Data Privacy
Why Privacy Vault
is different
Most apps store your personal data in a regular database — fast to build, but easy to breach. Margin uses a Privacy Vault, a fundamentally different architecture that isolates sensitive fields behind separate encryption keys so even a database leak exposes nothing useful.
The traditional approach
In a conventional setup, all data — your name, email, portfolio holdings, transaction history — lives together in the same database tables. A single SQL query can join them. That is convenient for engineers, but it means:
- A compromised database credential exposes everything at once.
- An insider with read access to the database can see your personal details alongside your financial data.
- Any misconfigured query or API can accidentally leak PII alongside non-sensitive records.
- Regulatory audits are harder — there is no clear boundary between sensitive and non-sensitive data.
-- Traditional: everything in one place
SELECT u.name, u.email, p.stock, p.quantity
FROM users u
JOIN portfolios p ON u.id = p.user_id;
-- One breach = name + email + holdings exposed together
How Privacy Vault works
A Privacy Vault (we use Databunker) extracts personally identifiable information — name, email, phone — out of the main database entirely. It stores them in an isolated, encrypted store with its own access controls and encryption keys.
Your main database only holds a random token that references the vault record. That token is meaningless on its own — it cannot be reverse-engineered back to your identity without the vault's separate keys.
-- With Privacy Vault: PII is isolated
portfolios table:
user_token: a3f8c2d1-... (random, meaningless)
stock: RELIANCE
quantity: 50
vault (separate system, separate keys):
token: a3f8c2d1-...
name: [encrypted]
email: [encrypted]
-- Breach of main DB = tokens with no identity attached
- PII is encrypted with keys that are separate from your application database.
- Access to portfolio data does not grant access to personal identity — the two are decoupled.
- The vault maintains its own audit log of every access to sensitive fields.
- Data deletion requests (right to erasure) are handled at the vault level without touching the main database.
Side by side
| Scenario | Traditional DB | Privacy Vault |
|---|---|---|
| Database breach | Name, email & holdings exposed | Only meaningless tokens exposed |
| Insider access | Full user records visible | PII requires separate vault key |
| Data deletion request | Must hunt & purge across tables | Delete vault record — done |
| Audit trail for PII access | Manual logging or none | Built-in per-field access log |
| Regulatory compliance | Engineer effort required | Isolation enforced by design |
What this means for you
Even if someone broke into Margin's database, they would find portfolio records tied to random tokens — no names, no emails, nothing that identifies you.
Your broker login credentials are never stored at all. Trade files you upload are processed in memory and never persisted to third-party systems. Privacy Vault is the last line of defence for the only personal data we do hold.