Who we are
Our website address is: https://www.magnetichq.com.
Magnetic Software Ltd is a private company registered and operating in the United Kingdom and is the developer of Magnetic.
Magnetic Software (Pty) Ltd (South Africa) is a subsidiary of the Silversoft Group, a reseller of Magnetic Software.
How we use your information
We collect the email addresses of those who communicate with us via email, aggregate information on what pages consumers access or visit, and information volunteered by the consumer (such as survey information and/or site registrations). The information we collect is used to improve the content of our web pages and the quality of our service, and is not shared with or sold to other organisations for commercial purposes, except to provide products or services you’ve requested when we have your permission, or under the following circumstances:
It is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
Silversoft’s use of information received, and transfer of information to any other app, from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use Requirements.
Information gathering and usage
When you register for Magnetic, we ask for information such as your name, company name, email address, billing address and credit card information.
Silversoft uses this information for the following general purposes: providing products and services, billing, identification and authentication, improving our service, contacting you, and research
A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a website’s computers and stored on your computer’s hard drive.
When using Magnetic, consumers may opt to integrate with Google services, including Calendar, Drive and Gmail. Silversoft’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Silversoft uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run Magnetic. Although Silversoft owns the code, databases, and all rights to the Magnetic application, you retain all rights to your data.
Silversoft may disclose personally identifiable information under special circumstances, so as to comply with subpoenas or when your actions violate the Terms of Service.
Silversoft may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your Magnetic primary account holder account, or by placing a prominent notice on our site.
GDPR & POPIA
Data Privacy in Regards to GDPR
Customer owns all rights, title and interest in and to the Customer’s data and is solely responsible for the accuracy, integrity, quality, legality, reliability, appropriateness of and copyright permissions of any such data and for adopting procedures to identify and correct errors and omissions in such data. Magnetic is compliant with the EU General Data Protection Regulation (GDPR). By the terms of this regulation, we act as both a controller and a processor of data. As a data processor, we enable you, the client, to act as a data controller. This means that your company and its activities must comply with the regulations set out in the GDPR. Magnetic is obligated to assist authorities in ensuring that GDPR compliance is met by any data controllers we enable. Even if you are not based in the European Union, the GDPR applies to your company if you store any personal information for any European Union citizen.
Data Privacy in Regards to POPI
Customer owns all rights, title and interest in and to the Customer’s data and is solely responsible for the accuracy, integrity, quality, legality, reliability, appropriateness of and copyright permissions of any such data and for adopting procedures to identify and correct errors and omissions in such data. “Data Protection Laws” means any applicable privacy and data protection laws, including (i) the South African Protection of Personal Information Act, No. 4 of 2013, (“POPIA”), as may be amended from time to time; (ii) to the extent that it may be applicable, the European Union General Data Protection Regulation ((EU) 2016/679) (“GDPR”); and (iii) any other laws, regulations and secondary legislation enacted from time to time in South Africa or any other country applicable to Silversoft relating to data protection, the use of information relating to individuals, the information rights of individuals and/or the processing of personal data
As a controller of data, we collect the following personal data from our users:
Client Relation Data
We collect your full names (as given during sign-up), email address(es) and contact numbers. This data is used by our sales representatives and implementation specialists in order to contact you regarding your Magnetic account, so as to set it up and provide support. We also collect information regarding your place of work, which is rendered from your employer and is necessary to associate users to their company.
We collect IP addresses and behavioural data for two reasons: as part of our obligations as a data processor to keep a record of processing events and to assist our team in diagnosing any problems you encounter while using our system.
In order to provide the best possible experience, we make use of analytic third-party systems which may track any of the information above. These third-party applications are listed below.
Future Data Storage
In the future, Magnetic may extend the personal data we store as needed to provide an inclusive, accessible and useful system to our clients. All this data will be obtained with your explicit knowledge and consent, and we will explain exactly how we intend to use it.
Magnetic makes use of several third-party services in order to provide utility to you, the client, and to assist us in diagnosing issues and improving the user experience. Some of these third-party services are optional integrations for our clients to use in their work as data controllers.
All of these third-party services are listed below, along with links to their own GDPR information pages. All our third-party services are GDPR compliant.
We use Intercom to broadcast updates to clients and to run automated follow-ups to ensure the on-boarding process goes smoothly. Intercom GDPR
Freshdesk is our support and ticketing system, which we use to assist our clients with any queries and issues they have with our system. Freshdesk GDPR
NewRelic is a system diagnosis tool we use to monitor the speed and stability of our application. All user data is anonymised before being sent to this service. NewRelic GDPR
FullStory is a diagnostic tool we use to analyse user behaviour in order to diagnose issues and improve the user experience. Sensitive fields are excluded from the data sent to FullStory, and IP addresses are discarded once the sessions are recorded. FullStory GDPR
Google Analytics is a diagnostic tool used to monitor user retention and satisfaction, as well as average session duration and other important metrics. These are then used to improve pain points in the system. Google Cloud GDPR
Our servers and our databases are hosted by Amazon AWS. AWS Services GDPR
Sentry is an error reporting tool which Magnetic uses to get ahead of bugs in our system, even if they go unnoticed or unreported by our users. Sentry GDPR
Campaign Monitor (optional)
Campaign Monitor is an optional service client can opt into, which lets them keep tabs on ongoing email campaigns. Campaign Monitor GDPR
Zapier is an automation service that clients can integrate with. This lets them set up triggers to automate actions based on events that happen in Magnetic, or in other third-party services.
Please note that Magnetic cannot give assurances as to whether or not all the systems Zapier integrates with are GDPR compliant. As data controllers, clients are expected to ensure that all use of Zapier integrations conforms to the regulations set out in the GDPR. Zapier GDPR
BinaryCanary is an uptime monitoring service Magnetic uses to track our availability metrics. It receives no personal data whatsoever.
Sage is an accounting system available to integrate into Magnetic. Sage GDPR
Microsoft Business Central (optional)
Dynamics NAV is a Microsoft platform Magnetic clients can integrate with. Microsoft Business Central GDPR
Xero Accounting (optional)
Xero is an accounting system available to integrate into Magnetic. Xero GDPR
Dropbox is a cloud storage platform. Magnetic users are able to link files from Dropbox to Magnetic and share them with their colleagues. Dropbox’s GDPR
Google Cloud (optional)
Magnetic allows clients to integrate with Google Cloud, providing email, calendar and storage integration. Google Cloud GDPR
What has Silversoft done to comply with the GDPR?
As a global company which handles sensitive information for our clients, Silversoft takes the protection of our client’s data and privacy very seriously. We have conducted an extensive review of all our third-party applications, their GDPR compliance and data policies, and the data transfer contracts we have with each of them. Sensitive information is stored as securely as possible, and we have a comprehensive security module to ensure that data can only be accessed by those who have explicit approval.
Internally, we have a strict policy regarding the access of data, both via our back-end system and in terms of our support and ticketing services.
We have also conducted a review of our logging and record policies to ensure that we comply with the logs and records required from data processors.
We commit to responding timeously to requests for erasure, and requests for access, from any potential data subject who can provide sufficient proof of identity. We also have available systems for our clients to download their uploaded data for portability.
In the unlikely event of a data breach, we commit to notifying affected parties within 72 hours of becoming aware that such a breach has occurred. In this time, we will conduct as extensive an investigation as possible, so as to inform affected parties of the consequences of the breach as transparently as possible.