Privacy Policy

We collect the following data when you use MarginVN: **Account data:** Email address, display name, profile picture (from Google if using OAuth login). **Usage data:** Profit calculation results, analysis history, custom settings. We do NOT store original Excel/CSV files — only processed results. **Technical data:** IP address (for security and legal compliance), browser type, timezone. **Payment data:** Only transaction status (success/failure). Card/account details are processed by PayOS — we do not store payment information.

We process your data for the following purposes: • **Service delivery:** Profit calculations, saving analysis history, generating reports. • **Security:** Identity verification, preventing unauthorized access. • **Product improvement:** Aggregate (anonymized) analytics on feature usage. • **Legal notifications:** Notifications about e-commerce fee changes and terms updates. • **Marketing (with your consent):** Emails about new features and promotions. We do NOT sell personal data, share with third parties for marketing, or use data beyond stated purposes.

We only share data with partners necessary to provide the service: Supabase (data storage), PayOS (payment processing), AWS SES (email delivery), Google (OAuth login if chosen). All partners have Data Processing Agreements with us.

Account data is retained until deletion + 30-day grace period. Calculation history follows plan limits. Consent logs are retained for 5 years for compliance. All personal data is fully deleted within 30 days of account deletion.

Under Personal Data Protection Act 2010 (PDPA), as amended June 2025, you have the following rights: • Right of access • Right of correction • Right to withdraw consent • Right to prevent processing for direct marketing • Right to data portability • Right to lodge a complaint with JPDP To exercise your rights: Settings → My Data in the app, or email dpo@marginnvn.vn. We respond within 72 hours.

All data is transmitted over HTTPS/TLS 1.3. Passwords are hashed with bcrypt. Row Level Security ensures users only see their own data. In case of a data breach, we will notify Department of Personal Data Protection (JPDP) and affected users within 72 hours.

Data Protection Officer: dpo@marginnvn.vn Supervisory Authority: Department of Personal Data Protection (JPDP) https://www.pdp.gov.my