Privacy.

Margin runs on infrastructure you control. The hosted instance at margin.vinayh.com is the same code, configured for one tenant.

What Margin stores

Per-user OAuth refresh tokens (envelope-encrypted with a per-row data key wrapped by the server's master key). API tokens stored as sha256 hashes. Project metadata, document snapshots you explicitly track, their comments and suggestion threads.

What Margin never sees

Any Google Doc you have not explicitly opened with the add-on, picked from Drive Picker, or created from Margin. The OAuth scope is drive.file; the backend has no read access to your broader Drive.

Telemetry

None. The site has no analytics. The extension talks only to the backend URL you configure. The backend makes no third-party calls besides Google's Drive and Docs APIs.

← Back to home