Privacy Notice
How we handle and protect your data.
Thank you for your interest in Matagi OÜ(hereinafter “Matagi”, “we”, or “us”), our website at www.matagi.ai(hereinafter the “Website”), and all services provided by us (on which a link to this privacy notice is displayed), and all other communications with individuals through email or phone (collectively with the Website, the “Service”).
This privacy notice (hereinafter “Privacy Notice”) explains how we process the personal data of our Clients (and individuals representing them), their Users, Website visitors, and other persons who communicate with us or otherwise engage in activities that involve us receiving and processing personal data (hereinafter also “you”).
Please note that this Privacy Notice does not describe how we process personal data when providing Matagi Services to our Clients where we act as a data processor. In such cases, we process personal data only on behalf of and under the instructions of the Client, who acts as the data controller. The processing of such personal data is governed by the data processing agreement concluded with our Client. The Client, as the controller, is responsible for informing data subjects about such processing.
If you are a California resident, please review Section 7 of this Privacy Notice.
Definitions
Capitalized terms used but not defined in this Privacy Notice have the meaning given to them in the Matagi Terms of Service.
GDPR means the General Data Protection Regulation (EU) 2016/679, which has been directly applicable in all European Union member states since 25 May 2018.
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, by a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller means the entity that decides why and how the personal data is processed.
Visitor means an individual other than a User who uses the Website but has no access to Matagi Services.
Controller
Matagi OÜ
Registration code: 17221751
Address: Valukoja 10, 11415, Tallinn, Estonia
If you have any questions on how we process personal data or wish to exercise your data subject rights, please contact us by writing to hello@matagi.ai.
The Data We Process
This Privacy Notice describes Matagi's practices when we process personal data as a controller. As a controller, we determine the purposes and means of processing your personal data. This includes data collected directly from you, such as when you sign up for an Account and interact with Matagi Service. It also covers data collected automatically, such as through cookies and tracking technologies.
We collect different types of information from or through the Service, including, but not limited to, as described below.
2.1 Information You Provide Directly to Matagi
- Account Signup: When you sign up for an Account to access Matagi Service, we ask for information like your name, email address, and (if applicable) company name and country, to complete the Account signup process.
- Payment Processing: When you buy something from us, we ask you to provide your name, contact information, credit card information or other payment account information. When you submit your card information, we store the name and address of the cardholder, the expiration date and the last four digits of the credit card number. We do not store the actual credit card number.
- Testimonials: When you authorize us to post testimonials about Matagi Service on websites, we may include your name and other personal data in the testimonial. You will be given an opportunity to review and approve the testimonial before we post it. If you wish to update or delete your testimonial, contact us at hello@matagi.ai.
2.2 Automatically Collected Information
- Information from Browsers, Devices and Servers: When you visit our Website, we collect information that web browsers, mobile devices and servers make available, such as the internet protocol address, browser type, language preference, time zone, referring URL, date and time of access, operating system, mobile device manufacturer and mobile network information.
- Information from Cookies and Other Tracking Technologies: We use temporary and permanent cookies to identify visitors and Users and to enhance user experience. We use cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track Website navigation, gather demographic information about visitors and Users, understand email campaign effectiveness and target visitor and user engagement.
2.3 Data Obtained from Third-Party Sources
- Login via Third-Party Authentication Services: You may access the Service using authentication providers such as Google, Microsoft, or LinkedIn. These services verify your identity and may provide us with certain personal data, including your name and email address, based on your authorization.
- Information from Referrals: We may receive your personal data, such as your name and email address, when another individual or entity refers you to our Service. If you wish to have this information removed, contact us at hello@matagi.ai.
- Data from Partners, Resellers, and Events: Our business partners, resellers, or service providers may share your contact information with us if you express interest in our Service to them. If you register for or attend an event sponsored by us, the event organizer may provide us with your information. We may also obtain your data from third-party review platforms or marketing service providers.
- Data from Third-Party Integrations: When you connect a third-party application to your account, you may be asked to grant that application certain permissions to access, modify, or transmit your data. It is your responsibility to review the permissions you grant. While we may collect data on which integrations you use, we are not liable for the data handling practices of these third-party integrations.
- Publicly Available Information and Social Media: We may collect information you make publicly available when you engage with us on social media platforms (like Facebook, X, LinkedIn), marketplaces, or review sites. This includes profile information, posts, and comments.
Purposes of Use and Legal Basis
We may process your personal data for the following purposes and legal basis:
| Processing purpose | Legal basis | Personal data processed |
|---|---|---|
| Creating and managing Accounts | Performance of a contract (Art. 6(1)(b) GDPR) when the Client is a natural person; legitimate interest (Art. 6(1)(f) GDPR) for representatives of business clients | Name, email address, company name (if applicable), country, account credentials |
| Providing and operating the Service | Performance of a contract (Art. 6(1)(b) GDPR); legitimate interest (Art. 6(1)(f) GDPR) | Account information, Service usage data, activity within the Service |
| Monitoring and logging AI Agent activity and Service usage to ensure proper operation, security, and compliance with the Terms | Performance of a contract (Art. 6(1)(b) GDPR); legitimate interest (Art. 6(1)(f) GDPR), reliability and security of the Service | Service activity data, prompts or instructions submitted through the Service, AI Agent interaction logs, account identifiers |
| Investigating violations of the Terms, preventing misuse, abuse, fraud, or unlawful activities | Legitimate interest (Art. 6(1)(f) GDPR), protecting the Service, our legal rights, and other users | Account information, Service activity data, logs, communication records, technical identifiers |
| Processing payments and managing subscriptions | Performance of a contract (Art. 6(1)(b) GDPR); legal obligation (Art. 6(1)(c) GDPR) for accounting and tax compliance | Name, billing address, contact information, payment account information, cardholder name, expiration date, last four digits of credit card number |
| Responding to inquiries and communicating with potential or existing Clients | Legitimate interest (Art. 6(1)(f) GDPR) | Name, email address, company information (if applicable), communication content |
| Providing customer support and handling Service-related requests | Performance of a contract (Art. 6(1)(b) GDPR); legitimate interest (Art. 6(1)(f) GDPR) | Name, contact information, support request content, Account information |
| Publishing testimonials | Consent (Art. 6(1)(a) GDPR) | Name, testimonial content, other information approved by the individual |
| Sending marketing communications about our Services | Legitimate interest (Art. 6(1)(f) GDPR); where required by law, consent (Art. 6(1)(a) GDPR) | Name, email address, company information, marketing interaction data |
| Managing referrals and invitations to the Service | Legitimate interest (Art. 6(1)(f) GDPR) | Name, email address |
| Analyzing Service usage data and creating anonymized or aggregated datasets to improve, develop, and optimize Service and related technologies | Legitimate interest (Art. 6(1)(f) GDPR) | Service usage data, technical logs, account identifiers, IP address, device and browser information, interaction data within the Service, prompts or instructions submitted through the Service, system performance metrics (which may subsequently be anonymized or aggregated) |
| Maintaining, diagnosing, and monitoring Service performance and improving the Service | Legitimate interest (Art. 6(1)(f) GDPR) | IP address, browser type, device information, operating system, referring URL, timestamps, usage data |
| Monitoring system security, preventing fraud, and ensuring service integrity | Legitimate interest (Art. 6(1)(f) GDPR) | IP address, log files, device information, Service activity data |
| Conducting Website analytics and tracking through cookies and similar technologies | Consent (Art. 6(1)(a) GDPR) for non-essential cookies; legitimate interest (Art. 6(1)(f) GDPR) for strictly necessary cookies | Cookie identifiers, IP address, device identifiers, browser type and version, operating system, referring URLs, pages visited, timestamps, interaction and navigation data, approximate location derived from IP address |
| Managing third-party integrations connected to Accounts | Performance of a contract (Art. 6(1)(b) GDPR); legitimate interest (Art. 6(1)(f) GDPR) | Integration usage data, Account information, data exchanged with integrated applications |
| Engaging with users via social media platforms and publicly available sources | Legitimate interest (Art. 6(1)(f) GDPR) | Public profile information, posts, comments, publicly available contact details |
| Complying with legal obligations and responding to lawful requests from authorities | Legal obligation (Art. 6(1)(c) GDPR); legitimate interest (Art. 6(1)(f) GDPR) | Any personal data necessary to comply with legal requirements or defend legal claims |
| Handling legal claims, dispute resolution, and exercising or defending legal rights | Legitimate interest (Art. 6(1)(f) GDPR); legal obligation (Art. 6(1)(c) GDPR) where applicable | Account data, communications, transaction records, technical logs, and other relevant information |
Sharing Your Data
Your personal data is accessible to our employees on a need-to-know basis. We may also share your information with the following categories of third parties:
- Data Visibility Within Your Organization's Account. Information pertaining to your activity within Matagi Service is accessible to the designated Admin(s) of your organization's Account. Depending on the configurations established by account users, this information may also be visible to other users within the same Account to facilitate the proper functioning of Matagi Service.
- Sharing with Third-Party Service Providers.We engage third-party service providers to perform essential functions on our behalf, including Website and application development, hosting, maintenance, security monitoring, fraud detection, payment processing, AI inference, transactional email delivery, analytics, and the third-party tool integrations our AI Agents use on Clients' behalf. Our contractual agreements with these parties obligate them to maintain the confidentiality and security of personal data. The current list of sub-processors is published in Annex 2 of our Data Processing Agreement.
- Legal Disclosures and Protection of Rights. We may disclose your personal data when compelled by law or when we have a good-faith belief that such action is necessary to: (a) comply with a legal obligation, court order, or government-issued subpoena or warrant; (b) cooperate with law enforcement or other public authorities; (c) protect and defend our rights, property, and the safety of our company, users, or the public; (d) investigate and respond to third-party claims or allegations made against us; (e) safeguard the security and integrity of our Service.
- Third Parties in Corporate Transactions: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
Data Location and International Transfers
Your personal data may be processed and stored on servers located outside your country of residence, including in the European Economic Area (EEA) and the United States (USA). The nature of our Services requires a global infrastructure, and the location of your data may vary depending on the service you use and your location.
When we transfer personal data originating from the EEA to countries outside the EEA (such as the USA) that have not been deemed to provide an adequate level of data protection by the European Commission, we will ensure the lawfulness of the transfer.
We implement appropriate safeguards for this purpose, relying primarily on the Standard Contractual Clauses (SCCs) approved by the European Commission. Upon request, we will provide additional information regarding the safeguards in place.
Data Retention
Our policy is to retain personal data for the duration necessary to serve the original purpose of collection and to comply with legal duties, resolve disputes, and enforce agreements. When determining how long to retain personal data, we consider the type, sensitivity, purpose of processing, whether the purpose can be achieved by other means, potential harm from breaches, and the need to resolve disputes or enforce contracts.
When retention is no longer required for any legitimate business purpose, we will delete or anonymize the data from our operational environments, unless retention is required for compliance with legal obligations or for the establishment, exercise, or defence of legal claims. Personal data stored within backups will be securely isolated and stored pending deletion according to our established procedures.
For data processed by Matagi Service, the following retention schedules apply:
- Accounts: Deletion within 180 days of closure.
- Free Trial Accounts: Deletion within 60 days of closure.
- Server Backups: Retention for 90 days.
Your Privacy Rights
Right to access, you have the right to know which data we hold about you (if any), including receive a copy of your personal data.
Right to data rectification, you have the right to require corrections to your personal data in case they are inaccurate or incomplete.
Right to data deletion, you have the right under certain conditions to request the deletion of your personal data, including in situations where the processing is no longer necessary for the purposes for which it was collected, or if it was based on your consent and you wish to withdraw that consent.
Right to restrict processing, you have the right under certain circumstances to forbid or restrict the processing of your personal data for a certain period.
Right to data portability, you have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and transmit those data to another controller if the processing is based on consent or on a contract and is carried out by automated means.
Right to object, you have the right to object to data processing which is based on our legitimate interest. We will stop processing your personal data upon such objection, unless we can demonstrate compelling legitimate grounds for the processing or processing is needed for the establishment, exercise, or defence of legal claims. You also have the right to object at any time to processing of your personal data for direct marketing.
Right to withdraw consent, if the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. The withdrawal does not affect the lawfulness of processing prior to the withdrawal. You can opt out of marketing communications at any time by clicking the “unsubscribe” link in every email.
You may submit a request to exercise these rights. To protect your information, we will verify your identity using a method appropriate for the request. To submit a request, please contact us at hello@matagi.ai.
California Residents: Your Privacy Rights
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), residents of California are afforded specific rights regarding their personal data. This section outlines how we handle your information and how you can exercise those rights.
7.1 Information we collect
In the 12 months prior to the effective date of this Privacy Notice, we have collected various categories of personal data from California consumers. The categories are:
- Identifiers: name, email address, postal address, or phone number.
- Commercial Data: transaction history and records of products or services purchased.
- Network and Device Activity: technical information related to your use of our Website and Service.
- Geolocation Information: approximate location derived from your IP address.
- Financial Data: payment details required to process subscriptions or purchases.
- Support and Communication Data: information you provide when contacting our support channels.
- Inferences: insights or conclusions drawn from any of the above to create a profile about your preferences.
We retain this personal data only for as long as is reasonably necessary for the purpose(s) for which it was collected.
7.2 Purpose of Collection and Disclosure
We collect the personal data categories listed above for operational and commercial purposes, as explained in Section 3. In the preceding 12 months, we have disclosed each of these categories to our service providers to facilitate these business purposes.
7.3 Sale and Sharing of Personal Data for Advertising
In the past 12 months, we have not disclosed any personal data to third parties for advertising purposes or sold it to anyone. We do not have actual knowledge of selling or sharing the personal data of any individual under the age of 16.
7.4 Your Rights Under the CCPA
- Right to Know: request details about specific pieces and categories of personal data we have collected, used, disclosed, or sold about you.
- Right to Delete: request the deletion of personal data we have collected from you, subject to certain exceptions.
- Right to Opt-Out of Sale/Sharing: instruct us not to sell or share your personal data.
- Right to Correct: request that we correct any inaccurate personal data we maintain about you.
- Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA rights.
7.5 How to Exercise Your Rights
You may submit a request to exercise these rights. To protect your information, we will verify your identity using a method appropriate for the request. You may also designate an authorized agent to make a request on your behalf. To submit a request, please contact us at hello@matagi.ai.
The Right to Submit Complaints
Should you desire further information concerning your personal data or exercising your rights, you have the possibility to contact us at hello@matagi.ai.
If you believe that the processing of your personal data breaches legal requirements, you have the right, without prejudice to any other administrative or judicial remedy, to file a complaint with an appropriate supervisory authority. In Estonia, the relevant supervisory authority is the Data Protection Inspectorate (in Estonian: Andmekaitse Inspektsioon, www.aki.ee, info@aki.ee).
Amending This Privacy Notice
We may update this Privacy Notice from time to time. The updated version will be indicated by a revised “Last updated” date and published on this webpage. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.