Margin privacy policy

Version 1 · June 2026 · plain language on purpose

Margin is a translator between two partners. The things you tell it — capacity numbers, short notes, replies — are consumer health data. We treat them that way.

What Margin collects

• From the sharer: capacity check-ins (a 0–10 number), optional short notes, one-tap signals (e.g. "sensory heavy"), and — only if you connect it — a daily meeting-density number from your Google Calendar (never event titles or attendees).
• From the partner: taps on suggestions (got it / skip / not for me), did-it-land ratings, and text replies to Margin messages.
• From both: names you choose to show each other, the partner's phone number (for message delivery), your couple's playbook, and message delivery records.

What the partner sees — and never sees

The partner sees a capacity band, suggestions the sharer approved before sending, and items the sharer chose to share. The partner never sees raw notes, calendar contents, signal history, or anything the sharer didn't approve. This boundary is enforced in code, not policy.

What we never do

• No selling, sharing, or licensing of data to anyone. Ever.
• No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.
• No advertising, no trackers, no analytics beyond anonymous counts.
• No training AI models on your data.
• No engagement mechanics designed to keep you opening the app.

Who processes your data

Margin runs on Cloudflare (hosting and database, encrypted at rest). Messages are delivered by Twilio. Drafts are generated by Anthropic's API (your note and recent history are sent to draft the message; Anthropic does not train on API data). Calendar sync, if connected, reads busy/free time from Google. That's the whole list.

Your controls

• Export: download everything Margin holds about your couple as one JSON file (GET /export from your signed-in device).
• Delete: permanently erase your couple — all check-ins, messages, signals, tokens, everything. It is a hard delete; there is no recycle bin.
• Pause: the partner can text STOP to any Margin message and all sending halts immediately; START resumes. The sharer can revoke the partner's link at any time.
• Consent first: nothing is ever sent to a partner who hasn't opened their link and agreed to receive it.

Retention

Data is kept while your couple is active. Raw notes and replies older than 12 months are eligible for deletion on request now, and automatic cleanup is planned. Deleting your account removes everything immediately.

Where you live matters

We build to the strictest applicable consumer-health standard (Washington's My Health My Data Act): consent before collection, no secondary use, the right to access and delete, no geofencing nonsense. If your jurisdiction grants you more rights, you have those too.

Questions or requests

Email kimmellr@gmail.com. Export and deletion requests are honored within 30 days; in practice they're self-service and instant.

Changes to this policy will be posted here with a new version number, and material changes will be announced inside the app before they take effect.