Privacy Policy for Magicline Plus

1. Controller

2. Scope

This privacy policy applies to the Magicline Plus browser extension for Chrome and Chromium-based browsers. Magicline Plus enhances the Magicline web interface with internal studio workflows such as follow-up appointments, member data maintenance, Wellpass/aggregator assistance, SEPA mandate workflows, task text snippets, and feedback.

Magicline Plus is not the operator of Magicline. Data processed directly in Magicline is also subject to the privacy information of the relevant Magicline customer or studio and of Magicline.

3. Categories of data processed

• Personally identifiable information: names, member numbers, profile references, contact details, visible profile data, and profile images within Magicline.
• Financial and payment information: IBAN/bank data, SEPA mandate information, payment run groups, and related follow-up tasks where required for enabled workflows.
• Personal communications: user-submitted feedback such as sender name/location, title, message, and optional screenshots.
• User activity in the extension: settings, feature toggles, reminders, workflow states, completed steps, and diagnostics.
• Website content: visible content of the Magicline web interface, tables, dialogs, form fields, SEPA PDFs, and page states needed for the selected feature.

Magicline Plus does not process passwords, PINs, or Magicline API keys. It uses the existing Magicline browser session and does not store separate Magicline credentials in the extension package.

4. Purposes of processing

• Displaying and prioritizing follow-up appointment and member data maintenance hints.
• Supporting Wellpass/aggregator and customer change workflows.
• Preparing visible Magicline form filling so users can review data before saving.
• Supporting SEPA mandate, local signing, document-upload hints, and temporary PDF handling.
• Saving extension settings, table/column configuration, text snippets, and local reminders.
• Providing local backup and restore functionality for Magicline Plus settings.
• Receiving and processing feedback or error reports.
• Security, diagnostics, and stability checks.

5. Browser storage

• chrome.storage.sync: settings, feature toggles, filters, columns, and task text snippets.
• chrome.storage.local: local reminders, “never ask” decisions, backup status, recovery data, and short-lived SEPA PDF buffers.
• chrome.storage.session: short-lived workflow markers, follow-up contexts, open aggregator tasks, and diagnostics for the current browser session.
• Magicline page sessionStorage/localStorage: legacy migration or fallback only.

6. Recipients and external services

Magicline

Magicline Plus runs inside the existing Magicline web interface and uses the active browser session. Data displayed or saved in Magicline remains processed in the Magicline environment of the respective studio.

Feedback via Cloudflare Worker and Telegram

If users submit feedback, the entered content and optional image attachments are sent to a Cloudflare Worker and then forwarded to an internal Telegram support channel. The page URL is redacted before sending. Users should review and mask member data, bank data, or other sensitive information in screenshots before sending them.

Cloudflare Pages for hosting this policy

This information page can be hosted on Cloudflare Pages. When the page is accessed, Cloudflare processes technically necessary access data such as IP address, request time, user agent, and requested URL to deliver the page and protect the service. Magicline Plus does not use its own analytics or advertising trackers on this page.

Chrome Web Store and browser vendors

Installation, updates, and extension management are handled by the relevant browser or store. Google, Microsoft, or other browser vendors may process their own technical data.

7. No sale, no ads, no remote code

• Magicline Plus does not sell user data.
• Magicline Plus does not use user data for creditworthiness or lending purposes.
• Magicline Plus does not include advertising or tracking SDKs.
• Magicline Plus does not load remote JavaScript or WebAssembly code for execution. Executable extension files are included in the extension package.

8. Legal bases

Where the GDPR applies, the legal bases may include Art. 6(1)(b) GDPR for providing the requested extension functions, Art. 6(1)(f) GDPR for legitimate interests in efficient studio workflows, security, error analysis, and abuse prevention, and Art. 6(1)(a) GDPR where users voluntarily provide feedback, attachments, or optional settings.

9. Retention and deletion

• Session data is generally needed only for the current browser session.
• Local reminders and settings remain stored until users change, reset, or remove the extension.
• SEPA PDF buffers are technically limited and only needed temporarily for signing/document workflows.
• Backup files are generated locally in the downloads folder and must be stored or deleted by users.
• Feedback reports are retained only as long as needed for support, error analysis, and traceability.

10. Data subject rights

Where the GDPR applies, data subjects may have rights to access, rectification, erasure, restriction of processing, data portability, and objection, as well as the right to lodge a complaint with a competent supervisory authority.

11. Changes

This privacy policy may be updated when functions, data flows, providers, or legal requirements change. The current version will be published on this page.