Terms & Privacy

Acceptance: By creating an account or using Miss Magtool, you agree to these Terms. If you do not agree, please do not use the service. We may update these Terms from time to time; continued use after any update constitutes acceptance of the revised Terms.

Eligibility: You must be at least 18 years old to create an account. By registering, you confirm you meet this requirement. We do not knowingly collect personal data from anyone under the age of 13; if you believe a child under 13 has created an account, please contact us immediately so we can delete it.

The Service: We work hard to keep Miss Magtool running smoothly, but like any web-based tool, we can't promise it'll be available 100% of the time or completely error-free. The service is provided as-is and we can't make guarantees about uninterrupted availability. Where your local consumer laws provide protections that override this, those rights still apply to you.

We also take reasonable steps to protect user accounts and data. Passwords are securely hashed, user storage is isolated using salted identifiers, and sensitive payment information such as card or bank details never touches our servers directly. Payments are processed securely through trusted third-party providers such as Stripe. While no online service can ever guarantee absolute security, we follow industry-standard practices designed to keep your information protected.

Platform & AI Usage: Miss Magtool is not an AI-powered platform. Your account content, uploads, and activity are not processed by AI systems or shared with AI training services. The platform operates on our own application infrastructure and servers. While we may use modern developer tools during software development, these are not connected to customer accounts or private user data. Sensitive information, payment details, and account content are never used for AI training purposes.

Our Liability: We're a small studio tool, not an enterprise platform — so our responsibility is proportionate to that. If something goes wrong on our end, we'll do our best to make it right, but we can't be held responsible for knock-on losses like missed market sales, business losses, or data you didn't back up elsewhere. If you have a genuine claim against us, our liability is limited to what you've actually paid us in the past 12 months. Your statutory consumer rights under UK, US state, or other applicable law are not affected by this.

Your Responsibility: If your use of the service causes a problem for us — for example, you upload content you didn't have the rights to and we face a claim because of it — we may ask you to cover reasonable costs that arise directly from that. This is just about covering genuine harm caused by misuse, not a gotcha clause.

User Conduct: You agree not to use Miss Magtool to upload, generate, or distribute content that is unlawful, infringing, abusive, defamatory, obscene, or otherwise objectionable. We reserve the right to remove content and suspend or terminate accounts that breach these Terms without notice.

User Input: You are responsible for the quality, content, and legality of the images you upload. Miss Magnets is not responsible for low-resolution prints, cropping choices, orientation, or template-selection errors made by you or your guests.

Stripe & Payment Processing: Where card payments are offered, all payment processing is handled externally by Stripe. Miss Magtool does not collect, process, or store any credit card, debit card, or bank account details; all sensitive financial data is handled securely and directly by Stripe. Miss Magtool may create and manage Stripe Connect onboarding links, checkout sessions, payment records, and connected-account access needed to provide stallholder payment features. Stallholders are responsible for completing Stripe onboarding accurately, keeping their Stripe details current, and complying with Stripe's terms of service and any applicable local tax, consumer-protection, or business regulations.

Payment processing services for stallholders on Miss Magtool are provided by Stripe and are subject to the Stripe Connected Account Agreement, which includes the Stripe Terms of Service. By agreeing to these Terms or continuing to use payment features on Miss Magtool, you agree to be bound by the Stripe Services Agreement, as it may be modified by Stripe from time to time. As a condition of Miss Magtool enabling payment processing through Stripe, you agree to provide Miss Magtool with accurate and complete information about you and your business, and you authorise Miss Magtool to share it and related transaction information with Stripe.

Security & Prohibited Use: Unauthorised attempts to disrupt, scrape, overload, reverse-engineer, hack, or otherwise compromise the integrity of this website are strictly prohibited and may constitute a criminal offence under the Computer Fraud and Abuse Act (18 U.S.C. § 1030), the UK Computer Misuse Act 1990, and other applicable laws. We reserve the right to terminate access and pursue all available legal remedies against any party engaging in such conduct.

Sorting Out Problems: If something goes wrong, please contact us first and we'll do our best to sort it out quickly and fairly. Most issues can be resolved informally by email. Nothing in these Terms affects any rights you may have under applicable consumer protection laws.

Governing Law: These Terms are governed by the laws of England and Wales for users outside the United States, and by applicable US federal and state law for US users. In either case, your local consumer rights are never affected by these Terms.

Ownership: The design, code, logic, workflows, branding, visual presentation, and written content of the Studio are the exclusive intellectual property of Miss Magnets Studio unless stated otherwise. Unauthorised copying, redistribution, resale, scraping, or cloning of the site's features or aesthetic is prohibited.

Magtool Gallery Assets: Shared or "Magtool" gallery images, quote designs, premade artwork, and related visual assets made available inside the Studio remain the property of Miss Magnets Studio or its licensors. They are provided for use inside the Studio and Miss Magnets workflow only, and must not be downloaded, copied, repurposed, resold, redistributed, traced, or used to create competing products, libraries, or services.

Your Content: You retain ownership of any original images and content you upload. By uploading content, you grant Miss Magtool a limited, non-exclusive, royalty-free, worldwide licence to store, process, and display your content solely as needed to provide the service to you. This licence ends when your files are deleted in accordance with our 7-day retention policy.

Feedback: If you submit feedback, suggestions, or ideas about the service, you grant Miss Magnets a non-exclusive, perpetual, irrevocable, royalty-free licence to use that feedback for any purpose without compensation or attribution to you.

Digital Goods: All pass purchases and credit purchases are final. Once a pass has been activated or credits have been used to process images or generate templates, we are unable to issue refunds. This is consistent with consumer law exemptions for digital content that has been accessed or consumed.

Exceptions: If a technical fault on our end prevents you from using a pass or credits you purchased, please contact us. We will investigate and, where appropriate, apply a credit or extension to your account.

Credit & Pass Terms: Credits and passes have no cash value and are non-transferable. Credits remain active as long as the account is in good standing. Passes are valid for their stated duration from activation.

UK Consumer Rights: Nothing in this Refund Policy limits any rights you may have under the UK Consumer Rights Act 2015, the Consumer Contracts Regulations 2013, or equivalent consumer-protection legislation in your jurisdiction that cannot be excluded by contract. Under the Consumer Contracts Regulations, you generally have a 14-day cooling-off right for digital purchases — however, by activating a pass or using credits to generate content, you expressly request immediate performance and acknowledge that your right of withdrawal is lost at that point.

US Consumer Rights: Residents of certain US states may have additional refund rights under applicable state consumer protection laws. Nothing in this policy limits rights that cannot be waived under applicable law. If you have a dispute about a charge, you may also exercise your right to dispute the charge with your card issuer.

Who We Are: Miss Magnets Studio ("Miss Magtool", "we", "us") is the data controller responsible for personal data collected through this website. Our servers are hosted in the United States. If you have any questions about how we handle your data, contact us at the address in the "Contact Us" section below.

Data We Collect: When you register, we collect your username, email address, and a hashed (non-reversible) version of your password. We also store technical session data to keep your Studio session active. When you use payment features, limited payment-related data is received from Stripe as described below. Guests uploading via a stallholder's QR code share their photos with that stallholder for order fulfilment.

How We Use Your Data: We use your personal data to: (a) create and maintain your account; (b) provide, operate, and improve the service; (c) process payments through Stripe; (d) respond to your enquiries and support requests; (e) detect, prevent, and investigate fraud and security incidents; (f) comply with legal obligations. We do not use your personal data for behavioural advertising, cross-context advertising, or profiling for advertising purposes.

Legal Basis for Processing (UK & EU GDPR): Where the UK GDPR or EU GDPR applies, we process your personal data on the following legal bases: contract performance (to provide the service you signed up for); legitimate interests (to keep the service secure and prevent fraud); and compliance with legal obligations where required. We do not rely on consent as a basis for processing account or session data, as it is necessary for the service to function.

7-Day File Retention: To allow for re-printing and support, uploaded images and generated PDF templates are held for exactly 7 days from upload. After this period, files are permanently and automatically purged from our servers. Account data (username, email) is retained for as long as your account is active, and for a reasonable period after deletion to meet any legal obligations.

Salted Storage: Your personal media is stored in unique, cryptographically salted directories. File paths are non-sequential and cannot be guessed by other users or automated bots.

Stripe & Payment Data: We use Stripe for payments, analytics related to payment performance, and other payment business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics. You can learn more and read Stripe's privacy policy at stripe.com/privacy.

Where stallholders enable card payments through a connected Stripe account, certain information is shared with Stripe to provide onboarding, payment processing, fraud prevention, payout, and verification features. We do not store full card details on Miss Magtool servers. We may retain Stripe account IDs, session IDs, payment status, amounts, currencies, and limited order-related details such as customer email where provided by Stripe or required for order records. Stallholders who connect Stripe authorise Miss Magtool to access connected-account data as needed to provide payment setup, status syncing, support, and platform features. See the Stripe Privacy Center and the Stripe Connected Account Agreement for full details.

International Data Transfers: We are based in the United Kingdom. Our hosting servers are located in the United States. By using Miss Magtool, your data may be transferred to and processed in the US, which may not provide the same level of data protection as the UK or EEA. Where such transfers occur, we rely on appropriate safeguards including standard contractual clauses or equivalent mechanisms recognised under UK GDPR. Stripe also processes data internationally under their own Data Processing Agreement and privacy policy.

Third-Party Data Sharing: We do not sell your personal data. We do not share your personal data with third parties for cross-context behavioural advertising, targeted advertising, or marketing purposes. We may share data with service providers (such as hosting and payment providers) strictly as necessary to operate the service — these providers are bound to use it only on our behalf. We may also disclose data where required by law, court order, or valid legal process.

Your Rights (UK, EU & General): Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
• Portability — receive your data in a structured, machine-readable format.
• Restriction — ask us to limit how we process your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw Consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

User Upload Responsibility: You are solely responsible for any image, artwork, logo, quote, phrase, or other content you upload to the Studio. By uploading content, you confirm you own it or hold all necessary rights, licences, and permissions required for your intended use. Miss Magnets is not responsible for verifying ownership of user-uploaded content and accepts no liability for infringement, misuse, or unauthorised uploads.

Children's Privacy (COPPA Compliance) Miss Magtool is intended for use by adults aged 18 and over. We do not knowingly collect personal information directly from children under 13.

Some users of the platform may photograph or upload images from public or private events where minors are present, including school events, sports events, parties, or family gatherings. If you use Miss Magtool in connection with minors, you are responsible for ensuring that you have all necessary permissions and consents required by applicable laws.

This includes responsibility for:

• obtaining consent from a parent or legal guardian where required
• complying with applicable child privacy, photography, and data protection laws, including the U.S. Children's Online Privacy Protection Act (COPPA) where applicable
• informing customers or event participants how images will be used, stored, or shared
• responding appropriately to requests for deletion of images involving minors

Miss Magtool does not verify the age or identity of individuals appearing in uploaded content and cannot independently confirm whether appropriate consent has been obtained.

If you believe content involving a child has been uploaded improperly or without appropriate consent, please contact us at contact@missmagnets.com and we will review and remove the content where appropriate.

This section applies to residents of US states that have enacted comprehensive consumer privacy laws, including California, Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and others. It supplements the general Privacy Policy above.

Categories of Personal Information We Collect:

• Identifiers — username, email address.
• Account credentials — hashed password.
• Commercial information — payment status, session credits, pass activations.
• Internet / network activity — session data, technical logs, IP address for security.
• User-generated content — images and files you upload.

We Do Not Sell or Share Your Personal Information. We do not sell your personal information to third parties. We do not share your personal information with third parties for cross-context behavioural advertising or targeted advertising purposes. This applies to all users regardless of location, including California residents under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA), and residents of other states with similar laws.

No Sensitive Data Use for Advertising. We do not use sensitive personal information to infer characteristics about you or to serve targeted advertising.

California Residents — Your Rights Under CCPA/CPRA:

• Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you, and our data practices.
• Right to Delete — request deletion of personal information we hold about you, subject to exceptions.
• Right to Correct — request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing — we do not sell or share personal information for advertising; no opt-out mechanism is required, but you may contact us to confirm.
• Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information beyond what is necessary to provide the service.
• Right to Non-Discrimination — we will not discriminate against you for exercising any of your privacy rights.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and Other State Residents: Residents of these and other states with enacted privacy laws have similar rights to access, correct, delete, and obtain a portable copy of their personal data. You also have the right to opt out of targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects. We do not engage in targeted advertising or such profiling. To exercise your rights, contact us at the address below.

Authorised Agents: California residents may designate an authorised agent to submit requests on their behalf. We may require proof of the agent's authorisation and verification of your identity before processing such requests.

How to Exercise Your US Privacy Rights: Submit a request to contact@missmagnets.com with the subject line "Privacy Request". We will verify your identity before processing and respond within 45 days (with a possible 45-day extension where permitted by law). We will not charge a fee unless your requests are manifestly unfounded or excessive.

Appeals: If we decline to take action on your request, you may appeal by contacting us and specifying "Privacy Appeal" in your subject line. We will respond within the timeframe required by applicable law. If your appeal is denied, you may contact your state Attorney General.

Respecting Rights: Miss Magnets respects intellectual property rights and expects users to do the same. We comply with the Digital Millennium Copyright Act (DMCA) and similar laws in other jurisdictions.

DMCA Notice and Takedown Procedure: If you believe that content available through Miss Magtool infringes your copyright, you may submit a written notification to our Designated Copyright Agent containing all of the following information (as required by 17 U.S.C. § 512):

• A physical or electronic signature of the copyright owner or a person authorised to act on their behalf.
• Identification of the copyrighted work claimed to have been infringed, or, if multiple works are covered by a single notification, a representative list of such works.
• Identification of the material claimed to be infringing or to be the subject of infringing activity, and information reasonably sufficient to permit us to locate the material (e.g., a URL or description).
• Your contact information, including your name, address, telephone number, and email address.
• A statement that you have a good-faith belief that use of the material in the manner complained of is not authorised by the copyright owner, its agent, or applicable law.
• A statement that the information in the notification is accurate, and, under penalty of perjury, that you are authorised to act on behalf of the copyright owner.

Designated Copyright Agent:
Miss Magnets Studio
Attn: Copyright Agent
Email: contact@missmagnets.com
(Please include "DMCA Notice" in the subject line.)

Counter-Notification: If you believe your content was removed in error, you may submit a counter-notification to our Copyright Agent that includes: (a) your signature; (b) identification of the removed material and its prior location; (c) a statement under penalty of perjury that you have a good-faith belief the material was removed as a result of a mistake or misidentification; (d) your name, address, and telephone number; and (e) a statement consenting to jurisdiction of the Federal District Court for the district in which you are located (or, for users outside the US, the courts of England and Wales). Upon receiving a valid counter-notification, we may restore the material unless the original complainant files a court action within the statutory period.

Repeat Infringers: In accordance with the DMCA and our own policy, we will terminate the accounts of users who are repeat copyright infringers.

Our Rights: We reserve the right to remove content, disable access, suspend accounts, or restrict features where we reasonably believe uploaded material is infringing, unlawful, abusive, misleading, or otherwise inappropriate, with or without prior notice.

Essential Session Cookies: We use first-party session cookies that are strictly necessary for the Studio to function — they keep your photo tray and login session active while you work. Because these cookies are essential to the service, they do not require your consent under ePrivacy rules; however, you should be aware they exist. They are removed when you log out or your session expires.

Stripe Cookies: Where payment features are used, Stripe may set its own cookies on your device for fraud prevention, security, and payment-flow purposes. These are governed by Stripe's Cookie Policy. Stripe may also collect device and browser identifiers via its scripts (such as Stripe.js) to support fraud detection.

Advertising or Tracking Cookies: We do not use third-party advertising or behavioural tracking cookies for our own marketing purposes. However, certain third-party services we use, such as Stripe and embedded YouTube videos, may place cookies or collect technical information as part of their functionality.

Local Storage: We may use your browser's local storage to remember UI preferences such as recently used templates, solely to make your experience faster. No personal data is shared with third parties via local storage.

Do Not Track: We honour Do Not Track (DNT) browser signals. Because we do not engage in tracking for advertising purposes, our practices are consistent with DNT preferences regardless of whether a DNT signal is received.

If you have any questions about these Terms, this Privacy Policy, or your personal data, or if you wish to exercise any of your data rights (including US state privacy rights or UK/EU GDPR rights), please contact us at contact@missmagnets.com or via our Contact & FAQ page.

For DMCA notices, please include "DMCA Notice" in the subject line. For privacy rights requests, please include "Privacy Request" in the subject line.

We aim to respond to all privacy-related enquiries within 30 days, and within any shorter period required by applicable law.