marginal

Privacy Policy

Last updated May 25, 2026.

This Privacy Notice for Marginal describes how and why we collect, store, use, and process your personal information when you use our Services at getmarginal.app. Privacy is not incidental to Marginal — it is the foundation the product is built on. Your Thoughts are private by default. We collect only what is necessary to provide the service. Questions or concerns? Contact us at hello@getmarginal.app.

Summary of Key Points

What personal information do we process? We collect your email address, username, and content you voluntarily create including your books, Thoughts, Ideas, and Hindsights. We also collect anonymised usage data via PostHog.
Do we process sensitive personal information? Potentially, in a limited sense. Users may reveal religious or philosophical beliefs through the content they write in their private notes. This content is private by default and never used for any purpose other than displaying it back to you.
Do we collect information from third parties? Only if you register via Google OAuth, in which case we receive your email address from Google solely for authentication purposes.
How do we process your information? To provide the Services, manage your account, process your subscription via Paddle, send transactional emails, and monitor service health. We do not use your content for any other purpose.
With whom do we share your information? Only with the service providers necessary to operate Marginal. We do not sell your data. We do not share your Thoughts, Ideas, or Hindsights with any third party.
What are your rights? You can export your data, update your information, and delete your account at any time from within the app. You may have additional rights depending on where you are located.
How do you exercise your rights? Log in to Settings > Account, or contact us at hello@getmarginal.app.

1. What Information Do We Collect?

Personal information you provide directly

We collect personal information that you voluntarily provide when you register and use the Services:

  • Email address
  • Username
  • Password (stored securely via Supabase Auth. We never see your plain text password)
  • Profile information including bio and avatar image
  • Books you add including title, author, format, and other metadata
  • Content you write — Thoughts, Ideas, Hindsights, and Chapter Summaries
  • Book cover images you upload
  • Contact preferences and notification settings
  • Privacy settings

Information collected automatically

When you use the Services, we automatically collect certain technical information via PostHog, our analytics provider:

  • Browser type and settings
  • Device type and operating system
  • Pages visited and features used
  • Events such as books added, Idea editors opened, and features interacted with
  • IP address (used to derive approximate location for analytics only)

This information is collected in anonymised form. No personally identifiable information is sent to PostHog. We use this data solely to understand how the product is used and to improve it.

Information from third parties

If you register or log in via Google OAuth, we receive your email address from Google. We use this solely to create and authenticate your account. We do not receive or store any other Google profile information.

2. How Do We Process Your Information?

We process your personal information for the following purposes:

  • To provide the Services — storing and displaying your books, Thoughts, Ideas, and Hindsights, managing your connections and sharing preferences, and delivering all core product functionality.
  • To manage your account — creating your account, authenticating your identity, managing your username and profile, and maintaining your settings and preferences.
  • To process your subscription — communicating your subscription status to Paddle, receiving confirmation of payment events, and managing your Premium access accordingly.
  • To communicate with you — sending transactional emails including account verification, password reset, data export, and notification emails where you have opted in. Sending onboarding and re-engagement emails via Loops where you have consented.
  • To monitor service health — using Sentry for error monitoring and UptimeRobot for uptime monitoring to ensure the Services remain reliable and secure.
  • To understand usage — using anonymised PostHog analytics to identify how the product is used, which features are valuable, and where improvements can be made.

What we will never do

  • We will never sell your personal information to any third party.
  • We will never use your Thoughts, Ideas, or Hindsights to train machine learning or artificial intelligence models.
  • We will never use your private content for advertising or any commercial purpose beyond providing the service back to you.

3. When and With Whom Do We Share Your Personal Information?

We share your information only with the service providers necessary to operate Marginal. Each provider is bound by their own privacy policies and data processing agreements.

SupabaseDatabase hosting and authentication. Your books, Thoughts, Ideas, Hindsights, and account data are stored on Supabase servers. Privacy policy.
VercelApplication hosting. The Marginal web application is served via Vercel's infrastructure. Privacy policy.
PaddlePayment processing and subscription management. If you subscribe to Premium, Paddle processes your payment and manages your billing. Privacy policy.
ResendTransactional email delivery. We use Resend to send verification emails, password resets, data export links, and notification emails. Privacy policy.
LoopsMarketing email and onboarding sequences. We use Loops to send onboarding and re-engagement emails where you have consented. Privacy policy.
PostHogAnonymised usage analytics. No personally identifiable information is shared with PostHog. Privacy policy.
SentryError monitoring. Sentry may capture technical error data including anonymised device and browser information. Privacy policy.
GoogleOAuth authentication only, if you choose to sign in with Google. Privacy policy.

Connections you choose

When you explicitly share a specific Idea with a specific accepted connection, that person can read the content of that Idea. You control this entirely. You can revoke access at any time. We do not share your content with any other user under any other circumstance.

Business transfers

In the event of a merger, acquisition, or sale of all or a portion of our business, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We do not share your information with affiliates, business partners, or advertisers. We have none.

4. Do We Use Cookies and Other Tracking Technologies?

We use cookies solely for authentication, to keep you signed in between sessions. Without this cookie the Services cannot function.

PostHog may set a first party analytics cookie using anonymised identifiers to track session behaviour for analytics purposes.

We do not use advertising cookies, retargeting cookies, or any third party tracking cookies. There are no advertisements on Marginal.

5. How Do We Handle Google OAuth Logins?

If you choose to register or log in using your Google account, we receive your email address from Google solely for the purpose of creating and authenticating your Marginal account. We do not receive your Google profile picture, contacts, Google Drive data, or any other Google account information. We do not post to your Google account or access any Google services beyond authentication.

We recommend reviewing Google's Privacy Policy at policies.google.com/privacy to understand how Google handles your data.

6. Is Your Information Transferred Internationally?

The Services are hosted on servers located in the United States via Supabase and Vercel. If you access the Services from outside the United States, your information will be transferred to and processed in the United States.

If you are a resident of the European Economic Area, United Kingdom, or Switzerland, please be aware that the United States may not have data protection laws as comprehensive as those in your country. We take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law, including relying on Standard Contractual Clauses where applicable.

7. How Long Do We Keep Your Information?

We keep your personal information for as long as your account exists. When you delete your account, all your data is permanently deleted including your books, Thoughts, Ideas, Hindsights, connections, and uploaded files. This deletion is immediate and irreversible.

If you cancel a Premium subscription, your account reverts to the free tier. Your content is preserved. Nothing is deleted on downgrade.

We may retain minimal information such as records of past transactions where required by law or for fraud prevention purposes after account deletion.

8. Do We Collect Information From Minors?

We do not knowingly collect data from or market to children under 13 years of age. Users between 13 and 18 may use the Services with parental consent.

If we become aware that a child under 13 has provided personal information without verifiable parental consent, we will delete that information promptly. If you become aware of any such data, please contact us at hello@getmarginal.app.

9. What Are Your Privacy Rights?

For all users

You have the following rights regarding your data:

  • Access and export — export all your data at any time from Settings > Account > Export your data. We will email you a complete copy.
  • Correction — update your email, username, bio, avatar, and other profile information at any time from Settings > Profile.
  • Deletion — delete your account and all associated data permanently at any time from Settings > Account > Delete Account.
  • Notification preferences — manage your email notification preferences at any time from Settings > Notifications.
  • Privacy settings — manage your profile visibility and sharing preferences at any time from Settings > Privacy.

For users in the European Economic Area and United Kingdom

Under the GDPR and UK GDPR you have additional rights including the right to object to processing, the right to restrict processing, the right to data portability, and the right to lodge a complaint with your local supervisory authority. Contact us at hello@getmarginal.app to exercise any of these rights.

Withdrawing consent

If we are relying on your consent to process your information, you may withdraw that consent at any time by contacting us at hello@getmarginal.app or by adjusting your settings within the app. Withdrawing consent does not affect the lawfulness of processing that occurred before withdrawal.

10. Controls for Do-Not-Track Features

Some browsers include a Do-Not-Track feature that signals your preference not to have your browsing activities tracked. There is currently no uniform standard for recognising and implementing DNT signals. We do not currently respond to DNT signals.

However, because Marginal does not engage in cross-site tracking or behavioural advertising, the practical impact of DNT on your Marginal experience is minimal. The only tracking we do is anonymised first party analytics via PostHog to improve the product.

11. Do We Make Updates to This Notice?

Yes. We may update this Privacy Notice from time to time to reflect changes in our practices, the Services, or applicable law. The updated version will show a revised date at the top of this page. If we make material changes, we will notify you by email. We encourage you to review this Notice periodically.

12. How Can You Contact Us About This Notice?

For questions, concerns, or requests related to this Privacy Notice, contact us at hello@getmarginal.app. We aim to respond to all privacy-related enquiries within 30 days.

13. How Can You Review, Update, or Delete Your Data?

The easiest way to exercise your data rights is directly within the app:

  • Export your data — Settings > Account > Export your data
  • Update your information — Settings > Profile
  • Manage preferences — Settings > Privacy and Settings > Notifications
  • Delete your account — Settings > Account > Delete Account

You can also submit a request by emailing hello@getmarginal.app. We will respond and act upon your request in accordance with applicable data protection laws.