Security Trust Center
Every promise we make about your data is enforced by a control in the product. Here's the programme, overview, certifications, infrastructure, vendor management, and how to get the full security pack.
Security overview
margininfo handles the data your business runs on, orders, costs, ad spend, customer records. The platform is engineered so that every promise we make about that data is enforced by a real control, not by a paragraph in a policy.
Three commitments anchor the programme: read-only by default, human-gated money-moving actions, and your data, your tenant, your control. Everything below is how we make those promises stick.
Data handling
All connectors are scoped to read on initial connection. Write actions are opt-in per integration, gated by a human approver in the workspace, and logged with the prompt, the simulation, the approver, and the outcome.
Customer data is encrypted in transit (TLS 1.2+) and at rest (AES-256) using keys that are rotated automatically and stored in AWS KMS. Secrets and per-workspace credentials are isolated in a separate vault and never exposed to the agent's reasoning context.
AI and the agent
We do not train shared foundation models on customer data. Only the minimal prompt excerpts required to answer the current question are sent to inference providers, and those providers contractually agree not to retain or train on our payloads.
Every agent run is recorded as an auditable trail: the inputs it pulled, the hypotheses it tested, the citations it produced, the action it proposed, and the human who approved or declined.
Retention and deletion
Workspace data lives until you delete it. On workspace deletion we remove customer data from active systems within 30 days and from encrypted backups within 60 more. Operational logs are kept for up to 24 months for security and tax compliance.
Infrastructure
margininfo runs on Amazon Web Services across multiple availability zones in two primary regions (us-east-1 and eu-west-1). The marketing site and edge layer run on Cloudflare. The agent runtime is deployed as a stateless service behind a job queue with at-least-once delivery and idempotent processing.
We meet a 99.9% monthly availability target for the app and API. Recovery point objective is 5 minutes; recovery time objective is 30 minutes. We exercise both quarterly via the failover drill referenced in the status page.
Access controls
Internal access to production data is restricted to the on-call engineers required to operate the Service, gated by SSO with mandatory MFA and JIT elevation through a logged break-glass flow. Standing access to customer data is set to zero.
Inside the workspace, Customer controls who can do what via the role matrix, Owner, Admin, Analyst, Approver, Billing Admin, surfaced on the team settings screen below.
Compliance
Our SOC 2 Type II audit window opens in Q3 · 2026; the SOC 2 Type I report is available today under NDA. We are GDPR- and CCPA-ready, with a published DPA that incorporates the EU Standard Contractual Clauses for international transfers.
We are not in scope for HIPAA and do not knowingly process protected health information. We are PCI-aware, Stripe handles card data; margininfo never touches PAN material.
Vendor management
Every sub-processor is reviewed by Security, Legal, and Engineering before onboarding. The full list, purpose, region, certifications, lives at /subprocessors and is incorporated into our DPA by reference.
Changes are announced 30 days in advance to give workspace owners time to object. We re-review every vendor annually, and exit a vendor when their security posture or data-handling drifts from our bar.
Incident response and disclosure
We run a 24/7 on-call rotation with documented runbooks for the most common failure modes. The on-call engineer pages a second responder within 10 minutes for any P1 or any incident touching customer data.
If you believe you've found a vulnerability, please report it to security@margininfo.com. We acknowledge within one business day, will not pursue good-faith research, and credit researchers in our hall of fame on request.
Certifications and posture
The audits we hold, the ones we're working toward, and the regulations our workflows are built against. Anything marked in progress has a target window; ask for the timeline under NDA.
- SOC 2 Type II in progress
Audit window opens Q3 · 2026. Type I report available under NDA today.
- ISO 27001 planned
Scoped for 2027 alongside our EU data residency rollout.
- GDPR ready
DPA + EU SCCs available · sub-processor list maintained at /subprocessors.
- CCPA ready
DSAR workflow live · response within 30 days, verified by workspace owner.
- HIPAA out of scope
We do not process protected health information.
- PCI DSS aware
Cards tokenized by Stripe, margininfo never touches PAN data.
Controls in the product
Every security promise we make is enforced by a real surface inside the workspace, role-based access, 2FA, sub-processor disclosure and revocation, and audit logs for every action that touches money.
Need the full security pack?
SOC 2 Type I report, penetration-test summary, DPA, sub-processor list, and our latest BCP/DR drill. Available under mutual NDA.