privacy policy
last updated: 7 March 2026
data controller: Magickly LLP, England and Wales
1. data we collect
- account data: email address, display name, Keycloak subject identifier
- uploaded content: images (irc.pics) and pastes (txt.irc.now) you create
- usage data: login timestamps, feature usage events, storage metrics
- payment data: processed by Stripe. we store your Stripe customer ID and plan status but not card details
- IRC data: bouncer connection metadata. message content is transient and not stored by us beyond bouncer scrollback
2. legal basis (GDPR)
- contract: account data and uploaded content are processed to provide the service
- legitimate interest: usage data for service improvement and abuse prevention
- legal obligation: content scanning and abuse report retention as required by UK law
3. data retention
- account data: retained while your account exists
- uploaded content: subject to expiry settings (free: 24h-90d, pro: configurable)
- abuse reports: retained for 3 years for legal compliance
- audit logs: retained for 1 year
4. data sharing
we do not sell your data. we share data only with:
- Stripe (payment processing)
- Microsoft PhotoDNA (image safety scanning, image hashes only)
- law enforcement when legally required
5. your rights
under GDPR, you have the right to:
- access your personal data
- rectify inaccurate data
- erase your data (right to be forgotten)
- restrict processing
- data portability
- object to processing
to exercise these rights, contact hi@irc.now.
6. cookies
we use session cookies for authentication. no tracking cookies or third-party analytics.
7. security
we use TLS encryption, bcrypt password hashing (via Keycloak), and access controls. uploaded content is stored in encrypted-at-rest object storage.
8. children
irc.now is not directed at children under 16. we do not knowingly collect data from children under 16.
9. changes
we may update this policy. material changes will be notified via email.
10. contact
data protection enquiries: hi@irc.now