Security & trust

Commercially useful, deliberately contained.

Last reviewed: 12 July 2026. Security questions and responsible disclosures can be sent to security@marginrail.app.

Service architecture

MarginRail runs on Cloudflare Workers. Authenticated workspace records are stored in Cloudflare D1 and every workspace query is restricted by the authenticated workspace ID. Stripe processes subscriptions; MarginRail does not store full payment-card details.

Browser responses set a restrictive Content Security Policy, prevent framing, limit browser permissions and disable caching for authenticated API responses.

Account access

Each user signs in with an individual WebAuthn passkey. MarginRail stores the public credential and verification counter; biometric information stays on the user’s device. Session tokens are stored only as SHA-256 hashes, cookies are HttpOnly and SameSite, and invitations expire after 48 hours.

Users can request a second passkey from Workspace Settings and should register it on another trusted device. A locked-out user can contact support@marginrail.app; recovery requests are manually reviewed and never bypass passkey registration.

Data minimisation and secrets

Private intake, invitation, approval and session tokens are high-entropy values stored as one-way hashes. Recoverable intake credentials and outbound webhook signing secrets are encrypted before storage. Raw forwarded email is not retained; obvious email addresses and phone numbers are redacted from the stored request.

MarginRail asks agencies to submit only the relevant operational scope boundary and request wording, with unnecessary personal and confidential material removed.

AI processing

Workspace analysis uses Cloudflare Workers AI. Results are decision support, not legal determinations, and require human review. Cloudflare states that Workers AI customer content is not used to train its available AI models or improve Cloudflare or third-party services without explicit consent.

Recovery, export and deletion

The production D1 database has provider-managed point-in-time recovery available through Cloudflare D1 Time Travel. Restores are handled under an internal recovery runbook and verified after restoration.

The workspace owner can download a structured JSON export from Settings. Workspace closure and deletion requests are handled through privacy@marginrail.app after authority is verified.

Incident response

MarginRail maintains an incident workflow covering containment, evidence preservation, scope assessment, recovery and customer communication. Suspected security incidents should be sent to security@marginrail.app. Where MarginRail acts as a processor, it will notify the affected agency without undue delay after confirming a personal-data breach.

Subprocessors

ProviderPurposeData involved
CloudflareApplication hosting, database, AI analysis, bot protection and transactional emailAccount, workspace and deliberately submitted analysis data
StripeSubscription checkout, billing portal and payment statusBilling contact, workspace reference and payment records

Questions about subprocessors can be sent to dpa@marginrail.app.