Privacy Policy

Last updated: April 2026

MarginGains ("we," "us," or "our") operates the MarginGains platform at margingains.ai. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform and services.

MarginGains is a business-to-business (B2B) software-as-a-service platform. Our users are restaurant owners, operators, managers, and home services business owners, along with their authorized employees. This policy applies to all users of the platform.

1. Information We Collect

1.1 Account Information

When you create an account or are invited to join an organization, we collect:

• Name and email address
• Phone number (optional)
• Organization name and role
• Authentication credentials (managed via Firebase Authentication)

1.2 Operational Data

Through your use of the platform, we process and store:

• Employee schedules, time entries, and labor records
• Break compliance and labor law tracking data
• Daily operational forms, checklists, and audit reports
• Digital signatures collected on forms and compliance documents
• Restaurant performance metrics and operational notes

1.3 POS Integration Data

If you connect a point-of-sale system (such as Toast), we receive:

• Sales and revenue data
• Time entry and payroll export data
• Menu and product information

This data is transmitted via secure file transfer (SFTP) and processed by our backend systems.

1.4 Usage and Technical Data

• Browser type and device information
• Pages visited and features used within the platform
• IP address and approximate location
• Error logs and performance data

1.5 Communications

If you contact us via email or through the platform, we retain those communications to provide support and improve our services.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the MarginGains platform
• Process and display your operational data (schedules, forms, audits)
• Generate reports, analytics, and AI-powered insights for your business
• Ensure labor law compliance tracking and break compliance monitoring
• Send service-related communications (account alerts, feature updates)
• Provide customer support
• Detect and prevent fraud or security issues
• Comply with legal obligations

3. AI and Automated Processing

MarginGains uses artificial intelligence to provide operational coaching, generate insights, and assist with data analysis. Certain data you enter or upload may be sent to third-party AI providers (currently OpenAI) for processing. When this occurs:

• Only the minimum data necessary for the specific AI feature is transmitted
• Data is sent via encrypted connections
• We do not permit AI providers to use your data for training their models
• AI-generated outputs are suggestions only and do not constitute professional advice

4. Data Storage and Security

4.1 Infrastructure

Your data is stored on Google Cloud Platform infrastructure through Firebase services, including:

• Firebase Authentication for identity and access management
• Cloud Firestore for application data storage
• Cloud Storage for Firebase for file and document storage
• Cloud Functions for Firebase for server-side processing

All data is stored in the United States. Google Cloud maintains SOC 2, ISO 27001, and other industry-standard certifications.

4.2 Security Measures

• All data in transit is encrypted via TLS/HTTPS
• Data at rest is encrypted using Google Cloud's default encryption
• Access to production systems is restricted to authorized personnel
• We use Firebase Security Rules to enforce data access controls at the database level
• Multi-tenant architecture ensures organizations can only access their own data

5. Third-Party Services

We share data with the following categories of third-party service providers:

• Google / Firebase: Cloud infrastructure, authentication, database, storage, and hosting
• OpenAI: AI-powered features and operational coaching (limited data as described in Section 3)
• Toast (or other POS providers): Point-of-sale data integration via SFTP when you connect your POS account
• Calendly: Demo scheduling (only if you choose to book a demo)

We do not sell your personal information to third parties. We do not share your data with third parties for their own marketing purposes.

6. Employee Data

If you are an employer using MarginGains, you may input employee information into the platform (names, schedules, time entries, signatures, etc.). As the employer, you are the data controller for your employees' information. You are responsible for:

• Providing appropriate notice to your employees about how their data is processed
• Ensuring you have a lawful basis for collecting and processing employee data
• Responding to employee data access or deletion requests related to your organization's data

MarginGains acts as a data processor on your behalf for employee data. We process it only as necessary to provide the platform services you have contracted for.

7. Cookies and Tracking

MarginGains uses the following types of cookies and similar technologies:

• Essential cookies: Required for authentication and platform functionality (Firebase auth tokens)
• Performance cookies: Help us understand how the platform is used and identify errors

We do not use third-party advertising cookies. We do not engage in cross-site tracking for advertising purposes.

8. Data Retention

• Active accounts: We retain your data for as long as your account is active and you maintain a subscription
• After cancellation: We retain your data for 90 days after account cancellation to allow for reactivation, then permanently delete it
• Backups: Backup copies may persist for up to 30 additional days after deletion from production systems
• Legal obligations: We may retain certain data longer if required by law (e.g., tax or employment records)

9. Your Rights (California Residents — CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request details about the personal information we have collected about you
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt Out of Sale: We do not sell personal information, so this right does not apply
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at vinny@margingains.ai. We will respond within 45 days as required by law.

10. Data Transfers

Your data is stored and processed in the United States. If you are using our services from outside the United States, your data will be transferred to and processed in the United States. By using our platform, you consent to this transfer.

11. Children's Privacy

MarginGains is a B2B platform designed for business use. We do not knowingly collect personal information from anyone under the age of 16. If we discover that we have collected data from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or an in-app notification.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

MarginGains
Vincent Margott, Owner
Email: vinny@margingains.ai
Website: margingains.ai