← MagicBrews

Privacy

Draft (v0, 2026-05-29) — pending legal review. It accurately describes how the product handles data today; it is not yet a final legal instrument.

Who we are

MagicBrews is an AI assistant (“Pepper”) that acts on your behalf across the tools you connect. The operator who runs this instance is the party accountable for your data; reach them at the contact on the signup confirmation or via the account that invited you.

What we collect

  • Account access: a session cookie and a one-way hash of the operator password. We never store the password itself.
  • Early-access signups: the name, email, and plan you submit.
  • Connected-service content: when you connect a tool (email, calendar, files, chat, task trackers), Pepper reads the content needed to do the task you asked for. We do not copy your mailbox or drive wholesale; Pepper reads on demand.
  • Operational logs: an audit log and a cost ledger. These are content-free by design — they record tool names, a non-reversible hash of arguments, and token/cost counts, never the contents of your messages, files, or inbox.

Why we use it

To run the actions you ask Pepper to take, to keep the service secure and within spending limits, and to let you review what Pepper did. We do not sell your data, and we do not use it for advertising.

AI processing

To answer and act, your prompts and the relevant connected-service content are sent to our AI provider (Anthropic) for inference, under their API terms. Treat anything you ask Pepper to read as processed by that provider for the purpose of completing your request.

Where it lives

Data is stored on the operator’s server (currently Fly.io, US region) on an encrypted persistent volume. If you are outside the United States, your data is processed and stored across a border.

Retention & your rights

Conversations, pending approvals, and signup records are kept until deleted. You can ask the operator to access, correct, or erase your data; erasure removes your conversations, approvals, and signup records (the content-free operational logs may persist). We aim to honor requests promptly.

Security

Access to Pepper requires authentication. Actions that send, delete, or spend pause for explicit human approval. Tool output is treated as untrusted data, not instructions, to resist prompt-injection. No system is perfectly secure; we will notify affected people of a breach as required by law.

Questions or a data request? Contact the operator of this instance. Terms of Service.