Privacy Policy

Introduction

At DijiMagic ("DijiMagic", "we"), we take the security of your personal data seriously. This policy explains what data we collect when you use the DijiMagic platform, how we use it, how long we keep it, and your rights.

1) Scope

This policy applies to the services provided through the DijiMagic website and DijiMagic SaaS dashboard.

2) Service Description

DijiMagic is a platform that helps users connect their ad accounts to view performance data, run reporting, and (where applicable) perform certain ad management actions.

3) Connected Integrations and Types of Data Accessed

3.1 Meta (Facebook, Instagram, WhatsApp) Integration
When a user connects their Meta account via Facebook Login, DijiMagic requests access to the following categories of data, each tied to a specific permission scope: (a) Advertising Data (ads_read, ads_management, pages_manage_ads): Ad account identifiers, campaigns, ad sets, ads, budgets, bid strategies, targeting settings, and performance metrics (impressions, clicks, spend, conversions, ROAS). (b) Page Data (pages_show_list, pages_read_engagement, pages_manage_posts): Facebook Page names, IDs, profile pictures, engagement metrics, published posts (text, images, videos, permalinks), and the ability to publish content (feed posts, Reels) to the user's own Facebook Page. (c) Lead Data (leads_retrieval): Active lead generation forms associated with connected Pages, including form names, field configurations, and submitted lead entries (name, email, phone, and other fields defined by the advertiser). (d) Business Data (business_management): Business Manager account identifiers and names, owned Pages, and owned WhatsApp Business Accounts — used to map organizational assets. (e) Instagram Data (instagram_basic, instagram_content_publish): Instagram Business Account profile information (username, profile picture), published media (images, videos, captions, permalinks), and the ability to publish content (feed posts, Reels, Stories) to the user's Instagram Business Account. (f) WhatsApp Data (whatsapp_business_management, whatsapp_business_messaging): WhatsApp Business Account identifiers, associated phone numbers (display number, verified name, quality rating), and the ability to create Click-to-WhatsApp (CTWA) ad destinations. All Meta data is used exclusively to provide the ad management, reporting, and campaign creation features within the DijiMagic platform. Data is not transferred to third parties, sold, or used for purposes unrelated to the user's advertising operations.

3.2 Google Ads Integration
The user grants access to their Google Ads account via Google OAuth. Data accessed includes Google Ads customer account ID, ad entities such as campaigns/ad groups/ads, budget/settings, and performance metrics (e.g. impressions, clicks, cost, and related reporting fields). Access scope: Google Ads API (adwords scope).

3.3 Google Analytics Integration (GA4)
When a user connects their Google account, DijiMagic requests access to Google Analytics 4 data via the following OAuth scopes: (a) analytics.readonly: Read access to GA4 account identifiers, property configurations, data streams, audiences, and report data (sessions, users, events, conversions, traffic sources). (b) analytics.edit: Write access to create GA4 properties on behalf of the user, configure data streams, define custom event definitions, create audiences, and set up conversion goals — only when the user explicitly initiates these actions through DijiMagic's setup wizards. All Google Analytics data is used exclusively to display analytics dashboards within DijiMagic and to perform user-initiated configuration actions. Data is never transferred to third parties, sold, or used for advertising purposes.

3.4 Google Tag Manager Integration
When a user connects their Google account, DijiMagic requests access to Google Tag Manager data via the following OAuth scopes: (a) tagmanager.readonly: Read access to the user's GTM account identifiers, containers, workspaces, tags, triggers, variables, and version history — used to display the user's existing setup within DijiMagic's dashboard. (b) tagmanager.edit.containers: Write access to create and modify tags (GA4 configuration, GA4 events, conversion tracking), triggers (page view, form submit, click events), and variables within the user's GTM container — only when the user explicitly initiates these actions through DijiMagic's setup wizards. (c) tagmanager.publish: Permission to publish GTM container versions, only after the user reviews and approves DijiMagic-generated changes via in-app one-click action. Auto-publishing is never performed without explicit user action. All Google Tag Manager data is used exclusively to display the user's GTM setup within DijiMagic and to deploy tags configured by the user. Data is never transferred to third parties or used for advertising purposes.

3.5 Gmail / Email Sending Integration
When a user connects their Gmail account in DijiMagic's Email Marketing module, DijiMagic requests access via the following OAuth scopes: (a) gmail.send: Permission to send email messages (such as marketing campaigns, outreach sequences, reports, or notifications) that the user composes and explicitly initiates within DijiMagic, delivered from the user's own connected Gmail account. (b) userinfo.email: Read access used only to display which Gmail account is connected. DijiMagic uses the gmail.send scope exclusively to send user-initiated messages. DijiMagic does not read, access, store, modify, delete, or analyze the user's existing emails, inbox, drafts, labels, or contacts; the gmail.send scope only permits sending. Users can disconnect their Gmail account at any time, which revokes the stored authorization token and stops further sending. All Gmail data handling complies with the Google API Services User Data Policy, including the Limited Use requirements. Data is never transferred to third parties, sold, or used for advertising purposes.

4) Platform Data Policy Compliance

4.1 Google API Services User Data Policy (Limited Use)
DijiMagic's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. Specifically: (a) Google user data is used only to provide and improve the reporting, monitoring, and campaign management features requested by the user within DijiMagic. (b) Google user data is not transferred to third parties except as necessary to provide or improve user-facing features, with the user's explicit consent, for security purposes, or to comply with applicable laws. (c) Google user data is not used for serving ads, including retargeting, personalized advertising, or interest-based advertising. (d) Google user data is not sold to any party. (e) Humans are not allowed to read Google user data unless the user has provided affirmative consent, it is necessary for security purposes, it is required to comply with applicable law, or the data is aggregated and anonymized for internal operations.

4.2 Meta Platform Policy Compliance
DijiMagic's use of data received from Meta Platform APIs (Facebook, Instagram, WhatsApp) complies with the Meta Platform Terms (https://developers.facebook.com/terms/) and Meta's Data Use Restrictions. Specifically: (a) Meta user data is used solely to provide the advertising management, reporting, campaign creation, and analytics features that the user explicitly initiates within the DijiMagic platform. (b) Meta user data is not sold, licensed, or transferred to any third party — including data brokers, ad networks, or analytics providers — for any purpose. (c) Meta user data is not used for surveillance, profiling unrelated to advertising, credit or insurance eligibility decisions, employment screening, or any purpose unrelated to the user's own advertising operations. (d) Lead form data retrieved via the leads_retrieval permission is accessed only on behalf of the Page owner who created the form and is displayed exclusively within the DijiMagic dashboard for that user's own use. (e) Instagram account data is used only for campaign targeting (selecting Instagram accounts as ad destinations) and displaying published media for ad creative selection. (f) WhatsApp Business Account data is used only to enable Click-to-WhatsApp ad creation and to verify phone number availability. (g) Access tokens are stored securely in httpOnly cookies and server-side storage. Tokens are never exposed to client-side JavaScript or logged in plain text. (h) When a user disconnects their Meta integration or deauthorizes the app, all stored tokens, account mappings, and cached data are revoked and queued for deletion within 90 days. (i) Users may request immediate data deletion by contacting info@dijimagic.com or through the in-app data deletion flow.

5) Purposes of Data Use

Account linking and authentication; providing performance reports, KPI dashboards, and analytics; in-product debugging and support (sensitive information such as credit card, password, or tokens is not logged); security measures and prevention of misuse.

6) Retention

Reporting/cache data: 90 days (to the minimum extent necessary for functionality). When the user removes an integration (Disconnect), synchronization is stopped and the related authentication data is revoked; integration data held in the system is subject to deletion procedures.

7) Sharing and Transfer

Data is not sold to third parties. Transfer to infrastructure providers (hosting, logging, etc.) may occur only to the limited extent necessary to provide the service. Disclosure to competent authorities may occur where required by law.

8) Security

Tokens and sensitive authentication data are not held in plain form on the client. Access keys are not shared in URLs; they are used only in secure headers. Technical and organizational measures are in place to prevent unauthorized access.

9) Your Rights and Requests

You may submit requests regarding the processing of your personal data through the following channel: Email: info@dijimagic.com

10) Policy Updates

This policy may be updated as needed. Updates will be published on this page.

Contact

E-posta: info@dijimagic.com