Privacy Policy

• We collect the minimum needed to run Magicost: your email + the trips you save.
• We don't sell your data and don't use it for advertising.
• We don't handle your credit card — Stripe does. We never see card numbers.
• You can delete your account and all your data anytime by emailing us.

Account info — your email address and (optionally) name when you sign up. Handled by Clerk on our behalf.

Trip data — the resorts, dates, room types, prices, and ticket selections you enter and explicitly save. Stored in our Neon Postgres database, keyed to your account.

Subscription info— if you upgrade to Magic, we receive your Stripe customer ID and subscription status (active, canceled, etc.). We don't see card numbers or billing addresses; those stay at Stripe.

Preferences — whether you want booking-window reminder emails and which resort you call home, so we know when to email you.

Server logs — standard request logs (IP, user agent, timestamps) kept by Vercel for ~30 days for debugging and abuse prevention.

• To run the calculator, compare, planner, and saved-trip features
• To send booking-window reminders (Magic subscribers only, opt-out anytime)
• To authenticate you and protect your account
• To handle Magic subscription billing
• To improve the service in aggregate (e.g. fixing bugs we see in logs)

We rely on these services. Each handles only what it needs to do its job.

• Clerk — authentication and account management
• Neon — Postgres database for your trip data
• Stripe — subscription billing (Magic tier only)
• Resend — sending booking-window reminder emails
• Vercel — hosting and server logs

We use a session cookie from Clerk to keep you signed in. We do not run analytics, advertising trackers, or third-party cookies. We may add lightweight, privacy-respecting analytics (like Plausible or Vercel Web Analytics) in the future; if we do, we'll update this page.

• View and delete your saved trips from /trips
• Turn off reminder emails from /account
• Manage your Magic subscription via the Stripe Customer Portal
• Delete your entire account (and all associated data) by emailing us — we'll process within 30 days
• If you're in the EU/UK or California, you have additional rights under GDPR / CCPA — email us to exercise them

Active account data is kept while your account is active. If you delete your account, we remove your trips, preferences, and subscription metadata within 30 days. Stripe retains billing records as required by law (typically 7 years). Server logs roll off after ~30 days.

Magicost isn't intended for users under 13. If you think a child has signed up, email us and we'll remove the account.

All traffic is HTTPS. Database connections are encrypted. We use industry-standard hosted services (Vercel, Neon, Stripe, Clerk) which maintain their own security certifications. No system is perfectly secure, but we follow accepted best practices for a small SaaS.

We'll update this page when our practices change. Material changes will get an in-app banner or email notice.

Privacy questions, data requests, or anything else: hello@usemagicost.com.