Privacy Policy

This Privacy Policy explains how Mach41 Ltd ("Mach41", "we", "us") collects, uses, and protects personal information when you visit mach41.com, contact us, or use Magister, our agentic execution platform.

Who we are

Mach41 Ltd is the data controller for personal information collected through this website and, unless otherwise agreed in a customer agreement, for account and service data relating to Magister when we act as service provider. For questions about this policy, contact us via our contact page.

Information we collect

Depending on how you interact with us, we may collect:

• Contact and account details - name, work email, company, job title, phone number, and messages you send when you request a demo, sign up, or support.
• Website usage data - pages visited, referring URLs, browser type, device information, and approximate location derived from IP address. Analytics cookies are only used if you opt in; see our Cookie Policy.
• Platform usage data - when you use Magister, we may process pipeline metadata, configuration, logs, audit events, and operational telemetry needed to run, secure, and support the service.
• Customer content - data, documents, prompts, and outputs processed through Magister pipelines that you or your organisation connect to the platform.

How we use your information

We use personal information to:

• Respond to enquiries and provide demos, trials, and customer support.
• Provide, operate, maintain, and improve Magister and our website.
• Send service-related communications, security notices, and - where permitted - product updates.
• Comply with legal obligations, enforce our agreements, and protect our rights and users.
• Analyse website performance when you have consented to analytics cookies.

Deployment models and data location

Magister can be deployed in several ways. Your data handling depends on the model you choose:

Managed SaaS

We host the platform and you build pipelines through the browser-accessed Studio. Platform data, pipeline configuration, and operational logs are stored and processed in infrastructure operated by Mach41 or our subprocessors, subject to your agreement and applicable data-processing terms.

Self-Hosted

Magister runs as Docker containers on infrastructure you control. Your team licenses and governs the deployment. Customer content and pipeline data remain on your servers; Mach41 typically receives only limited telemetry, licence validation, and support-related information needed to deliver updates and assistance.

Mach41 Hosted

We operate a dedicated Magister environment for your organisation. You receive the isolation and control benefits of a dedicated deployment while Mach41 manages hosting, patching, and operations. Data residency and subprocessors are defined in your order form or data-processing agreement.

Regardless of deployment model, you retain ownership of your customer content. We process it only to provide the service, as described in your contract and this policy.

Legal bases for processing

Where UK or EU data protection law applies, we rely on one or more of the following: performance of a contract, legitimate interests (such as improving our services and securing our platform), compliance with legal obligations, and consent (for example, non-essential cookies or certain marketing communications).

Sharing and subprocessors

We do not sell personal information. We may share data with:

• Hosting, infrastructure, and security providers that help us operate Magister and our website.
• Professional advisers where required by law or to protect our legal interests.
• Authorities when legally required or to prevent fraud or harm.

Enterprise and Mach41 Hosted customers may receive a list of subprocessors under their agreement.

International transfers

If personal information is transferred outside the UK or EEA, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms, unless an adequacy decision applies.

Retention

We keep personal information only as long as needed for the purposes above, including to meet legal, accounting, and dispute-resolution requirements. Website analytics and cookie preferences are retained according to our Cookie Policy. Customer platform data retention is governed by your deployment model and contract.

Security

We implement technical and organisational measures designed to protect personal information, including access controls, encryption in transit, and monitoring. No method of transmission or storage is completely secure; you are responsible for securing credentials and self-hosted infrastructure under your control.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability. You may also withdraw consent where processing is consent-based, and lodge a complaint with a supervisory authority. To exercise rights relating to website or account data, contact us via contact.html. For organisation-level Magister data, your administrator or data protection contact may need to act on your behalf.

Children

Our website and services are intended for business users and are not directed at children under 16.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date.

Related policies

See also our Cookie Policy and Terms of Service.