← Back to Home

Privacy Policy

Last updated: January 16, 2025

1. Introduction

margin/ Systems AG ("we," "our," or "us") operates the margin/ platform, a suite of payment optimization tools for online merchants. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

margin/ Systems AG
[Address]
[City, Country]
Email: privacy@margin.so

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and contact information
  • Payment processing volume and PSP information
  • API keys and authentication credentials

3.2 Transaction Data

To provide our services, we process:

  • Bank Identification Numbers (BINs) from card transactions
  • Transaction amounts and currencies
  • Payment method information
  • Intervention and savings tracking data

Important: We do not collect or store full card numbers, CVV codes, or any data that would allow us to initiate payments. We never touch funds and operate with zero PCI scope.

3.3 Technical Data

We automatically collect:

  • IP addresses and browser information
  • API usage logs and performance metrics
  • Error logs and diagnostic information

4. How We Use Your Information

We use your information to:

  • Provide and improve our payment optimization services
  • Detect commercial cards and optimize payment routing
  • Track savings and generate invoices
  • Respond to support requests and communicate with you
  • Ensure security and prevent fraud
  • Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract performance: To fulfill our service agreement with you
  • Legitimate interests: To improve our services and ensure security
  • Legal obligation: To comply with applicable laws and regulations
  • Consent: Where you have provided explicit consent

6. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

  • Service providers: Cloud hosting, payment processing, and analytics providers (all GDPR-compliant)
  • Legal authorities: When required by law or to protect our rights
  • Business transfers: In connection with a merger or acquisition

All subprocessors are bound by data processing agreements and GDPR requirements.

7. Data Retention

We retain your data for:

  • Account data: For the duration of your account plus 7 years for legal compliance
  • Transaction data: 2 years for operational purposes, then anonymized
  • API logs: 90 days for security and debugging

8. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@margin.so.

9. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS 1.3) and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Zero PCI scope (we never handle card data)
  • 99.99% uptime SLA with redundant infrastructure

10. International Transfers

Your data is primarily processed within the European Economic Area (EEA). Any transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) or other GDPR-approved mechanisms.

11. Cookies and Tracking

We use cookies and similar technologies for authentication, analytics, and service functionality. See our Cookie Policy for details.

12. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or prominent website notice.

14. Contact Us

For privacy-related inquiries or to exercise your rights:

Email: privacy@margin.so
Data Protection Officer: dpo@margin.so