Privacy Policy

Last Updated: April 17, 2026

1. Introduction

At Margin Pro, we are committed to protecting your privacy. This policy outlines how Margin Pro (owned and operated by John York, "we," "us," or "our") handles your data when you use the Margin Pro Microsoft Word Add-in and its related services.

2. Data We Access

Margin Pro is designed to be a transparent research tool. We access data in the following ways:

  • Microsoft Graph API: We use the Microsoft Graph API to access your OneDrive storage for the sole purpose of creating and maintaining your "MarginPro_Vault" folder.
  • Document Content: When you save a note, we read only the specific text or media you have explicitly selected or provided. We do not index or scan your entire document.
  • User Profile: We access basic identity information (name, email, and tenant ID) via Firebase Authentication to manage your subscription and provide secure access to your notes.

3. Data Residency & Storage

Your data's location depends on the feature used, structured to maximize privacy and compliance:

  • OneDrive (Primary Storage): All primary research notes, image attachments, and vault files are stored directly in your personal or enterprise Microsoft OneDrive. We do not store copies of your documents on our infrastructure.
  • US-Central Localization: Our secondary databases (Google Firebase), used to index note metadata and manage subscriptions, are explicitly localized to US-Central (Iowa). This ensures domestic data residency for our enterprise stakeholders.

4. The "No AI Training" Guarantee

We recognize that your research and frameworks are highly sensitive. MarginPro never ingests, scans, or utilizes your document content, notes, or metadata to train any generative AI models, machine learning algorithms, or data analytics telemetry. Your proprietary logic remains entirely your own.

Furthermore, we use your data strictly to facilitate the functional features of the MarginPro application. We do not sell, rent, or trade your personal information to third parties.

5. Security Infrastructure

We employ industry-standard security measures, including AES-256 encryption at rest and TLS 1.3 encryption for all data in transit. Access control is managed automatically via your Microsoft Entra ID (inheriting your organization's MFA requirements) and strictly enforced end-to-end using Firebase Security Rules ensuring complete tenant isolation.

6. 2026 Regulatory Alignment (EU AI Act, GDPR, CCPA)

MarginPro is explicitly designed to support modern compliance requirements:

  • Algorithmic Transparency (EU AI Act): Because MarginPro explicitly does not train algorithmic models on user data and operates as a transparent formatting utility, we present no opaque algorithmic risks.
  • Right to Erasure (GDPR / CCPA): You maintain full control over your data within your Microsoft Tenant. Deleting a note in MarginPro permanently destroys the associated metadata from our US-Central index.

7. Third-Party Services

Our service integrates securely with:

  • Microsoft Corporation (Graph API, Entra ID / Azure AD, OneDrive)
  • Google LLC (Firebase Authentication, Firestore, Hosting - US-Central)
  • Stripe/Microsoft Commerce (Subscription processing)

8. Contact Us

If you have any questions regarding this Privacy Policy or require our Enterprise Security questionnaire, please contact us at:
support@marginproapp.com