Privacy Policy

Margent ("we," "us," or "our") operates the Margent personal finance platform, accessible at margent.app and app.margent.app. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using Margent, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.

Information you provide directly:

• Account: Email address, password (hashed — never stored in plaintext), display name, and profile photo.
• Financial data: Transactions, budgets, categories, recurring expenses, savings goals, and net worth accounts you enter or import.
• Expense splits: Names and payment handles (e.g., Venmo usernames) of people you split expenses with.
• Support communications: Messages you send us via the contact form or email.

Information from third parties:

• Bank data via Plaid: If you connect a bank account, we receive transaction history, account balances, and institution metadata. We never receive or store your bank username or password. Plaid's access is read-only.
• Payment data via Stripe: Stripe processes all subscription payments. We receive a customer ID and subscription status; we never see or store your full card number.

Information collected automatically:

• Usage analytics: Pages visited, features used, session duration, and click events — collected via PostHog.
• Device and log data: IP address, browser type, OS, and access timestamps.
• Push notification tokens: FCM tokens (via Firebase) to deliver push notifications if you opt in.
• Cookies: Session cookies to keep you signed in. We do not use advertising or cross-site tracking cookies.

• Provide, maintain, and improve the Service
• Sync and display your bank transactions and financial data
• Process subscription payments through Stripe
• Send transactional emails (weekly summaries, budget alerts, receipts) via Resend
• Deliver push notifications you have opted into via Firebase
• Respond to support requests
• Analyze usage patterns to improve product features
• Detect and prevent fraud, abuse, or security threats
• Comply with legal obligations

We do not use your financial data to train machine learning models sold to third parties, build advertising profiles, or make automated decisions that have legal or significant effects on you.

We do not sell, rent, or trade your personal information. We may share it only in these limited circumstances:

• Service providers: We share data with vendors who help us operate the Service, under strict data processing agreements. This includes:
  • Supabase — database hosting and authentication
  • Plaid — bank account connections
  • Stripe — subscription billing
  • Resend — transactional email delivery
  • Firebase / Google — push notification delivery
  • PostHog — product analytics
  • Vercel — hosting and infrastructure
• Legal requirements: If required by law, subpoena, court order, or to protect the rights, property, or safety of Margent, our users, or the public.
• Business transfers: In connection with a merger, acquisition, financing, or sale of all or a portion of our assets. We will notify you before your data is subject to a different privacy policy.
• With your consent: We will share your information in any other way with your explicit consent.

We implement industry-standard security measures:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for sensitive data at rest (bank access tokens, etc.)
• Secure, bcrypt-hashed authentication via Supabase Auth
• Read-only bank connections through Plaid — we cannot move money
• Row-level security on all database tables

Despite these measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data. In the event of a breach that affects your rights or freedoms, we will notify you as required by applicable law.

We retain your personal data for as long as your account is active or as necessary to provide the Service. If you delete your account:

• Your personal data and transaction history are deleted within 30 days.
• Anonymized, aggregated analytics data may be retained indefinitely.
• We may retain certain records longer if required by law (e.g., billing records for tax purposes).

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and personal data ("right to be forgotten").
• Portability: Request your data in a machine-readable format.
• Opt-out of communications: Unsubscribe from marketing or notification emails via the unsubscribe link in any email, or through Settings → Notifications.
• Disconnect banks: Remove Plaid bank connections at any time through the Banks section.

To exercise any of these rights, contact us at jude@margent.app or use your account settings. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• The right to know what personal information we collect, use, disclose, and sell.
• The right to delete personal information we have collected from you.
• The right to opt out of the sale or sharing of your personal information. We do not sell your personal information.
• The right to non-discrimination for exercising your privacy rights.
• The right to correct inaccurate personal information.
• The right to limit use of sensitive personal information.

To submit a CCPA request, contact us at jude@margent.app. We do not discriminate against users who exercise their CCPA rights.

The following third-party services process your data on our behalf. Each has its own privacy policy:

• Plaid Privacy Policy — bank connections
• Stripe Privacy Policy — subscription billing
• Supabase Privacy Policy — database and auth
• Firebase Privacy Policy — push notifications
• Resend Privacy Policy — transactional email
• PostHog Privacy Policy — product analytics

The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected information from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us at jude@margent.app.

Margent is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States, which may have different data protection laws than your country. By using the Service, you consent to this transfer.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the address on your account) and by posting the updated policy with a new effective date. Continued use of the Service after notification constitutes acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us: