, prevention, and response
- Service delivery and reliability
- Compliance, audits, and forensic analysis
- Legal and regulatory obligations
5. Lawful Basis (DPDP-2023)
- Consent of the Data Principal
- Performance of contractual obligations
- Legitimate use under Section 7, DPDP Act
- Compliance with applicable law
6. Data Retention Schedule
| Data Type |
Purpose |
Retention |
| Firewall Logs | Monitoring & audit | 90–180 days |
| NetFlow / IPFIX | Traffic analysis | 30–90 days |
| IDS / IPS Alerts | Threat detection | 180 days |
| VPN / IPsec Metadata | Tunnel health | 30–60 days |
| CASB / TLS Logs | Policy enforcement | 90–180 days |
7. Data Sharing & Disclosure
We do not sell personal data. Data may be shared only with authorized employees,
subprocessors under contract, or statutory authorities when legally required.
8. Data Security Safeguards
- Encryption in transit and at rest
- Role-based access control
- Continuous monitoring and audit logs
- Secure key and certificate management
9. Data Principal Rights
Rights include access, correction, erasure, grievance redressal, and withdrawal
of consent as permitted under DPDP-2023.
10. Cross-Border Transfers
Where applicable, cross-border processing is performed with appropriate safeguards
and contractual protections.
11. Grievance Redressal
Email: privacy@magic-stack.technology
Grievance Officer: Appointed under DPDP-2023
12. Policy Updates
This policy may be updated periodically. Continued use of services constitutes
acceptance of the revised policy.