Privacy Policy
Last Updated: March 17th, 2026
OpenSesame AI Inc. (“General Magic,” “we,” “our,” or “us”) respects your privacy and is committed to protecting personal information through responsible data practices and strong security safeguards. This Privacy Policy explains how we collect, use, process, disclose, and protect information when you interact with our services, including General Magic, our AI messaging agent platform that enables organizations to automate workflows and interact with users through messaging channels such as SMS, iMessage, WhatsApp, and other supported messaging services. By accessing or using our Services, you agree to the practices described in this Privacy Policy. If you do not agree with this Policy, please discontinue use of the Services.
1. Who We Are
General Magic is a product developed and operated by OpenSesame AI Inc., a corporation incorporated under the laws of Ontario, Canada with headquarters in Toronto.
General Magic provides AI messaging agents that allow organizations to automate interactions and workflows through messaging platforms such as SMS, Apple iMessage, WhatsApp, and other supported communication channels. These agents may connect to enterprise systems such as CRM platforms, insurance policy systems, claims systems, and other operational software to assist users and complete requested tasks.
We operate in compliance with applicable privacy laws including the Personal Information Protection and Electronic Documents Act (PIPEDA) and other relevant privacy regulations.
OpenSesame AI Inc. maintains SOC 2 Type II compliance, meaning our security controls relating to data security, availability, confidentiality, and privacy have been independently audited and verified to operate effectively.
2. Information We Collect
We collect several types of information depending on how you interact with our Services.
a. Information You Provide Directly
When you interact with General Magic through messaging channels or enterprise systems, you may provide information such as:
Name
Phone number
Email address
Message content and conversation history
Company or account information
Authentication credentials or verification information
Support requests or communications
This information is used to process interactions and complete requested workflows.
b. Information Collected Automatically
When the Services are used, certain technical and operational information may be collected automatically, including:
IP address
Device information
Browser type and operating system
Interaction timestamps
System logs
Messaging delivery status
Usage analytics
This information helps us maintain system reliability, monitor system performance, detect fraud or abuse, and improve service quality.
c. Information Processed Through Integrations
General Magic may process data originating from systems connected by enterprise customers. These integrations may include:
Customer relationship management systems (CRM)
Insurance policy administration systems
Claims platforms
Customer databases
Billing or financial systems
Other operational tools
In these cases, OpenSesame AI Inc. acts as a data processor on behalf of the organization deploying the platform and processes information only according to the instructions of that organization.
We do not sell, rent, or repurpose integration data.
3. Messaging Channels and Communication Data
General Magic operates across messaging platforms including:
SMS messaging
Apple iMessage
WhatsApp
Other supported messaging channels
Messages exchanged through these channels may contain personal information necessary to complete workflows such as policy inquiries, claims updates, service requests, renewal reminders, or general customer support interactions.
Where supported by the messaging platform, communications utilize the platform’s native encryption capabilities.
For example:
Apple iMessage communications utilize Apple's encryption infrastructure.
WhatsApp communications use end-to-end encryption provided by WhatsApp.
SMS messages are transmitted through telecommunications carrier networks and may not support end-to-end encryption.
Message content is processed only for the purpose of enabling requested services and completing workflows.
4. Authentication and Identity Verification
To protect sensitive information and ensure that only authorized users can access account information, certain workflows may require identity verification.
Authentication methods may include:
One-time passcodes (OTP)
Secure authentication links
Verification through connected enterprise systems
Token-based authentication
These mechanisms help prevent unauthorized access to sensitive information such as account details, policy data, or claims information.
5. How We Use Information
We use collected information to:
Provide, operate, and maintain the General Magic platform
Process messaging conversations and service interactions
Route requests to connected enterprise systems
Authenticate users and protect account access
Improve system performance and reliability
Detect and prevent fraud, abuse, or unauthorized access
Comply with legal obligations and regulatory requirements
Communicate with users regarding service updates or support
We do not sell personal information and do not use personal information for unrelated advertising purposes.
6. Data Security
We implement technical and organizational safeguards designed to protect personal information and personally identifiable information (PII).
Security measures include:
Encryption of data in transit using TLS 1.2 or higher
Encryption of sensitive data at rest using AES-256 encryption standards
Role-based access controls and restricted internal permissions
Multi-factor authentication for internal systems
Infrastructure monitoring and security logging
Formal incident response procedures
OpenSesame AI Inc. maintains SOC 2 Type II compliance, which independently verifies that our security controls operate effectively to protect customer data.
Access to sensitive systems and customer data is limited to authorized personnel on a strict need-to-know basis.
7. Personal Information and PII Protection
General Magic may process personally identifiable information (PII) as part of messaging interactions and enterprise workflows.
Examples may include:
Customer names
Contact information
Policy numbers
Claims references
Service requests
Other customer support information
We implement safeguards designed to ensure that this information is handled securely and in accordance with applicable privacy regulations.
Enterprise customers determine the categories of personal information processed through their deployment of the platform.
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.
Retention periods may depend on:
Customer agreements
Enterprise data retention policies
Operational requirements
Legal and regulatory obligations
Message logs and system logs may be retained for operational monitoring, troubleshooting, and security auditing purposes.
Enterprise customers may control retention policies through contractual agreements with us.
9. Sharing of Information
We do not sell personal information.
Information may be shared in limited circumstances including:
Service Providers
Trusted vendors who assist with infrastructure hosting, messaging infrastructure, security services, and analytics.
Enterprise Customers
If you interact with General Magic through an organization such as an insurance carrier, brokerage, or enterprise customer, your interactions may be accessible to authorized administrators within that organization.
Legal Compliance
When required to comply with applicable laws, regulations, legal processes, or government requests.
Business Transactions
If OpenSesame AI Inc. undergoes a merger, acquisition, or sale of assets, information may be transferred subject to confidentiality obligations.
10. International Data Transfers
OpenSesame AI Inc. operates from Canada but may use infrastructure providers located in other jurisdictions including the United States.
As a result, information may be processed or stored in Canada, the United States, or other locations where our service providers operate.
When cross-border data transfers occur, we implement safeguards designed to protect personal information in accordance with applicable privacy laws.
11. Your Rights
Depending on your jurisdiction, you may have rights regarding your personal information including:
The right to request access to personal information we hold about you
The right to request correction of inaccurate information
The right to request deletion of personal information where permitted by law
The right to withdraw consent for certain processing activities
Requests regarding personal information may be directed to the contact information below.
Residents of Canada may also contact the Office of the Privacy Commissioner of Canada regarding privacy concerns.
12. Children’s Privacy
Our Services are not directed to individuals under the age of 13 or the age of majority in their jurisdiction.
We do not knowingly collect personal information from children. If we become aware that personal information from a child has been collected without appropriate consent, we will take steps to remove that information.
13. Cookies and Tracking Technologies
Our website and related services may use cookies and similar technologies to improve functionality and analyze usage patterns.
Cookies may include:
Session cookies that expire when a browser session ends
Persistent cookies that remain on a device until deleted
Users may adjust cookie preferences through their browser settings.
13.1 Third-Party Data and Advertising Partners
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others may have about you, including by association with your email address.
We or our service providers may use this information to send communications or marketing to these email addresses.
You may opt out of receiving this advertising by visiting:
https://app.retention.cm/optout
If you are located in a jurisdiction that provides additional data rights, including under the General Data Protection Regulation (GDPR), you may also opt out of the collection and processing of your personal data for these purposes by visiting:
https://www.rb2b.com/rb2b-gdpr-opt-out
Users may adjust cookie preferences through their browser settings or through available consent management tools on our website.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in technology, regulatory requirements, or our services.
If material changes are made, we will provide notice through our website or through the Services before the changes take effect.
Continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.
15. Contact Information
If you have questions regarding this Privacy Policy or our data practices, you may contact us at:
jai@generalmagic.inc
Toronto, Ontario, Canada
20 Maud Street, Unit 402
