Privacy Policy

Magpie is operated by an independent developer ("Magpie," "I," "me"). Location: New Jersey, USA. For questions or concerns, please use the Contact form.

Magpie is designed around a simple principle: your ideas should live in tools you own and control. Magpie exists to help you capture, organize, and reconnect with your thinking.

Account Information

When you create an account, I collect your email address (used for authentication, communication, and account recovery) and, if you sign in with GitHub, your GitHub username. If you sign in through another provider (such as Google or Apple), I receive the identifiers necessary to authenticate you.

Content You Provide

Magpie stores the notes, bookmarks, links, and other content you create or save through the Service. This content is stored in Magpie's infrastructure (hosted on Supabase). If you connect GitHub, content is also synced to your GitHub repository as a backup.

Voice Recordings

If you use voice notes in the iOS app, audio is recorded on your device and transmitted over encrypted connections to the Service for transcription. Before any audio leaves your device the first time, the app shows you a consent screen that names OpenAI as the transcription provider, describes what is sent, and asks you to explicitly agree. No audio is sent until you do. Audio is processed by OpenAI's Whisper transcription service (see "How I Share Information") and is not retained after transcription is complete. You can revoke consent at any time by deleting your account or contacting me through the Contact form.

GitHub Integration Data

If you connect a GitHub account, Magpie receives permission to access the repositories you explicitly choose via a GitHub App installation. This may include repository metadata (such as repository name, file paths, and commit history) and content you choose to read, create, or update using Magpie. Magpie may create commits in your repositories only in response to actions you take. All commits are authored as the authenticated GitHub user.

Substack Integration Data

If you enable Substack sync, I collect and store your Substack session cookie in encrypted form. Magpie uses this cookie to access your Substack activity on your behalf. Synced data may include articles, comments, engagement activity, and associated metadata. This data is stored in the Service for your personal use.

Phone Number & SMS Data

If you choose to link your phone number for SMS note capture, I collect your phone number. It is stored in encrypted and hashed form — never as plain text — to route incoming messages to your account. When you send a text message, the message body and metadata (such as message ID and timestamp) are temporarily logged for deduplication, rate limiting, and operational reliability. Your consent to receive SMS confirmation messages and the timestamp of that consent are also recorded.

Payment Information

If you subscribe to a paid plan, payment is processed by Stripe (web) or Apple (iOS App Store). I do not directly collect or store your credit card number or payment method details. Stripe and Apple provide me with limited information such as subscription status, payment provider, and transaction identifiers to manage your account.

AI-Derived Data

When you save content, AI systems automatically generate metadata such as titles, tags, summaries, and vector embeddings (numerical representations of your content used for semantic search). This derived data is stored alongside your content in the Service. AI correction history (when you edit AI-generated tags, titles, or folders) is also stored to improve future suggestions for your account.

Usage & Analytics Data

Magpie uses PostHog for product analytics and error tracking. This includes events such as when you open the app, save a note, or encounter an error. On the iOS app, PostHog may capture session replays (screen recordings of your interactions with the app). Session replays are configured to mask all text inputs and images to protect your content. Analytics data is associated with your account identifier to help diagnose issues and improve the Service.

Technical Data

Magpie's infrastructure providers may collect limited technical data (such as IP address, device type, app version, timestamps, and request metadata) to operate, secure, and maintain the Service.

I use information only to: Provide and operate Magpie (authentication, content storage, and syncing). Process your content with AI to generate titles, tags, summaries, embeddings, and folder suggestions. Transcribe voice recordings into text. Process and save notes you send via SMS. Send SMS confirmation replies when you use the SMS feature. Provide semantic search across your content. Maintain reliability, diagnose errors, and improve the Service. Prevent abuse through rate limiting and deduplication. Communicate essential service updates. Process payments and manage subscriptions.

Magpie does not use your content for advertising, profiling, or AI model training.

Service Providers

Magpie relies on the following service providers to operate:

OpenAI

Provides AI processing for note organization (titles, tags, summaries, folder suggestions), vector embeddings for semantic search, and voice transcription (Whisper). Your content — including voice recordings when you use voice notes — is sent to OpenAI's API for processing. For voice notes specifically, only the audio itself is sent; no name, email, or account identifier accompanies it. OpenAI's API data usage policy states that API inputs and outputs are not used to train their models, and OpenAI provides data protection commitments for API customers equivalent to those described in this policy. OpenAI may retain API inputs for up to 30 days for abuse monitoring, unless a zero-retention policy applies.

Supabase

Provides authentication, database hosting, and serverless functions. Supabase stores your account data, content, AI-derived metadata, embeddings, and operational data.

GitHub

Provides OAuth authentication and repository hosting. If you connect GitHub, your content is synced to repositories you control.

Vercel

Provides web hosting and serverless infrastructure for the Service.

Stripe

Processes web subscription payments. Stripe receives your email and payment information necessary to process transactions.

Apple (App Store)

Processes iOS subscription payments through In-App Purchase. Apple manages payment details and subscription state according to Apple's terms.

Twilio

Routes SMS messages if you link your phone number for the SMS feature. Twilio processes your phone number and message content as a transport provider. I enable Twilio message redaction to minimize what Twilio stores.

PostHog

Provides product analytics, error tracking, and session replay. PostHog receives usage events, error reports, and (on iOS) masked session recordings. PostHog data is used solely to operate and improve the Service.

I do not sell personal information and do not share it for cross-context behavioral advertising.

I may also disclose information if required to comply with the law or to protect the rights, safety, and security of users or the Service.

Third-Party AI Clients (MCP)

If you connect a third-party AI client to Magpie via the Model Context Protocol (MCP), that client can access your bookmarks, folders, and user context. Data shared with third-party clients is governed by that client's own privacy practices. I do not control how third-party clients use your data after it leaves the Service.

Magpie requests GitHub access only to the repositories you choose to connect via a GitHub App installation.

You can revoke Magpie's access at any time through your GitHub account settings. Revoking access does not affect content already stored in your repositories or in the Service.

Magpie offers an optional SMS feature that lets you text notes to a Magpie phone number operated via Twilio. This feature is only available after you explicitly link your phone number and consent to receive messages. Linking is optional and can be undone at any time from your account settings.

Consent & Opt-Out

By linking your phone number, you agree to receive SMS confirmation messages from Magpie. Message and data rates may apply. To opt out at any time, reply STOP to any Magpie message. To re-enable the feature, visit your account settings to re-consent. Reply HELP to any Magpie message for support information.

What Magpie Sends in Replies

SMS is not an encrypted medium. To protect your privacy, Magpie reply messages contain only a short confirmation and a link — never the content of your note. Note content travels to and from the Service over encrypted connections, not over SMS.

Rate Limits

To prevent abuse, Magpie limits incoming SMS messages per phone number. If you exceed the limit, messages will be rejected temporarily.

Content stored in the Service is retained until you delete it or delete your account. If you connect GitHub, content synced to your repositories remains there unless you delete it from GitHub directly.

AI-derived metadata (titles, tags, summaries, embeddings) is retained alongside the content it relates to. AI processing results may be cached temporarily to avoid redundant processing.

Basic account data is retained until you delete your account. If you link a phone number for SMS, your phone number is retained until you unlink it or delete your account. SMS message logs (used for deduplication and rate limiting) are retained for a limited period for operational purposes.

Analytics and session replay data is retained according to PostHog's standard retention practices.

Infrastructure providers (such as Supabase and Vercel) may retain technical logs according to their standard retention practices for security and reliability purposes.

You can: Access, correct, or delete your account data through the iOS app settings or by contacting me through the Contact form. Export, modify, or remove your content directly from the Service or from GitHub (if connected) at any time. Disconnect integrations (GitHub, Substack, SMS) from your account settings. Stop using Magpie and delete your account without losing content already stored in connected GitHub repositories.

If you are a resident of certain U.S. states (CA, CO, CT, VA, UT), you may have rights to: Access and receive a copy of personal information. Correct inaccurate information. Delete personal information. Opt out of targeted advertising, sale, or sharing (Magpie does not sell or share personal information).

To exercise these rights, contact me through the Contact form. I will respond within the timeframe required by law.

Magpie is not directed to children under 13, and I do not knowingly collect personal information from children.

I use reasonable administrative, technical, and physical safeguards to protect personal information. Sensitive credentials (such as Substack cookies and phone numbers) are encrypted at rest. Authentication tokens are stored securely. All data in transit is encrypted via TLS. However, no system is 100% secure.

Magpie is based in the United States. If you access Magpie from outside the U.S., your information may be processed in the U.S. or other locations where service providers operate.

I may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice. Updates will be posted here with a revised "Last updated" date.