Magma ChargeSpot
Partner loginGet a quote
Legal · Privacy

Privacy Policy

We believe privacy is a right, not a checkbox. This policy explains what data we collect, why we collect it, and what control you have over it.

Last updated: 27 May 2026

Who we are

Magma Charging Technologies Private Limited ("Magma", "we", "us") is a company incorporated under the Companies Act 2013, with CIN U40300KA2022PTC000000 and registered office at 4th Floor, Prestige Tech Park, Outer Ring Road, Bengaluru 560103, Karnataka, India.

We operate the Magma ChargeSpot public charging network, Magma CSMS (charging station management software), and the Magma rider mobile application. This policy applies to all of these services.

Data we collect

We collect different categories of data depending on your relationship with us:

CategoryExamplesWho it applies to
Account dataName, email, phone, GSTIN, bank detailsVendors, operators, registered drivers
Session dataCharger ID, session start/stop, energy (kWh), cost, connector typeAll charging sessions
Payment dataUPI transaction ID, card BIN (last 4 digits only), payment statusPaid sessions
Location dataCharger GPS coordinates (not driver location)All sessions
Device dataApp version, OS, device model, push tokenRider app users
Usage dataDashboard page views, feature usage, API callsCSMS portal users
RFID dataRFID card UID (hashed), linked accountRFID users
Support dataTicket content, chat logs, diagnostic OCPP payloadsSupport ticket submitters

We do not collect driver location, vehicle GPS, or biometric data. We do not store full card numbers or UPI IDs.

How we use your data

  • To provide and operate the charging service — session management, payment processing, receipt generation.
  • To manage your account — vendor onboarding, operator management, CSMS access, weekly settlements.
  • To maintain and improve the network — diagnosing charger faults, optimising charging schedules, improving CSMS performance.
  • To communicate with you — session receipts, service alerts, settlement reports, security notices.
  • To comply with legal obligations — GST invoicing, TDS deduction, DISCOM reporting, FAME-II compliance.
  • To detect and prevent fraud — unusual session patterns, duplicate payments, RFID spoofing.
We do not sell your personal data to third parties. We do not use your data for advertising targeting. We do not profile drivers based on charging behaviour for commercial purposes.

Legal basis for processing

We process data under the Digital Personal Data Protection Act 2023 (DPDP Act) on the following bases:

  • Contract performance — processing necessary to provide the charging service you've signed up for.
  • Legitimate interests — network security, fraud prevention, service improvement.
  • Legal obligation — GST, TDS, DISCOM, FAME-II and other statutory requirements.
  • Consent — marketing communications and optional analytics (you can withdraw at any time).

Data sharing

We share your data only where necessary:

RecipientPurposeData shared
Payment gateways (Razorpay, PhonePe)Process paymentsSession amount, masked card/UPI ref
4G network providers (Airtel, Jio)Charger connectivitySIM IMEI only
Roaming hubs (Hubject, EV Recharge)OCPI roaming sessionsSession CDR, anonymised token
AWS (Mumbai region)Cloud infrastructureAll platform data, encrypted
Statutory authoritiesLegal complianceAs required by law
Operator (if applicable)Your vendor's operator sees their charger and session dataSite-level session and revenue data

Data retention

  • Session and CDR records — 7 years (GST audit requirement).
  • Payment records — 7 years (Income Tax Act).
  • Account data — retained while your account is active, deleted within 90 days of account closure.
  • CSMS logs and OCPP diagnostics — 12 months rolling.
  • Support tickets — 3 years.
  • App analytics — 13 months rolling.

Your rights

Under the DPDP Act 2023, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate data.
  • Erasure — request deletion of your data (subject to legal retention obligations).
  • Grievance — raise a complaint with our Data Protection Officer.
  • Nominate — nominate another person to exercise your rights in the event of death or incapacity.

To exercise any of these rights, email privacy@magmapro.in. We will respond within 30 days.

Cookies and tracking

Our website and CSMS portal use the following cookies:

  • Essential cookies — session authentication, CSRF protection. Cannot be disabled.
  • Analytics cookies — page view counts, feature usage (no cross-site tracking). Can be disabled.
  • Preference cookies — theme, language, dashboard layout. Can be cleared by clearing browser storage.

We do not use advertising cookies, third-party tracking pixels or fingerprinting technologies.

Data Protection Officer

Our Data Protection Officer can be reached at:

Pritha Nair (CFO, acting DPO)
privacy@magmapro.in
+91 80 4567 1200
4th Floor, Prestige Tech Park, Outer Ring Road, Bengaluru 560103

If you are unsatisfied with our response, you may lodge a complaint with the Data Protection Board of India once constituted under the DPDP Act 2023.

Changes to this policy

We will notify registered account holders by email of material changes to this policy at least 14 days before they take effect. Minor clarifications may be updated without notice. The "Last updated" date at the top of this page always reflects the current version.