Magpire
Free Audit

Privacy policy

Last updated: 10 May 2026

Magpire (“we”, “us”) provides AI search visibility tooling for accountancy firms. This policy explains what personal data we process when you use the service, the lawful basis for that processing, and your rights under the UK GDPR.

Who we are

The data controller for personal data processed via the Service is Magpire Ltd, a company registered in England and Wales under company number 17172989. For any privacy or data-protection enquiry email support@magpire.com.

Data we collect

  • Account data — name, business email, hashed password, the firm name and website URL you provide at signup.
  • Firm profile — country, location, specialisms, target client description, author name and credentials.
  • Audit + content data — pages, schema, citations, scores, and generated content artefacts produced by your Audits.
  • Billing data — handled by Stripe; we store your Stripe customer and subscription identifiers, not your card details.
  • Operational data — request logs (IP, user-agent, timestamp, response status) used to debug failures and apply rate limits.

Why we process it

  • To provide the service you contracted for (Article 6(1)(b) — contract).
  • To detect abuse and protect the platform (Article 6(1)(f) — legitimate interests).
  • To meet our tax, accounting, and fraud-prevention duties (Article 6(1)(c) — legal obligation).

Free Audit submissions

When you submit the free Magpire Audit form on the marketing site we process the firm name, website URL, country, location / specialisms (where relevant), and your business email address. The lawful bases and what they cover are:

  • Delivering the audit you asked for — Article 6(1)(b) (steps taken at your request prior to entering a contract). We use your email to send you the audit results and any one-off reports you ask for.
  • Follow-up communications about your audit— Article 6(1)(f) (legitimate interest in helping firms act on their results and deciding whether to subscribe to Magpire). We limit follow-ups to a small number of emails about the audit findings and Magpire’s paid plans, and every email carries a one-click unsubscribe.
  • PECR notice— when you submit the form you’re told at point of collection that we may email you the audit results and follow up about it; that notice plus the one-click unsubscribe in every email is how we comply with the UK Privacy and Electronic Communications Regulations.

If you don’t want any follow-up at all, click the unsubscribe link in the audit email or write to support@magpire.comand we’ll suppress your address immediately.

International transfers

Some of our subprocessors are based outside the UK and EEA — Anthropic, Perplexity, DataForSEO, Resend, and Inngest in particular operate from the United States. Where personal data leaves the UK or EEA we rely on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses (SCCs), or an applicable adequacy decision, and we contractually require equivalent technical and organisational safeguards.

Sub-processors

We rely on the following processors. Each is bound by a Data Processing Agreement and processes data on our documented instructions only. The full list with locations, roles, and transfer mechanisms is published at magpire.com/legal/subprocessors; we’ll notify account owners at least 30 days before adding a new subprocessor.

  • Supabase (PostgreSQL hosting, authentication) — EU region.
  • Vercel (application hosting, edge logs) — global edge with EU residency for primary functions.
  • Stripe (payments, subscription management) — UK + EU + US.
  • Anthropic(AI model inference for content generation and relevance scoring) — United States, under SCCs. Inputs and outputs are not used to train models per Anthropic’s commercial terms.
  • Perplexity, DataForSEO — United States, under SCCs. Used as data sources for SERP and AI engine citation checks. Only your firm name and public website URL are sent.
  • Resend (transactional email delivery) — US, under SCCs.
  • Sentry, Inngest, Upstash — error monitoring, background jobs, and rate-limit storage respectively. See the subprocessor page for locations.
  • Google (Search Console, Business Profile, Tag Manager) — only when the firm explicitly authorises an integration.

Retention

Account and Audit data is retained for as long as your subscription is active. On account deletion the data is soft-deleted immediately, made inaccessible from the product, and hard-deleted within 30 days. Billing records are retained for 7 years to meet UK statutory obligations.

Free Audit submissionsfrom visitors who don’t go on to create an account are kept for 90 days and then deleted automatically. We use them in that window to deliver the audit you requested, send any one-off reports you ask for, and detect abuse.

Your rights

Under UK GDPR you have the right to access, correct, port, restrict, or erase your personal data, and to object to processing. The dashboard exposes self-service export and account deletion under Settings → Account. For anything else email support@magpire.com; we respond within 30 days.

Complaints

You can complain to the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint if you believe we’ve mishandled your data.