Privacy Policy

Effective Date: May 23, 2025 Last Updated: May 23, 2025

1. Introduction

Welcome to Magma, a cybersecurity software company based in Paris, France (37 Boulevard Ney). We specialize in the development of advanced security technologies—including VPNs, antimalware tools, and digital privacy utilities—offered in a free and open-source format for global accessibility.

This Privacy Policy describes how we handle your data and your privacy rights. At Magma, we believe privacy is a fundamental human right—not a feature.

2. Core Principles

We design all our solutions in accordance with the following principles:

  • Minimal Data Collection: We collect no personally identifiable information (PII).
  • Default Anonymity: Our tools work without requiring user registration or identification.
  • Security by Design: Every product is built from the ground up with end-to-end encryption and privacy-preserving architectures.
  • Transparency & Open Source: Our core projects are open to public inspection and contribution.
  • No Ads. No Trackers. Ever.

3. Hosting Infrastructure

All our backend systems are hosted on Amazon Web Services (AWS). We leverage AWS's secure infrastructure to deliver reliability and data protection. Our configurations follow:

  • ISO/IEC 27001, SOC 2, and CIS Benchmarks
  • Encryption at rest and in transit
  • Network isolation, IAM policies, and audit logging

4. What Data We Do NOT Collect

Magma is designed to work without storing or processing the following:

  • Names, email addresses, phone numbers
  • Device identifiers, IP addresses, or GPS/location data
  • Payment data or billing details
  • Browsing behavior, analytics, or user metadata
  • Cookies or fingerprinting technologies

We do not profile users, track them across websites/apps, or sell any form of user information.

5. Software-Specific Behavior

Our software—including but not limited to VPN clients, malware scanners, and command-line utilities—operate under privacy-first constraints:

  • VPN Traffic: We do not log source IPs, DNS queries, session durations, or usage metadata.
  • Antimalware Tools: All scans run locally. No files are uploaded or sent to external servers.
  • Crash Reporting: Disabled by default. Optional and opt-in only.

6. Third-Party Services

We do not embed third-party trackers, analytics, advertising SDKs, or behavioral profiling tools. If we ever integrate a third-party tool (e.g., GitHub OAuth for contributors), it will be:

  • Strictly opt-in
  • Clearly documented
  • Isolated from the core application
  • Open to public audit

7. Compliance

While we do not process personal data under the scope of GDPR, we fully support its principles:

  • Data Minimization
  • Purpose Limitation
  • Security and Confidentiality
  • User Control and Transparency

We also comply with the French CNIL guidelines, the ePrivacy Directive, and follow industry codes of conduct for secure open-source development.

8. Children’s Privacy

Magma software is not intended for children under the age of 13. We do not knowingly collect, use, or disclose data from children.

9. Security Commitments

Our team consists of senior engineers and cybersecurity experts with over a decade of experience in secure system design. We employ:

  • Code audits and penetration testing
  • CI/CD pipelines with security gates
  • Vulnerability disclosure programs
  • Strict key management and access controls

10. Changes to This Policy

This policy may be updated as our tools evolve. Any updates will be published on our website, and major changes will be communicated prominently. All versions are available for audit in our public repository.

12. Final Words

We don’t just respect your privacy—we defend it.

Magma exists to empower everyone with free, transparent, and ethical security tools. We are proud to be privacy purists, not just by policy, but by design.

Security for everyone. Privacy by default. Open forever.