Last updated: 23 April 2026

Privacy Policy

MageSmith is operated by MagePsycho (referred to as "we", "us", "our" below). This page explains what personal data we collect when you use MageSmith at magesmith.app, why we collect it, and the choices you have. Plain language, no tracking-industry jargon.

What we collect

• Account details. Your email address, display name, and a password hash (bcrypt) when you sign up directly. For OAuth sign-ins, we receive the email, display name, and provider-issued user ID from your Google, GitHub, X, Facebook, or LinkedIn account.
• Content you create. Module scaffolds, config diff uploads, audit submissions, README drafts, and quiz attempts are stored under your account so you can come back to them.
• Operational logs. Standard server logs — IP address, request path, response code, timestamp — retained for a short window for abuse detection and performance debugging.
• Cookies. A session cookie (magesmith_session) and a CSRF cookie (magesmith_csrf), both first-party, both HttpOnly. No tracking pixels, no third-party ad cookies.

What we do with it

Only what's needed to run the service: authenticate you, keep your generated content accessible to you, send transactional emails (signup verification, password resets), and protect the platform against abuse.

Who we share with

We don't sell personal data. The only third parties that touch it are operational:

• Anthropic — when (and only when) you explicitly run the Code Audit tool, the files you paste are sent to Anthropic's API to generate the audit. They're governed by Anthropic's data usage policy.
• Our transactional email provider (e.g. Resend or Postmark) — receives your email address only when we need to send you a verification or notification email.
• Your chosen OAuth provider — handles the sign-in handshake; we receive your profile details from them, not the other way around.

No other third parties receive your data. No advertising networks. No analytics pixels.

Where it's stored

In a managed database behind TLS. Backups are encrypted at rest. The full technical setup is described in our MagePsycho security page as it evolves.

How long we keep it

Account data is kept until you delete the account from Settings → Delete account, at which point we cascade-delete everything attached to your user (sessions, OAuth links, generated content, quiz history). Operational logs are pruned on a short rolling window — 30 days as of this writing.

Your rights

• Access. Everything we hold under your account is visible inside the app — the dashboard, the tool pages, the settings page.
• Export. Email us and we'll package a copy of your data in machine-readable form.
• Deletion. One click in Settings wipes your account and all linked data. No customer-service dance.
• Correction. Edit your profile in Settings at any time.

Children

MageSmith is a developer tool and is not directed at children under 16. We do not knowingly collect data from children.

Changes to this policy

We update the "Last updated" date at the top when this page changes. Material changes (e.g. a new third-party data recipient) will also be announced via email to registered users.

Contact

Questions about this policy or your data: [email protected].

This policy is governed by the laws applicable to MagePsycho's operating entity.