Privacy Policy
Last updated: July 15, 2025
GDPR Compliant
This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to protecting your privacy and personal data.
1. Introduction
This Privacy Policy describes how KOPINFO Információtechnológiai Korlátolt Felelősségű Társaság (KOPINFO Kft.) ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use MagicBill ("Service").
2. Data Controller Information
Data Controller
Company: KOPINFO Információtechnológiai Kft.
Address: 1118 Budapest, Rétköz u. 29., Hungary
Email: info@kopinfo.hu
Company Registration: 01 09 697868
Tax Number: 12673139-2-43
EU VAT: HU12673139
3. Information We Collect
3.1 Personal Information
We collect the following personal data:
Account Information
- Name and email address (via Google OAuth)
- Google profile information
- Account preferences and settings
- Communication preferences
Billing Information
- Payment information (processed by Stripe)
- Billing address
- Transaction history
- Token usage data
Technical Information
- IP address and location data
- Browser type and version
- Device information
- Usage analytics and logs
- Cookies and tracking data
3.2 Document Content
- Invoice and receipt images/PDFs
- Extracted text and data from documents
- AI-generated categorizations and analyses
- File metadata and processing logs
4. How We Use Your Information
4.1 Legal Basis for Processing
We process your personal data based on:
- Contract Performance: To provide our services
- Legitimate Interest: To improve our services and prevent fraud
- Consent: For marketing communications and cookies
- Legal Obligation: To comply with tax and financial regulations
4.2 Purposes of Processing
We use your information to:
- Provide and maintain our services
- Process payments and billing
- Authenticate your identity
- Improve our AI models and services
- Provide customer support
- Send important notifications
- Comply with legal obligations
- Prevent fraud and abuse
5. Data Sharing and Disclosure
5.1 Third-Party Service Providers
We share data with trusted service providers:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Google (OAuth & Cloud) | Authentication and user management | Profile information, email |
| Stripe | Payment processing and billing | Payment information, billing data |
| OpenAI | Document analysis and processing | Document content, extracted data |
6. Data Storage and Security
Security Measures
We implement comprehensive security measures including encryption in transit and at rest (AES-256), multi-factor authentication, regular security audits, access controls, and incident response procedures.
6.1 Data Retention
| Data Type | Retention Period |
|---|---|
| Account Data | While account is active |
| Document Data | 7 years for tax compliance |
| Payment Data | As required by financial regulations |
| Analytics Data | Anonymized and retained indefinitely |
| Communication Data | 3 years |
7. Your Rights Under GDPR
Your Rights
You have the right to access, rectify, erase, restrict processing, data portability, object to processing, and withdraw consent for your personal data.
7.1 Individual Rights
- Right of Access: Request copies of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for marketing or cookies
7.2 Exercising Your Rights
To exercise your rights:
- Email us at privacy@kopinfo.hu
- Use the data management tools in your account
- Contact our Data Protection Officer
- We will respond within 30 days
8. Cookies and Tracking
8.1 Types of Cookies
- Essential Cookies: Required for service functionality
- Analytics Cookies: To understand how you use our service
- Preference Cookies: To remember your settings
- Marketing Cookies: For advertising and marketing (with consent)
9. Children's Privacy
Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. Users between 13-18 years old must have parental consent to use our service.
10. Data Breach Notification
In case of a data breach, we will notify relevant authorities within 72 hours and inform affected users if there is high risk. We implement measures to contain the breach and conduct thorough investigations.
Contact Information
Data Protection Officer: privacy@kopinfo.hu
Phone: +36 1 XXX XXXX
Hungarian Data Protection Authority: NAIH - Nemzeti Adatvédelmi és Információszabadság Hatóság
NAIH Address: 1055 Budapest, Falk Miksa utca 9-11.
NAIH Website: naih.hu