Privacy Policy
URL: https://potmagic.live/
Contact: privacy [at] potmagic [dot] live
PotMagic ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our digital storytelling platform.
1. Data Collection and Usage
We collect minimal personal data to provide our services.
- User Email Addresses: We collect and store your email address in our database to facilitate account creation, session invitations, and platform communication.
- Audio Data: PotMagic is an audio-centric storytelling platform. When you participate in a session, your audio is streamed in real-time.
- No AI Training: We do not use your audio or personal data to train AI models.
2. Real-Time Streaming (LiveKit)
We utilize LiveKit Cloud as our media server and forwarding infrastructure.
- Processing: LiveKit acts as a Data Processor. They facilitate the transmission of audio and data channel tracks via TLS and SRTP encryption.
- Data Residency: To comply with GDPR, our LiveKit infrastructure is configured with Region Pinning to ensure that data processing remains within the European Economic Area (EEA).
- Zero Training Policy: LiveKit does not use customer content (audio or data) to train their models.
- Compliance: Our usage is governed by the LiveKit Data Processing Addendum.
3. Data Storage and Hosting (Neon & Vercel)
We rely on industry-standard sub-processors to host our application and database:
- Neon (Database): Your user profile and email are stored using Neon’s serverless Postgres platform. Neon complies with GDPR standards for data processing. Detailed information can be found in the Neon GDPR Compliance Documentation.
- Vercel (Hosting): Our application is hosted on Vercel. Vercel maintains rigorous security compliance and processes data according to their Data Processing Addendum and Security Compliance standards.
4. Local Recordings
PotMagic allows Directors to record sessions.
- Storage: These recordings are processed locally and saved directly to the user’s local hard drive.
- Our Access: PotMagic does not upload, store, or have access to these video/audio files on our servers.
5. Security
All data in transit is protected using TLS (Transport Layer Security) and SRTP (Secure Real-time Transport Protocol) to ensure that your storytelling sessions remain private and secure.
6. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your data:
- Access and Portability: You may request a copy of the data we store (email address).
- Correction/Deletion: You may request that we update or delete your email address from our database.
- Consent Withdrawal: You may withdraw consent for audio processing by ending your session or closing the application.
7. Third-Party Sub-Processors
By using PotMagic, you acknowledge that the following entities process data on our behalf:
| Processor | Purpose | Location |
|---|---|---|
| LiveKit | Real-time Audio Streaming | EEA (Frankfurt/Belgium) |
| Neon | Database Storage | EEA / Global |
| Vercel | Web Hosting & Deployment | Global |
8. Cookies and Analytics
We use Google Analytics to help us understand how users interact with our platform. This information is used solely for the purpose of improving the experience and performance of PotMagic.
- Opt-in/Opt-out: You have the choice to allow or decline analytics measurement through our cookie consent banner.
- Persistence: Your preference is stored in a cookie named
potmagic_consent. If you wish to change your choice, you can do so by clearing your browser cookies, which will cause the consent banner to reappear.
9. Contact Us
For any questions regarding this Privacy Policy, your data, or to exercise your privacy rights, please contact our Data Privacy Officer at:
Email: privacy [at] potmagic [dot] live
Implementation Checklist for the Developer:
- DPA Agreements: Ensure you have digitally "signed" or accepted the DPAs in the dashboards of Vercel, Neon, and LiveKit.
- LiveKit Region Pinning: Double-check your LiveKit Cloud project settings to ensure the region is set to a European location (e.g.,
fra1orbru1). - Consent UI: Before a user joins a room and turns on their microphone, show a small toast or modal: "By joining, you consent to your audio being streamed to other participants in this session."