DRAFT — not yet in effect. This document was generated as a starting template and must be reviewed and approved by a licensed attorney (and conform to your host agency’s requirements) before it is published or relied upon. Replace every highlighted placeholder with your real details and remove this banner before going live.

Privacy Policy

Effective date: [EFFECTIVE DATE] · Last updated June 9, 2026

This Privacy Policy explains how [AGENCY LEGAL NAME] (“Magic By Marissa” / “MBM Studio,” “we,” “us”) collects, uses, and protects personal information when you use our website, intake forms, and travel-advisory services.

1. Information we collect

Information you give us

Contact details (name, email, phone), traveler details (names, dates of birth where needed for bookings, preferences), trip details, and communications. When you complete a card authorization, you provide payment-card details and an electronic signature.

Information collected automatically

Basic usage and device data through our website and analytics tools (for example, Google Analytics 4), such as pages viewed and approximate location, used to improve our services. [CONFIRM COOKIE/ANALYTICS DETAILS AND ADD A COOKIE BANNER IF REQUIRED IN YOUR REGION].

2. How we handle payment-card data

We take card security seriously. When you submit a card authorization:

[CONFIRM PCI-DSS APPROACH WITH YOUR HOST AGENCY / PAYMENT ADVISOR].

3. How we use information

To plan and book travel, communicate with you, process authorized payments to suppliers, provide customer service, comply with legal obligations, and improve our services. We do not sell your personal information.

4. Who we share information with

We share information only as needed: with travel suppliers (e.g., Disney, resorts, cruise lines, insurers) to fulfill your bookings; with our host agency [HOST AGENCY NAME]; and with service providers that operate our technology. Our current technology providers include Google Firebase (hosting, database, authentication), and AI providers used to power our in-app assistant ([CONFIRM: Anthropic and/or OpenAI]). These providers process data on our behalf under their own security and privacy commitments.

5. Data retention

We keep personal information for as long as needed to provide services and meet legal/recordkeeping requirements, then delete or anonymize it. Full card numbers and security codes are deleted immediately after a payment is processed, as described above.

6. Security

We use encryption in transit and at rest, access controls limiting data to authorized accounts, and other safeguards. No system is perfectly secure, but we work to protect your information.

7. Your choices and rights

You may request access to, correction of, or deletion of your personal information by contacting us. Depending on where you live, you may have additional rights (for example, under the California Consumer Privacy Act or, if applicable, the EU/UK GDPR). [ADD STATE/REGION-SPECIFIC DISCLOSURES AS YOUR ATTORNEY ADVISES].

8. Children

Our services are directed to adults. We collect children’s information only as part of a family travel booking, provided by a parent or guardian.

9. Changes

We may update this Policy; the “last updated” date reflects changes.

10. Contact

[AGENCY LEGAL NAME], [MAILING ADDRESS], [CONTACT EMAIL].

Privacy Policy · MBM Studio / Magic By Marissa · Last updated June 9, 2026
Questions: [CONTACT EMAIL]