Privacy Policy

We collect information you provide directly and information generated through your use of our service.

Account Information. When you register, we collect your name, email address, and password. If you sign in via email magic link, we store your email address and a hashed token.

Shopify Store Data. When you connect your Shopify store via OAuth, we receive and store your orders, products, payouts, refunds, shipping transactions, and associated financial metadata. We access this data using Shopify's official API with OAuth 2.0 — we never ask for your Shopify admin password.

Bank Data via Plaid. If you connect your bank account, Plaid provides us with read-only access to your transaction history and account balances. We store the transaction amounts, dates, descriptions, and merchant names needed to reconcile your payouts and calculate runway. We do not store your bank login credentials — these are handled exclusively by Plaid's secure infrastructure.

Ad Spend Data. When you connect Meta Ads, we receive campaign-level spend and revenue data via the Meta Marketing API.

Usage Data. We automatically collect information about how you use RealMargin, including page views, feature interactions, and session duration, to improve the product.

Communications. If you contact us for support or respond to our emails, we retain those communications.

We use the information we collect to:

• Provide, maintain, and improve the RealMargin service
• Calculate your gross revenue, COGS, profit margins, and cash flow metrics
• Generate AI-powered financial insights using your aggregated financial data
• Send transactional emails including weekly digest reports, daily revenue summaries, and account notifications
• Detect money leaks, reconciliation discrepancies, and financial anomalies in your business
• Respond to your support requests and inquiries
• Enforce our Terms of Service and prevent fraud or abuse
• Comply with applicable laws and regulations

We do not use your data to train machine learning models or sell insights to third parties.

We share your information with the following third-party data processors, each bound by data processing agreements:

Neon (database): Your financial data is stored in a Neon PostgreSQL database hosted on AWS in the us-east-1 region. Neon provides encrypted storage and is our primary data processor.

Shopify: We access your store data via the Shopify Partner API under the permissions you grant during the OAuth flow. Shopify is the data controller for your store's underlying data.

Plaid: Bank data is accessed via Plaid's API. Plaid's privacy policy governs the collection and handling of your banking credentials. We receive only the processed transaction data Plaid provides.

Anthropic: To generate AI financial insights and weekly digest narratives, we send anonymised financial summaries (aggregated numbers, no personally identifiable information) to Anthropic's Claude API.

Resend: We use Resend to deliver transactional emails. Your email address is transmitted to Resend solely for the purpose of email delivery.

Twilio: If you enable SMS alerts, your phone number is transmitted to Twilio to deliver text messages.

Vercel: Our application runs on Vercel's serverless infrastructure. Request logs may be retained by Vercel for up to 30 days.

We do not sell your personal information. We do not share your data with advertising networks, data brokers, or analytics companies.

Your data is stored in an encrypted PostgreSQL database (Neon) located in the United States (AWS us-east-1). All data is encrypted at rest using AES-256 and in transit using TLS 1.3.

Access to production systems is restricted to authorised personnel only. We apply the principle of least privilege to all internal access controls. Database credentials are never embedded in source code and are managed through environment variable secrets.

Your Shopify access tokens are stored in encrypted form and used solely to sync your store data. Your Plaid access tokens are stored with equivalent protections and are never exposed client-side.

We retain your data for as long as your account is active. Upon account deletion, we permanently delete your data within 30 days, subject to any legal retention obligations.

Under the Australian Privacy Act 1988 and, where applicable, the EU General Data Protection Regulation (GDPR), you have the following rights:

Access. You may request a copy of the personal information we hold about you.

Correction. You may request that we correct inaccurate personal information.

Deletion. You may request deletion of your account and personal data. We will action this within 30 days.

Portability. You may request an export of your financial data in a machine-readable format (CSV or JSON).

Objection and Restriction. You may object to or request restriction of certain types of processing.

Withdraw Consent. You may disconnect your Shopify or Plaid integration at any time through the Settings page, which immediately revokes our access.

To exercise any of these rights, contact us at privacy@realmargin.com. We will respond within 30 days.

If you are an EU resident and believe we have not resolved your concern, you have the right to lodge a complaint with your national data protection authority.

We use a minimal number of cookies required to operate the service. Please see our Cookie Policy at /cookies for full details.

In summary: we set a session authentication cookie (httpOnly, secure) to maintain your login state, and a preference cookie to remember your onboarding completion status. We do not use advertising cookies or third-party tracking cookies.

RealMargin is a business tool intended for adults operating ecommerce businesses. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have inadvertently collected such data, please contact us at privacy@realmargin.com and we will delete it promptly.

We may update this Privacy Policy periodically. When we make material changes, we will notify you by email or by posting a notice on the dashboard. Your continued use of RealMargin after any changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, please contact:

RealMargin Pty Ltd Melbourne, Victoria, Australia Email: privacy@realmargin.com

For data protection inquiries: privacy@realmargin.com