What we know about you.

01What we collect & what we don't

The shortest list we can stand behind.

Margin only collects what's needed for the device to show you what's due. Anything that isn't strictly necessary, we don't collect. Here's the full accounting:

The browser plugin reads your already-authenticated session with Canvas, Blackboard, or D2L — the same way you read it. We never see your university password and we never log you in. If your school's session expires, the plugin stops reading until you log in again, on your own.

02What it's used for

One purpose. The device.

Your data is used for one thing: showing your assignments and schedule on your Margin device. That's the whole purpose. We don't use it for advertising, recommendations, training models, market research, or any other secondary purpose.

Specifically, we never:

• Sell your data to anyone, for any reason.
• Share your data with advertisers, brokers, or affiliates.
• Use your assignment titles to train AI models.
• Profile you, your study habits, or your academic performance.

These aren't aspirations — they're commitments. If we ever wanted to do any of these things, we would need to update this policy and notify you first, and we believe we never will.

03Where it lives

Two places, both named.

Your data lives in exactly two places:

• Our database, hosted on Supabase. Supabase is a managed Postgres provider; we use them as a data processor, not a data sharer. They host the data and don't read it. Their privacy practices are at supabase.com/privacy.
• Your device, in your dorm or room. The device caches the most recent assignment list and your WiFi credentials locally so it can keep working when the internet hiccups.

Three other services are involved when you choose to connect them, and your data flows through them only because you asked it to:

• Todoist, if you give the device your Todoist API token to show personal tasks. Your token stays on your device.
• Google Calendar, if you give the device your private iCal URL. The URL is stored on your device, not on our servers.
• Open-Meteo, a free public weather API. The device sends a fixed latitude and longitude (the one you set during onboarding) to get the local forecast. No personal information is sent.

That's the complete list. There are no other third parties. No marketing pixels, no analytics scripts, no chat widgets, no data brokers.

04How long we keep it

Specific durations, not "as long as needed."

Real numbers:

• Assignments are deleted 90 days after their due date. Long enough to cover a full semester; short enough that we're never sitting on a year of old academic data.
• Your email address is kept until you delete your account. We use it only to identify your device and to email you about service changes — never marketing.
• Calendar & Todoist data passes through, it doesn't sit. The device fetches them fresh every refresh and discards the previous copy. We don't keep a history.
• Local device data (assignment cache, WiFi credentials, API tokens) lives on the device until you reset it. A factory reset wipes everything. If you sell or give away your device, run the reset first.

05Your rights

What you can ask us to do.

You can:

• See everything we have on you. Email us and we'll send you a complete export within seven days. No "verification" runaround, no portal to sign up for.
• Delete your account and all associated data. Same channel, same response time. Deletion is permanent and we don't keep "backup" copies after thirty days.
• Correct anything that's wrong. We don't typically have anything to correct (we're just relaying assignment titles), but if something looks off, tell us.
• Stop the sync without deleting your account. Just uninstall the browser plugin. The device will show its last cached state and stop receiving updates.

These rights apply to everyone, regardless of where you live — not just users in California or the EU. We don't think basic data rights should depend on jurisdiction.

06Security

What we actually do.

Practical measures, not promises:

• All data is encrypted in transit (HTTPS / TLS 1.2 or newer).
• The database has row-level security so one user's data can't be read by another, even by a compromised query.
• Passwords for university LMS accounts are never sent to us — the browser plugin uses your existing session.
• Local device files containing API tokens are stored in a non-world-readable location on the device's SD card.

What we don't claim: that we're impervious to breach. No company can honestly claim that. If a security incident affects your data, we'll tell you what happened, what we know, and what we're doing about it — within 72 hours of confirming the breach. Not "as soon as practicable." Not "in due course." Within 72 hours.

07Children under 13

Margin is for users 13 and older.

We don't knowingly collect data from anyone under 13. If you're a parent or guardian and you believe your child has registered for Margin, email us and we'll delete the account and all associated data, no questions asked.

This policy aligns with COPPA (the U.S. Children's Online Privacy Protection Act). Schools and districts that wish to provide Margin to students under 13 should contact us first — we don't currently support that use case.

08International users

The world is bigger than the U.S.

Margin is operated from the United States. If you use Margin from outside the U.S., your data will be transferred to and stored on servers in the United States. By using Margin, you consent to this transfer.

For users in the European Economic Area, the United Kingdom, or Switzerland: we process your data on the legal basis of performing the contract you've entered into with us (i.e., you bought a Margin device and we make it work). You have the rights described in section 05, plus the right to lodge a complaint with your local data protection authority.

For California residents: the rights in section 05 satisfy the requirements of the CCPA / CPRA. We don't sell your data and we don't "share" it for cross-context behavioral advertising — there is no advertising on Margin.

09Changes to this policy

How you'll know we changed something.

If we update this policy in any meaningful way — adding a new third party, changing what we collect, changing how long we keep it — we'll email every active user at least 30 days before the change takes effect. The email will say what changed, in plain language, and link to a diff of the old and new policies.

Cosmetic edits (typos, clarifications, link fixes) don't count and won't trigger an email. The "last updated" date at the top of this page reflects every change, cosmetic or otherwise.