Legal

Privacy notice

Last updated: 10 July 2026.

Public detector

The request detector runs in your browser and does not send the scope or request text to MarginRail.

Aggregate website measurement

Public pages send aggregate page-view and link-click events to MarginRail so we can measure which free tools lead to audits. These events contain the page path, clicked link label and referring hostname. MarginRail does not set an analytics cookie, create a visitor identifier or store the request IP address. Browser “Do Not Track” is respected.

Business-to-business outreach

MarginRail may use a corporate agency’s name, publicly listed generic business address, legal status source and relevance notes to send a limited, relevant introduction under legitimate interests. MarginRail does not use purchased lists or inferred personal email addresses and does not market without consent to sole traders or other individual subscribers. Every message identifies MarginRail and offers a direct opt-out.

If a business or contact objects, MarginRail stops marketing and keeps the minimum suppression record needed to prevent future contact. Uncontacted prospect records are deleted or re-verified after 90 days. You can object by replying to any message.

AI scope-risk report

The report sends the scope excerpt and client request you provide to Cloudflare Workers AI for analysis. Remove client names, personal data, credentials and unnecessary confidential information before submitting. MarginRail does not retain the complete source text in its database.

If you continue from the report into a pilot workspace in the same browser tab, the browser keeps the redacted scope, request, hours and rate in session storage for up to two hours so the workspace can prefill them. This draft is not sent to the database until you review and save it, and it is removed after the first workspace check or when the browser session ends.

The protected report stores the generated analysis and short evidence excerpts for seven days. It is accessible only through the private report link and is then deleted automatically. Business contact details, agency details and conversion status may be retained for up to 90 days so we can follow up on the requested service.

Walkthrough requests

A walkthrough request stores the name, work email, agency, team size, optional website and the fit note supplied in the form. MarginRail uses this only to assess and respond to the request. It is protected by Turnstile and deleted after 90 days. No payment or client-scope document is requested.

Payments

Paid subscriptions will be processed by Stripe. MarginRail does not store full card details.

Passkeys and account sessions

MarginRail passkeys store a public credential, device characteristics needed for verification and a usage counter. Biometric data such as a fingerprint or face scan remains on your device and is never sent to MarginRail. Sign-in sessions are stored as one-way token hashes and expire automatically.

Authenticated workspace data

Saved scope boundaries, client requests, request-intake records and generated decision records are stored within the authenticated agency workspace and processed through Cloudflare infrastructure, including Workers AI when analysis is requested. Workspace access is isolated by agency ID and controlled by trial or subscription status.

Workspace owners and administrators can invite teammates. MarginRail stores each teammate’s name, work email, role and invitation status so it can control access to the correct agency workspace. Private invitation tokens are stored only as one-way hashes and expire after 48 hours.

An agency owner or administrator can create a private request-intake link. MarginRail stores only a one-way hash of its secret token. Anyone holding the link can submit a client/account label, source channel and request wording to that agency’s inbox, so agencies must rotate links that are shared incorrectly. Intake submissions do not approve or schedule work.

An agency can also forward an individual request email to the private tokenised address shown in its workspace. MarginRail does not connect to or read the agency’s mailbox. The forwarding Worker accepts only a current workspace token, removes obvious email addresses and phone numbers from the stored request, rejects duplicates and does not retain the original raw message.

Workspace users can create private client approval links for proposed paid changes. MarginRail stores the proposal, fee, delivery impact, responder name, response note and accept-or-decline status. The secret link token is stored only as a one-way hash and expires after 14 days. This records a commercial response; it is not an electronic-signature service.

Production status

MarginRail currently provides protected pilot workspaces. Live subscriptions remain disabled until the operator’s business identity, support contact and full commercial and data-processing terms are published. Do not submit credentials, special-category data or unnecessary confidential material during the pilot.