Marginn collects only the data necessary to provide the service. Your business data - quotes, invoices, customers, and costs - belongs to you. We do not sell data, serve ads, or share information with third parties except those required to run the service.
Controller Information
The data controller for this service is Marginn, an independent software product operating in India.
For all privacy-related inquiries, contact: [email protected]
Scope
This Privacy Policy applies to the Marginn web application at app.marginn.co and the marketing website at marginn.co. It describes what data is processed, why, where it is stored, and the rights available to users.
Data Collected
We collect the following categories of data:
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address, password (hashed) | Authentication and account management |
| Company data | Company name, costing defaults | Personalising the workspace |
| Business data | Quotes, invoices, customers, suppliers, machines, materials, purchase orders, production plans | Core service functionality |
| Contact form data | Name, email, message submitted via marginn.co | Responding to early access requests |
| Usage data | Page views, errors (no ad tracking) | Improving the product |
We do not collect payment card details. We do not build advertising profiles.
How We Use Your Data
Your data is used only for the following purposes:
- Providing and operating the Marginn application
- Sending transactional emails such as account confirmation, password reset, and invoice delivery
- Responding to support and early access inquiries submitted via the contact form
- Diagnosing errors and improving product reliability
We do not use your data for marketing, profiling, or any purpose not listed above.
Data Storage and Security
All application data is stored in Supabase, a managed Postgres database service hosted on AWS infrastructure. Data is encrypted at rest and in transit using TLS.
Access to data is controlled by Row Level Security (RLS) policies that ensure each company can only access its own data. Superuser access is restricted to verified accounts stored separately from regular users.
While we take reasonable measures to protect your data, no system is completely secure. You are responsible for keeping your account credentials confidential.
Third-Party Services
We use the following third-party services to operate Marginn:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database and authentication | All application data |
| Vercel | Application hosting | Request metadata (IP, headers) |
| Cloudflare | Landing page CDN and DNS | Request metadata |
| Resend | Transactional email delivery | Recipient email address, email content |
| Web3Forms | Contact form submissions | Name, email, message from contact form |
None of these providers receive data for advertising purposes.
Data Retention
Your data is retained for as long as your account is active. If you delete your account, all associated data - quotes, invoices, customers, machines, materials, and company records - is permanently deleted from our systems within 30 days.
Contact form submissions are retained for up to 12 months to manage early access requests.
Your Rights
You have the following rights with respect to your data:
- Access - request a copy of the data we hold about you
- Correction - update inaccurate or incomplete information via the app settings
- Deletion - delete your account and all associated data via Settings in the app, or by contacting us
- Portability - request an export of your business data in a standard format
To exercise any of these rights, contact [email protected]. We will respond within 14 days.
Cookies
The Marginn application uses session cookies strictly necessary for authentication. No tracking or advertising cookies are used.
The landing page at marginn.co stores a single theme key in localStorage to remember your display preference (dark or light). This data never leaves your browser and is not transmitted to our servers.
Children
Marginn is a business tool intended for use by adults operating manufacturing businesses. We do not knowingly collect data from anyone under the age of 18. If you believe a minor has created an account, contact us and we will delete it promptly.
Changes to This Policy
If we make material changes to this policy, we will notify registered users by email at least 14 days before the changes take effect. The effective date at the top of this page reflects the most recent revision.