Magma ChargeSpot logoMagma ChargeSpot
Legal · Privacy

Privacy Policy

We believe privacy is a right, not a checkbox. This policy explains what data we collect, why we collect it, and what control you have over it.

Last updated: 27 May 2026

Who we are

Magma Technologies ("Magma", "we", "us") operates from its registered office at 97, 3rd Main Rd, Varalakshmi Nagar, Maduravoyal, Chennai 600095, Tamil Nadu, India.

We operate the Magma ChargeSpot public charging network, Magma CSMS (charging station management software), and the Magma rider mobile application. This policy applies to all of these services.

Data we collect

We collect different categories of data depending on your relationship with us:

CategoryExamplesWho it applies to
Account dataName, email, phone, GSTIN, bank detailsVendors, operators, registered drivers
Session dataCharger ID, session start/stop, energy (kWh), cost, connector typeAll charging sessions
Payment dataUPI transaction ID, card BIN (last 4 digits only), payment statusPaid sessions
Location dataCharger GPS coordinates (not driver location)All sessions
Device dataApp version, OS, device model, push tokenRider app users
Usage dataDashboard page views, feature usage, API callsCSMS portal users
RFID dataRFID card UID (hashed), linked accountRFID users
Support dataTicket content, chat logs, diagnostic OCPP payloadsSupport ticket submitters

We do not collect driver location, vehicle GPS, or biometric data. We do not store full card numbers or UPI IDs.

How we use your data

  • To provide and operate the charging service — session management, payment processing, receipt generation.
  • To manage your account — vendor onboarding, operator management, CSMS access, weekly settlements.
  • To maintain and improve the network — diagnosing charger faults, optimising charging schedules, improving CSMS performance.
  • To communicate with you — session receipts, service alerts, settlement reports, security notices.
  • To comply with legal obligations — GST invoicing, TDS deduction, DISCOM reporting, FAME-II compliance.
  • To detect and prevent fraud — unusual session patterns, duplicate payments, RFID spoofing.
We do not sell your personal data to third parties. We do not use your data for advertising targeting. We do not profile drivers based on charging behaviour for commercial purposes.

Legal basis for processing

We process data under the Digital Personal Data Protection Act 2023 (DPDP Act) on the following bases:

  • Contract performance — processing necessary to provide the charging service you've signed up for.
  • Legitimate interests — network security, fraud prevention, service improvement.
  • Legal obligation — GST, TDS, DISCOM, FAME-II and other statutory requirements.
  • Consent — marketing communications and optional analytics (you can withdraw at any time).

Data sharing

We share your data only where necessary:

RecipientPurposeData shared
Payment gateways (Razorpay, PhonePe)Process paymentsSession amount, masked card/UPI ref
4G network providers (Airtel, Jio)Charger connectivitySIM IMEI only
Roaming hubs (Hubject, EV Recharge)OCPI roaming sessionsSession CDR, anonymised token
AWS (Mumbai region)Cloud infrastructureAll platform data, encrypted
Statutory authoritiesLegal complianceAs required by law
Operator (if applicable)Your vendor's operator sees their charger and session dataSite-level session and revenue data

Data retention

  • Session and CDR records — 7 years (GST audit requirement).
  • Payment records — 7 years (Income Tax Act).
  • Account data — retained while your account is active, deleted within 90 days of account closure.
  • CSMS logs and OCPP diagnostics — 12 months rolling.
  • Support tickets — 3 years.
  • App analytics — 13 months rolling.

Your rights

Under the DPDP Act 2023, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate data.
  • Erasure — request deletion of your data (subject to legal retention obligations).
  • Grievance — raise a complaint with our Data Protection Officer.
  • Nominate — nominate another person to exercise your rights in the event of death or incapacity.

To exercise any of these rights, email support@magmatech.in. We will respond within 30 days.

Cookies and tracking

Our website and CSMS portal use the following cookies:

  • Essential cookies — session authentication, CSRF protection. Cannot be disabled.
  • Analytics cookies — page view counts, feature usage (no cross-site tracking). Can be disabled.
  • Preference cookies — theme, language, dashboard layout. Can be cleared by clearing browser storage.

We do not use advertising cookies, third-party tracking pixels or fingerprinting technologies.

Data Protection Officer

Our Data Protection Officer can be reached at:

support@magmatech.in
+91 97515 97555
97, 3rd Main Rd, Varalakshmi Nagar, Maduravoyal, Chennai 600095, Tamil Nadu

If you are unsatisfied with our response, you may lodge a complaint with the Data Protection Board of India once constituted under the DPDP Act 2023.

Changes to this policy

We will notify registered account holders by email of material changes to this policy at least 14 days before they take effect. Minor clarifications may be updated without notice. The "Last updated" date at the top of this page always reflects the current version.