MarginWardFrançais

Updated · June 11, 2026

Privacy policy

This policy explains what data MarginWard processes, why, and the rights you have.

Data controller

Fabien Deshais, 231 rue Saint-Honoré, 75001 Paris, France. Contact: [email de contact à compléter].

Data we process

Account: your email address and an account identifier.

Billing: handled by Stripe. We never store your card numbers.

Data you import through your connections: identifiers of your own customers (email, name, recurring revenue) read read-only from Stripe, and technical identifiers (user_id) plus LLM costs from Langfuse or the ingestion API.

Third-party access keys you provide are encrypted at rest (AES-256-GCM) and are never displayed or exported.

Purposes and legal bases

Providing the service (per-customer margin): performance of the contract.

Subscription billing: performance of the contract and legal accounting obligations.

Email alerts and digests: performance of the contract (configurable in settings).

Security and abuse prevention: legitimate interest.

Processors and recipients

Your data is processed by the following processors, each within the necessary scope:

Supabase (Supabase Inc.) — database and authentication, hosted in the European Union.

Vercel (Vercel Inc., United States) — application hosting.

Stripe (Stripe Payments Europe) — subscription billing and read-only access to your billing data.

Resend (Resend Inc., United States) — transactional emails (alerts, digests).

Langfuse — read-only access to your LLM costs when you connect that source.

OpenRouter — read-only access to your LLM costs aggregated by model when you connect that source.

Sentry (Functional Software Inc.) — error monitoring, only when enabled.

Transfers outside the European Union

Some processors (Vercel, Resend, Sentry) are based in the United States. Transfers are governed by the European Commission's Standard Contractual Clauses.

Retention

Data is kept while your account is active. Usage history is limited by your plan (30 days, 365 days, or unlimited).

When you delete your account, all data is erased.

Your rights

You have the right to access, rectify, erase, port, restrict and object.

You can export all your data (JSON) and permanently delete your account directly from settings. For any other request, contact us.

You may lodge a complaint with the French data protection authority (CNIL, cnil.fr).

Security

Third-party keys encrypted at rest, per-account data isolation at the database level (Row-Level Security), HTTPS and strict security headers.