Privacy Policy

Last updated: March 2026

01 What We Collect

When you use the MAGO Intelligence Grid, we collect the following data:

  • Target information: The domain name or IP address you submit for scanning. This is required to perform the service.
  • Payment information: Processed entirely by Stripe. We do not store credit card numbers, CVVs, or full payment credentials on our servers. We receive a transaction reference and billing email from Stripe.
  • IP address: Your IP address is logged for rate limiting and abuse prevention purposes.
  • Browser fingerprint hash: A one-way hash of browser characteristics is generated for abuse prevention. The raw fingerprint data is not stored — only the hash.

02 How We Use Data

We use collected data exclusively for the following purposes:

  • To perform the requested scans and generate intelligence reports
  • To prevent abuse, enforce rate limits, and detect automated misuse
  • To process payments and deliver purchased reports
  • To improve service reliability and accuracy

03 What We Do Not Collect

We believe in minimal data collection. The following are explicitly not part of our practices:

  • No tracking cookies — we do not use cookies for advertising, analytics, or cross-site tracking
  • No third-party analytics — no Google Analytics, no Mixpanel, no Hotjar, no tracking pixels
  • No third-party advertising — we do not serve ads or share data with ad networks
  • No data selling — we never sell, rent, or trade user data or scan results to third parties
  • No behavioral profiling — we do not build user profiles based on browsing behavior

04 Data Storage

All data is stored in MongoDB databases on our own servers, hosted in a Brazil datacenter. Data is encrypted at rest using AES-256 encryption. Data in transit is protected by TLS 1.3.

We do not use cloud storage services or third-party database providers. All infrastructure is operated directly by Tecnomancy.

05 Data Retention

We apply strict retention periods with automatic deletion:

  • Paid scan reports: Retained for the duration of the purchased report link. After expiration, all associated data is permanently deleted.
  • Free scan results: Automatically deleted after 24 hours.
  • Rate limit records: IP-based rate limit counters are purged after 30 days.
  • Browser fingerprint hashes: Purged after 30 days.
  • Payment references: Retained for the minimum period required by Brazilian tax law, then deleted.

All retention periods are enforced via automatic TTL (time-to-live) mechanisms at the database level. No manual intervention is required for data deletion.

06 Third Parties

The following third-party services are used in the operation of the platform:

  • Stripe — Payment processing. Stripe's privacy policy applies to payment data: stripe.com/privacy
  • Google Fonts — Typography (Inter, JetBrains Mono). Google may log font requests: policies.google.com/privacy
  • Public OSINT APIs — Data sources used to generate intelligence reports (e.g., WHOIS registries, certificate transparency logs, DNS resolvers, threat intelligence feeds). These are public data sources queried on your behalf.

We do not share your personal information with any of these services beyond what is strictly necessary for their function.

07 Your Rights

You have the following rights regarding your data:

  • Right to access: Request a copy of all data we hold about you.
  • Right to deletion: Request immediate deletion of your data, including scan results and associated records.
  • Right to object: Object to specific data processing activities.
  • Right to portability: Request your data in a structured, machine-readable format.
  • Right to correction: Request correction of inaccurate data.

To exercise any of these rights, contact us at security@mago.team. We will respond within 15 days, as required by LGPD.

08 LGPD Compliance

MAGO Intelligence Grid complies with Brazil's General Data Protection Law (Lei Geral de Proteção de Dados — LGPD, Lei 13.709/2018). This includes:

  • Processing data only with a lawful basis (legitimate interest for service delivery, consent for optional features)
  • Collecting only the minimum data necessary for the service to function
  • Implementing appropriate technical and organizational security measures
  • Respecting data subject rights as outlined in Section 07
  • Maintaining records of data processing activities

For users in the European Union, we also respect the principles of the General Data Protection Regulation (GDPR). The rights described above are consistent with both LGPD and GDPR requirements.

09 Contact

For privacy-related inquiries, data access requests, or to report a concern, contact us at:

security@mago.team

Tecnomancy — Brazil