Privacy Policy

The short version

• Your journal entries never leave your Mac. They are encrypted on disk and never transmitted to us.
• We have no analytics, no telemetry, no crash reporting that includes your content, and no advertising.
• The only personal data we receive is what you give us directly: an email if you join the waitlist, and purchase information when you buy.
• Payments are handled by Paddle as merchant of record. The website is hosted on Cloudflare. We use these for the minimum necessary and nothing more.

---

1. Who we are

"Margin," "we," "us," or "our" refers to Margin, a product of RAJ Studios based in Canada. We are the data controller for any personal data described in this policy.

2. What Margin (the app) collects

Nothing about your journal entries. Margin stores your entries in encrypted files on your Mac. The encryption key is held in your macOS Keychain. We never see, transmit, or have access to your entries.

License validation. Periodically, Margin contacts Paddle's license-validation service to confirm your license is still valid. This sends your license key (not your identity, not your content) to Paddle. If you're offline, Margin caches the last successful validation and works normally.

No analytics or telemetry. The app does not phone home. We do not collect usage statistics, crash reports containing your data, performance metrics tied to your identity, or any other behavioural signals. If you find a bug, you can email us with a description; we'll never have an automatic crash dump.

3. What the website collects

Waitlist signups. If you submit your email on the marginjournal.app waitlist form, we store your email address with Ghost, our newsletter provider, so we can email you when Margin ships. You can unsubscribe at any time using the link in any email we send. We don't share your email with anyone else.

Server logs. Our host (Cloudflare) keeps standard server logs (IP address, user agent, request URL, timestamp) for security and abuse-prevention purposes. We don't actively analyze these logs and don't link them to anyone's identity.

No cookies for tracking. The site does not set tracking cookies. The theme preference (dark or cream) is stored in your browser's local storage and never sent to us.

4. What we collect when you buy

When you purchase Margin or a theme, checkout is processed by Paddle.com Market Limited ("Paddle"), the merchant of record. Paddle collects the information needed to process the transaction: your name, email, billing address, payment details, and tax information.

Paddle is the data controller for that purchase data. We receive a limited subset from Paddle (your email, country, the product you bought, and the order ID) for the purpose of issuing a license key, providing support, and complying with our tax obligations. We use this only for those purposes.

Paddle's own privacy practices are described in their Privacy Policy.

5. Third-party services we use

We use a small number of third-party services. Each handles a specific function:

• Paddle — payment processing, tax compliance, license-key delivery and validation.
• Cloudflare — website hosting (Cloudflare Pages) and DNS. Standard server logs.
• Ghost — newsletter delivery for the waitlist.

We do not use ad networks, behavioural analytics, fingerprinting services, or social-media trackers.

6. How we use the data we have

We use the limited data we receive only to:

• Deliver your license key and grant access to what you purchased.
• Send you the occasional release announcement, if you joined the waitlist.
• Respond when you contact us for support.
• Comply with legal, tax, and accounting obligations.

We do not sell, rent, or trade your personal data. We do not use it to train AI models. We do not profile you.

7. How long we keep data

Waitlist emails are kept until you unsubscribe. Purchase records are kept as long as required by Canadian tax law (currently six years) and Paddle's own retention obligations. We delete what we can when retention is no longer required.

8. Your rights

Depending on where you live, you may have rights under privacy law (such as GDPR if you're in the EU/UK, PIPEDA in Canada, or the CCPA in California). These typically include the right to:

• Know what personal data we hold about you.
• Request a copy.
• Ask us to correct inaccuracies.
• Ask us to delete data we no longer need.
• Unsubscribe from marketing emails at any time.

To exercise any of these, email [email protected] from the email address you used with us. We aim to respond within 30 days.

9. International transfers

Margin is operated from Canada. Paddle, Cloudflare, and Ghost may process data in other jurisdictions, including the United Kingdom, United States, and European Union. Each of these providers has their own safeguards for international transfers, summarized in their respective privacy policies.

10. Children's privacy

Margin is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with information, please contact us and we'll delete it.

11. Security

Your journal entries are encrypted on your Mac using AES-GCM with a key derived via PBKDF2 (600,000 iterations). The master key is stored in your macOS Keychain. Encrypted day-files live in your Application Support directory and never leave your Mac unless you explicitly export them. We design Margin to be secure-by-default; we do not have a recovery mechanism that would let us read your entries.

12. Changes to this policy

We may update this policy from time to time. We'll update the "Last updated" date at the top, and material changes will be noted on the Margin website. Continued use of the website or app after a change means you've accepted the updated policy.

13. Contact

For any privacy question or to exercise the rights above, email [email protected]. We read every message and respond as quickly as we can.