Data Policy
Transparent data handling for federated architecture
Executive Summary
This Data Policy explains how MAGENTA and the broader CMYK ecosystem collect, process, store, and protect data. As a federated platform, we implement strict data isolation and privacy-by-design principles to ensure your data remains under your control.
Data Architecture
Federated Model
Our federated architecture ensures complete separation between different organizations and clients:
┌─────────────────────────────────────────┐
│ CMYK ECOSYSTEM │
├─────────────┬─────────────┬─────────────┤
│ CYAN │ MAGENTA │ YELO │
│ Analytics │ APIs │ Content │
├─────────────┴─────────────┴─────────────┤
│ KEY │
│ Core Infrastructure │
└─────────────────────────────────────────┘
Data Isolation Levels
| Level | Isolation Method | Access Control |
|---|---|---|
| Database | Separate schemas per tenant | Row-level security |
| API | Tenant-specific endpoints | API key + tenant validation |
| Storage | Isolated S3 buckets | IAM policies per tenant |
| Cache | Namespaced Redis keys | Key prefix isolation |
Data Collection Methods
First-Party Collection
We prioritize first-party data collection through:
- Direct API Calls: When you explicitly send data to our endpoints
- JavaScript SDK: Our magenta.js library for web analytics
- Mobile SDKs: Native iOS and Android libraries
- Server-Side SDKs: Python, Node.js, Ruby, Go libraries
- Webhook Events: Data received from your configured webhooks
Automatic Collection
Certain data is collected automatically when you use our services:
- IP addresses (anonymized after geolocation)
- User agent strings (for device detection)
- Referrer information (for traffic sources)
- Performance metrics (page load times, API response times)
- Error logs (sanitized of sensitive data)
Data Processing
Real-Time Processing Pipeline
Event → Validation → Enrichment → Storage → Analytics
↓ ↓ ↓ ↓ ↓
Rate Schema Geolocation Database Aggregation
Limit Check Device Info + Cache + Reporting
Data Enrichment
We enrich collected data with:
| Enrichment Type | Data Added | Purpose | Can Disable? |
|---|---|---|---|
| Geolocation | Country, city, region | Geographic analytics | Yes |
| Device Detection | Device type, OS, browser | Compatibility tracking | Yes |
| Time Zone | Local time, UTC offset | Time-based analysis | No |
| Session Linking | Session ID, duration | User journey tracking | Yes |
Data Storage
Storage Locations
- Primary Database: PostgreSQL on AWS RDS (us-west-2)
- Analytics Data: ClickHouse cluster (us-west-2)
- Object Storage: AWS S3 (us-west-2, replicated to eu-west-1)
- Cache Layer: Redis cluster (us-west-2)
- CDN: CloudFront (global edge locations)
Encryption Standards
In Transit: TLS 1.3 for all API communications
Key Management: AWS KMS with automatic key rotation
Secrets: AWS Secrets Manager with versioning
Backup and Recovery
- Automated daily backups with 30-day retention
- Point-in-time recovery for last 7 days
- Cross-region backup replication
- Annual disaster recovery testing
- RPO: 1 hour, RTO: 4 hours
Data Access Controls
Role-Based Access Control (RBAC)
| Role | Access Level | Permissions |
|---|---|---|
| Owner | Full | All data, settings, billing, user management |
| Admin | Administrative | Data access, settings, user management |
| Developer | Technical | API access, webhooks, integrations |
| Analyst | Read-only | View analytics, export reports |
| Viewer | Limited | View dashboards only |
API Authentication
- API Keys: Unique per application with configurable scopes
- OAuth 2.0: For third-party integrations
- JWT Tokens: Short-lived session tokens (1 hour expiry)
- Webhook Signatures: HMAC-SHA256 for webhook verification
Data Sharing
Within CMYK Ecosystem
Data sharing between CMYK services follows strict protocols:
- Only aggregated, anonymized data is shared by default
- Explicit consent required for any PII sharing
- Service-to-service communication uses encrypted channels
- Each service maintains its own access logs
Third-Party Sharing
- You explicitly request an integration
- Required by law (with notification when legally permitted)
- Necessary for service operation (e.g., SMS delivery via Twilio)
Service Providers
We work with select service providers who process data on our behalf:
| Provider | Service | Data Shared |
|---|---|---|
| AWS | Infrastructure | All data (encrypted) |
| Twilio | SMS/OTP | Phone numbers only |
| Stripe | Payments | Billing information |
| SendGrid | Email addresses, content |
Data Retention
Default Retention Periods
| Data Type | Active Retention | Archive Period | Total Retention |
|---|---|---|---|
| Analytics Events | 90 days | 2 years | 2 years |
| QR Code Data | Indefinite | N/A | Until deleted |
| API Logs | 30 days | 60 days | 90 days |
| Error Logs | 7 days | 23 days | 30 days |
| User Accounts | Active | 30 days post-deletion | Until purged |
Custom Retention
Enterprise customers can configure custom retention periods to meet compliance requirements. Options include:
- Extended retention (up to 7 years)
- Immediate deletion policies
- Geographic-specific retention rules
- Automated data lifecycle management
Data Portability
Export Formats
You can export your data in multiple formats:
- JSON: Complete data with full fidelity
- CSV: Tabular data for spreadsheet analysis
- Parquet: Columnar format for big data processing
- SQL Dump: Database backup format
Export Methods
- Self-service dashboard exports (up to 1GB)
- API bulk export endpoints
- Scheduled automated exports
- Direct S3 bucket sync (Enterprise)
Data Deletion
User-Initiated Deletion
You can delete your data through:
- Dashboard deletion tools (immediate effect)
- API DELETE endpoints (programmatic)
- Support request (manual verification required)
- Automated retention policies
Deletion Process
1. Soft Delete → Data marked for deletion (recoverable for 30 days)
2. Hard Delete → Data permanently removed from primary storage
3. Backup Purge → Data removed from all backups (within 35 days)
4. Confirmation → Deletion certificate provided
Right to be Forgotten
Under GDPR and similar regulations, you have the right to request complete erasure of your personal data. We will comply within 30 days unless:
- Legal obligation requires retention
- Data is necessary for contract completion
- Legitimate interest overrides (rare, documented cases)
Compliance & Certifications
Current Compliance
- ✅ GDPR (General Data Protection Regulation)
- ✅ CCPA (California Consumer Privacy Act)
- ✅ PIPEDA (Personal Information Protection and Electronic Documents Act)
- ✅ SOC 2 Type II
- ✅ PCI DSS Level 1 (payment processing)
In Progress
- 🔄 ISO 27001 (Information Security Management)
- 🔄 ISO 27701 (Privacy Information Management)
- 🔄 HIPAA (Healthcare compliance - planned)
Audit Reports
Annual compliance reports are available upon request for Enterprise customers. Contact compliance@comma.cm for access.
Incident Response
Security Incident Protocol
- Detection: Automated monitoring and alerting (< 5 minutes)
- Assessment: Severity evaluation and impact analysis (< 30 minutes)
- Containment: Isolate affected systems (< 1 hour)
- Eradication: Remove threat and patch vulnerabilities (< 4 hours)
- Recovery: Restore normal operations (< 8 hours)
- Notification: Inform affected users (< 72 hours if required)
- Review: Post-incident analysis and improvements (< 1 week)
Data Protection Officer
Scott Derozic
Title: Data Protection Officer
Email: privacy@comma.cm
Phone: +1 (310) 907-6310
Office Hours: Monday-Friday, 9 AM - 5 PM PST
Response Time: Within 48 hours
For urgent data protection matters, please email urgent-privacy@comma.cm for priority handling.
Updates to This Policy
This Data Policy may be updated periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes through:
- Email notification to account holders
- Dashboard alerts for 30 days
- API changelog for technical changes
- Blog post for significant updates
You can always find the current version of this policy at magenta.comma.cm/data-policy with a complete revision history available upon request.