PRIVACY POLICY
1. Introduction
This Privacy Policy explains how BrandMagics Technologies (UAE), BrandMagics Software Labs Pvt Ltd (India), BrandMagics Business Labs Pte Ltd (Singapore), BrandMagics Creative Labs Limited (United Kingdom), and BrandMagics Inc. (USA)(collectively referred to as “BrandMagics”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data when you use our websites, platforms, applications, products, and services, including without limitation:
- ●BMeX ID and BMeX Exchange
- ●Brand/Business/BrandMagics Operating & Strategizing System (BOSS) and all “Magics Suites” (including PayMagics, GrowMagics, SignMagics, Essential CRM, LeadMagics, SalesMagics, TaskMagics, HireMagics, MoneyMagics, LexMagics, ScaleMagics, GoalMagics, NetMagics, Space Magics, BossMagics).
- ●APIs and integrations (including API for PayMagics and API for BMeX ID).
- ●Advisory, consulting, and financing-related services (such as Sales Acceleration, Goal Orientation, Productivity Enhancement, M&A Advisory, and other listed financing and capital-access solutions).
By using our products or services, you acknowledge that you have read and understood this Privacy Policy.
2. Scope and roles
This Policy applies when:
- ●You visit any BrandMagics website or web application.
- ●You register for or use a BMeX ID or list on the BMeX Exchange.
- ●You use any Magics module (freemium or paid) or related APIs.
- ●You engage BrandMagics for advisory or capital-access services.
Depending on the context, BrandMagics may act as:
- ●Data controller for account, platform, marketing, and product-usage data.
- ●Data processor for customer-controlled data processed on behalf of brands using our tools (for example, contact data in Essential CRM, HR data in HireMagics, or documents in LexMagics).
Your agreements and data processing addendum (if any) prevail over this Policy in case of conflict.
3. Data we collect
3.1 Data you provide
- ●Account and profile data: name, business name, BMeX ID, email address, phone number, billing details, login credentials.
- ●Brand and corporate data: company registration details, valuation and compliance information, brand descriptions, ownership structure, business documentation provided for due diligence or listing.
- ●Transactional data: payment instructions and references, limited payment instrument details (as allowed by law and PCI-like standards), and records of payments facilitated via PayMagics or other modules (we aim to avoid exposing underlying account numbers and may tokenize or proxy them).
- ●Content you upload: documents (for SignMagics, LexMagics, MoneyMagics, etc.), contracts, HR files (HireMagics), sales data (SalesMagics), marketing content (LeadMagics, GrowMagics), operational data (TaskMagics), finance data (MoneyMagics), research inputs (ScaleMagics), and goal-setting or performance data (GoalMagics).
- ●Communication data: support requests, feedback, survey responses, messages exchanged via the platform or with our experts.
3.2 Data we collect automatically
- ●Usage and log data: device identifiers, browser type, operating system, IP address, access times, pages viewed, clickstream data across BrandMagics properties and modules.
- ●Product telemetry: feature usage, configuration preferences, workflow and automation execution logs, performance metrics and error logs.
- ●Cookies and similar technologies: cookies, web beacons, local storage, and similar technologies to maintain sessions, remember preferences, and analyze usage.
3.3 Data from third parties
- ●Identity and KYC/KYB data from verification providers, banks, fintech partners, and other regulated entities supporting BMeX ID, BMeX Exchange, PayMagics, and financing services.
- ●Enrichment data from partners (e.g., business credit, risk, and scoring signals) to support valuation, due diligence, and capital-access assessments.
- ●Data from your integrations: if you connect third-party CRMs, HR systems, accounting tools, or communication channels, we receive and process data from those systems according to your configuration.
4. Purposes and legal bases
We use personal data for the following purposes. To ensure GDPR and international compliance, we have mapped these purposes to specific legal bases:
| Purpose | Legal Basis (GDPR Art. 6 / PDPL) |
|---|---|
| Providing and operating the Platform (BMeX ID, Magics modules) | Contractual Necessity: We cannot provide the agreed service without this data. |
| Billing, Payments, and Financial Transactions (PayMagics) | Legal Obligation: Compliance with tax, accounting, and anti-money laundering laws. |
| Valuation, Scoring, and Due Diligence (BMeX Exchange) | Legitimate Interest: To provide business insights and scoring services (subject to opt-out rights where applicable). |
| Marketing and Communications | Consent: Where required by law (e.g., e-Privacy Directive). |
| Fraud Prevention and Security | Legitimate Interest: Ensuring the security of the platform and users. |
5. Product-specific data uses
Without limiting the general purposes, some modules require additional clarifications:
- ●BMeX ID and BMeX Exchange: We process identity and brand data to generate, verify, and maintain a universal BMeX ID and related brand snapshots, including valuation readiness, compliance score, and capital pathway indicators. For listed brands, we may display certain information to authorized users of the exchange in accordance with listing rules and applicable law. Automated Decision-Making: Please note that Valuation Readiness Scores and Compliance Ratings are generated by automated algorithms. You have the right to request human review of these scores if they result in legal consequences.
- ●PayMagics: We use transactional and counterparty information to enable secure, brand-linked transactions without exposing underlying bank or account numbers where feasible, using tokenization, proxies, or equivalent mechanisms.
- ●CRM, sales, marketing, and operations modules (LeadMagics, SalesMagics, GrowMagics, Essential CRM, TaskMagics, NetMagics, GoalMagics, etc.): We process contact, lead, customer, campaign, and operational data solely on your instructions to help you manage client relationships, pipelines, tasks, and goals.
- ●HR and legal modules (HireMagics, LexMagics): We process HR, recruitment, and legal documentation data to support recruitment workflows, document generation, e-signatures, compliance, and record-keeping as configured by you.
- ●Finance and analytics modules (MoneyMagics, ScaleMagics, BossMagics): We process financial, performance, and analytical data to provide dashboards, insights, and automation.
6. How we share data
We may share personal data with:
- ●Service providers and subprocessors who support hosting, infrastructure, analytics, customer support, communications, KYC/KYB, payments, and security operations, under appropriate contractual safeguards.
- ●Financial institutions, banks, fintech partners, and financing or capital partners, when necessary to provide financing, payments, or other capital-access products requested by you.
- ●Professional advisors (lawyers, auditors, consultants) where reasonably necessary for legitimate business purposes and compliance.
- ●Other users or counterparties, where you instruct us to do so (for example, sharing contracts via SignMagics, proposals via SalesMagics, or brand information via BMeX Exchange).
- ●Authorities, regulators, or law enforcement when we believe disclosure is required by law, regulation, or legal process, or to protect rights, security, and property.
No Sale of Data (California/US Compliance):
We do not sell personal data for monetary consideration. We do not "share" personal information for cross-context behavioral advertising. If we engage in activities considered “sharing” or “selling” under applicable privacy laws in the future, we will provide required disclosures and opt-out mechanisms.
In case of a corporate transaction (merger, acquisition, reorganization, asset sale), personal data may be transferred as part of that transaction subject to appropriate safeguards.
7. International transfers
BrandMagics operates for a global, borderless digital economy and may process data in multiple jurisdictions using a global network of infrastructure and partners.
Where required by law, we implement appropriate safeguards for cross-border transfers, such as:
- ●Standard Contractual Clauses (SCCs): For transfers to jurisdictions without an adequacy decision.
- ●Transfer Impact Assessments (TIAs): To ensure that data transferred to non-adequate jurisdictions remains protected.
- ●Technical Measures: Encryption and organizational measures to protect data regardless of location.
8. Retention
We retain personal data for as long as necessary to fulfill the purposes described in this Policy, or as required by law. Our specific retention periods include:
- ●Active Accounts: Retained for the duration of the subscription/service.
- ●Closed Accounts: Deleted 2 years after account closure to handle potential disputes.
- ●Financial/Tax Records: Retained for 7 years (or as required by local tax authorities) for audit and compliance purposes.
- ●Marketing Data: Deleted immediately upon withdrawal of consent.
When data is no longer required, we will delete or anonymize it.
9. Security
We implement technical and organizational measures designed to protect personal data, including:
- ●Secure infrastructure, access controls, and encryption in transit (TLS 1.3) and at rest where appropriate.
- ●Role-based access and least-privilege principles within the BrandMagics ecosystem.
- ●Monitoring, logging, and incident-response procedures, along with regular reviews of security posture and system status.
However, no system is entirely secure, and we cannot guarantee absolute security of data transmissions or storage.
10. Your rights and choices
Depending on your jurisdiction, you may have some or all of the following rights:
- ●Access: Request confirmation whether we process your personal data and obtain a copy.
- ●Rectification: Request correction of inaccurate or incomplete personal data.
- ●Erasure: Request deletion of personal data, subject to legal and contractual limits.
- ●Restriction: Request limitation of processing in certain circumstances.
- ●Portability: Receive personal data in a structured, commonly used format and have it transmitted to another controller where technically feasible.
- ●Objection: Object to certain processing, including direct marketing, where permitted by law.
- ●Withdrawal of consent: Where processing is based on consent, withdraw your consent at any time.
You may exercise these rights by contacting us using the details in the “Contact us” section. We may need to verify your identity before fulfilling your request.
11. Cookies and similar technologies
We use cookies and similar technologies to:
- ●Keep you signed in and maintain sessions.
- ●Remember preferences and configurations across BrandMagics modules.
- ●Analyze traffic, usage, and performance to improve our services.
- ●Support security and fraud prevention.
Prior Consent: We will not place non-essential cookies (such as analytics or marketing trackers) on your device until you have provided explicit consent via our Cookie Banner. You can manage your preferences at any time via the "Cookie Preferences" link on our website.
12. Children’s privacy (Global & India DPDP Act)
- ●General: Our services are intended for use by businesses and professionals.
- ●India Compliance (DPDP Act): For users in India, a "child" is defined as anyone under the age of 18. We do not knowingly collect personal data from Indian users under 18 without Verifiable Parental Consent. If you are under 18, you must not use the Platform without a parent or guardian authorizing your account via our Family Consent flow.
- ●If you believe that a child’s data has been provided to us in violation of applicable law, please contact us immediately so we can take appropriate action.
13. Third-party services and links
Our products may integrate with or link to third-party websites, tools, APIs, or services. These third parties process personal data under their own privacy policies, not this one. We encourage you to review the privacy policies of any third parties you connect or interact with through BrandMagics.
14. Regional Compliance Addenda
A. INDIA (DPDP Act, 2023)
- ●Consent Managers: You may manage, review, or withdraw your consent through any government-approved Consent Manager platform linked to your BMeX ID.
- ●Grievance Redressal:○ Grievance Officer: Mr. Subodh Manikoth
○ Contact: grievance.india@brandmagics.com
○ Timeline: We will acknowledge complaints within 24 hours and resolve them within 7 days.
B. UAE (PDPL)
- ●High-Risk Processing: We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities (such as financial scoring).
- ●Data Protection Officer (DPO): Contact dpo.uae@brandmagics.com.
- ●Breach Notification: We will notify the UAE Data Office immediately and affected users without undue delay in the event of a high-risk breach.
C. SINGAPORE (PDPA)
- ●DNC Registry: We check the Do Not Call (DNC) Registry before sending marketing messages to Singapore numbers unless clear consent is held.
15. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our products, practices, or legal requirements. When we make material changes, we will take appropriate steps to notify you, such as updating the “last updated” date, providing prominent notices on our sites or within products, or sending direct notifications where required. Your continued use of BrandMagics products and services after any update constitutes your acceptance of the revised Policy.
16. Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of personal data, please contact the relevant BrandMagics entity for your region using the details provided on our website’s Contact or Support pages.
- ●For India: BrandMagics Software Labs Pvt Ltd
- ●For UAE/MENA: BrandMagics Technologies
- ●For UK/Europe: BrandMagics Creative Labs Limited
- ●For APAC: BrandMagics Business Labs Pte Ltd
- ●For Americas/Global: BrandMagics Inc.
© 2026 BrandMagics Ecosystem.