MarginWardFrançais

Updated · June 11, 2026

Data processing addendum (DPA)

When you import data about your own end users, you act as the data controller and MarginWard as the processor. This summary describes that processing.

Subject matter and duration

The processor handles the data solely to provide the service, for the duration of the contract.

Nature of the data

Your customers' identifiers (email, name, technical user_id) and related amounts (revenue, LLM costs).

Processor commitments

Process data only on the controller's documented instructions.

Ensure confidentiality and appropriate security measures (encryption, per-account isolation).

Assist the controller with data-subject requests and notify any breach without undue delay.

Delete or return the data at the end of the contract (export and deletion available in the app).

Sub-processors

The processor uses the following sub-processors:

Supabase (Supabase Inc.) — database and authentication, hosted in the European Union.

Vercel (Vercel Inc., United States) — application hosting.

Stripe (Stripe Payments Europe) — subscription billing and read-only access to your billing data.

Resend (Resend Inc., United States) — transactional emails (alerts, digests).

Langfuse — read-only access to your LLM costs when you connect that source.

OpenRouter — read-only access to your LLM costs aggregated by model when you connect that source.

Sentry (Functional Software Inc.) — error monitoring, only when enabled.

Contractual version

To sign a contractual version of this DPA, email us at [email de contact à compléter].