Customer names are masked before analysis.

Free analyses are processed transiently and are not saved to your account unless you choose to save them. Customer names are masked before processing.

Analyze your customers free — no account or credit card

How it actually works

Most SaaS tools ask you to upload your customer list, then promise to “keep it safe.” We built Margin Levers differently. Your customer names are hashed in your browser before anything is sent to our servers. The AI that generates your insights sees pseudonyms, not names. The reports you read are translated back to real names by your browser, using a key only you control.

Your Browser

ACME Corp — $48K

Joe's Pizza — $12K

→

↓

Our Servers

Customer_a1b2 — $48K

Customer_c3d4 — $12K

→

↓

AI Analysis

“Customer_a1b2 is your biggest profit drag”

Your browser decrypts back to real names — we never see them

Real names stay on your device. Numbers are what we analyze. You see real names in your reports because your browser translates them back — we never can.

What we store, precisely

What our database contains

Your email and account info (standard SaaS auth).
For each customer: a SHA-256 hash of the name (irreversible), revenue, cost, margin, and segment (A through F).
An encrypted blob containing the key that translates hashes back to names. We cannot decrypt this blob — only you can, with your passphrase.

What our database does not contain

The real name of any customer you've analyzed.
The real email or phone number of any customer you've analyzed.
Any mapping from a hash back to a name that we can read.

What the AI receives

Hashed customer identifiers (Customer_a1b2).
Revenue, cost, margin, segment.
Your question or the insight template being generated.
Never: real customer names, emails, or anything that could re-identify a specific business.

AI routing note:Margin Levers uses frontier AI models to generate insights. We use whichever model produces the highest-quality output for a given task, and we update that routing as the frontier moves. Whichever model handles your analysis, it receives the same hashed input — never the real names.

The honest version of the claim

Your private key is encrypted with a passphrase only you know, using Argon2id and AES-GCM. We store the encrypted blob so you can use Margin Levers on multiple devices. We cannot read it. A breach of our database would yield blobs that are only as weak as your passphrase — and we've made that brute-forcing expensive by design.

If you want local recovery mode with no encrypted recovery blob stored on our servers, enable Recovery Phrase Mode in Settings.

What this means when things go wrong

Breached

Attackers get hashes, numbers, and encrypted blobs. No customer names published.

Subpoenaed

We hand over hashes and numbers. We cannot hand over customer names.

Lost passphrase

Log in from original device to reset, or start fresh — new analyses work, old ones show pseudonyms with an Unlock prompt.

Lost device + passphrase

Old analyses stay pseudonymized. New analyses work. Honest worst case.

We go out of business

Export all analyses with real names — your browser still has the key.

Why we built it this way

Your customer list is the single most sensitive asset a B2B SaaS founder owns. Every other tool in the profit analysis category asks you to upload it and trust their promise. We don't think you should have to.

There is a real cost to this architecture. It's harder to debug customer support tickets, harder to do internal research, harder to build some kinds of cross-customer features. We think those tradeoffs are worth it.

Analyze your customers free — no account or credit card [email protected]

Our Security Promise

Free analyses are processed transiently and are not saved as analyses. Processing may involve server-side services, but customer names are masked and operational logs may be retained for security and reliability.

Session-Only by Default

Free analyses are not saved as analyses unless you choose to save. Customer names are masked before processing.

AES-256 Encryption

Saved analysis data is encrypted in transit and at rest. Sensitive identifiers are masked before storage.

U.S. Only Data Residency

All data stays in the United States. Supabase US region, Vercel US edge, US-based AI processing. No cross-border transfers.

One-Click Deletion

Delete your data anytime. No retention periods, no backups we 'forgot' about. When you delete, it's gone.

Cryptographic Privacy Guarantee

Your Customer Names Stay on Your Device

Not a policy promise—a mathematical guarantee. We cannotread your customer identities because we don't possess the key. You hold the only one.

What You See

Acme Corp

$50,000 revenue

Segment A

What We Store

CUST_A7F3

$50,000 revenue

Segment A

What We Can Read

CUST_A7F3

$50,000 revenue

Segment A

The mapping from CUST_A7F3 → Acme Corp exists only in your browser.

Key Generated

Your browser creates a unique RSA-2048 encryption key that never leaves your device

Names Encrypted

Customer names are encrypted before any data touches our servers

Anonymized Storage

We store only anonymized IDs (CUST_XXXX) alongside financial data

Local Decryption

Your browser decrypts names on-the-fly for display—we never see them

Key Backup Recommended

If you clear your browser data, you'll need to recover your customer name mapping. We recommend downloading a key backup when you first connect your data.

Stripe users: Re-sync from Stripe to regenerate mappings (deterministic encryption)
CSV users: Restore from your downloaded key backup file

Verify It Yourself

Use your browser's DevTools to verify our privacy claims. Check IndexedDB for your encryption keys and inspect network traffic.

Transparency: What We Can & Can't See

No vague promises. Here's exactly what data we have access to.

What We CAN'T See (Without AI)

Your customer names or identifiers
Individual revenue or cost figures
Your raw uploaded CSV data
Which customers are in which segment
Any PII about your customers

Without AI features: All processing happens in your browser. Zero data transmitted to our servers.

With AI features: Customer data is sent to our AI provider with your explicit consent. See AI disclosure below.

What We CAN See

Your email (if you create an account)
Aggregate metrics (total customers, segments)
Feature usage analytics (anonymized)
Error logs (no customer data included)
Payment information (via Stripe, we don't store cards)
Customer data sent to AI (with consent, via our AI provider)

Why: We need minimal data to operate the service. AI features require sending data to generate insights.

How Your Data Flows

A visual walkthrough of what happens when you upload data.

Your Browser

CSV parsed & validated locally

Encryption

AES-256-GCM with session key

Storage

Encrypted blob only (if saved)

AI Analysis

Anonymized aggregates only

AI Features: Data Disclosure

Important: When you use AI-powered insights, we send customer data to our AI provider to generate personalized recommendations. You will be asked for consent before any AI features are used.

What AI receives (with your consent):

• Customer names/identifiers
• Revenue and cost figures
• Profit margins and segments
• Aggregate analysis metrics

AI provider's data handling:

• Data is not used for model training
• 30-day retention for abuse prevention
• SOC 2 Type II certified
• View our AI provider's privacy policy

No AI? No problem. All non-AI features (profitability analysis, exports, segmentation) work entirely in your browser with zero data transmission.

Advanced Intelligence Safeguards

Vector Security & Executive Memory

How we ensure your historical strategic context remains isolated, secure, and private.

Multi-Tenant Isolation

Our “Executive Memory” uses a specialized vector database architecture with mandatory tenant-ID scoping.

Vector embeddings are strictly bound to your account ID at the database level.
Similarity searches cannot “leak” between users. Our system enforces a zero-trust retrieval policy.
Your strategic history and private Q&A are never visible to other users.

Embedded Privacy

We sanitize your data before it ever enters our long-term memory system (RAG).

PII Hashing: Customer names are hashed using salted cryptographic functions before vector generation.
Scalar Benchmarks: Platform-wide peer data only uses mathematical aggregates, never raw vectors or text.
No Training: Your private data and strategic insights are never used to train global AI models.

Technical Security Controls

For the security-conscious. Here's exactly what we implement.

Encryption at Rest

AES-256-GCM encryption
Unique key per session
Local recovery keys stay in browser storage where applicable
Encrypted in transit
Database encrypted at rest via AES-256 (AWS infrastructure)

Encryption in Transit

TLS 1.3 for all connections
HSTS enabled
Certificate pinning
No mixed content

Access Control

Row-level security (RLS)
JWT-based authentication
Session timeouts
Magic link + OAuth options

Content Security

Strict CSP headers
No unsafe-eval allowed
XSS protection
Clickjacking prevention

Infrastructure

Vercel edge network
Supabase (SOC 2 Type II)
Automated backups
DDoS protection

Monitoring

Real-time error tracking
Security event logging
Dependency scanning
Regular audits

Built to SOC 2 Standards

Automated Security Controls

We haven't completed a formal SOC 2 audit yet. But we've built and automated the security controls that SOC 2 evaluates — and we verify them weekly. Here's exactly what we check.

CC6.1

Logical Access Security

Supabase auth configuration validated
Database connection uses pooled endpoint
Middleware enforces route protection
Cron secrets meet minimum length (16+ chars)
AI provider authentication configured
Auth event logging active (login, signup, logout)
App URL enforces HTTPS in production

CC6.6

Encryption In Transit & At Rest

AES-256-GCM token encryption key (64 hex chars)
Cloudflare request signing secret validated
HTTPS upgrade-insecure-requests directive active
TLS 1.3 enforced via HSTS
Database at rest: AES-256 via AWS RDS (Supabase infrastructure)

CC6.7

Data Transmission Controls

CSRF origin validation enforced
Content-Security-Policy header configured
Strict-Transport-Security (HSTS) enabled
X-Frame-Options anti-clickjacking active
CSP frame-ancestors set to 'none'
No unsafe-eval in production CSP

CC7.1

Vulnerability Detection

npm dependency audit (critical/high severity)
Automated vulnerability severity assessment

CC8.1

Change Management

.gitignore covers all .env files
No hardcoded Stripe live keys in codebase
No hardcoded API keys in tracked files
No hardcoded webhook secrets in tracked files

Transparency Disclaimer

These are self-administered automated checks, not an independent audit.
Our infrastructure partners (Supabase, Vercel, Stripe) hold formal SOC 2 Type II certifications.
We plan to pursue formal SOC 2 Type II certification as we scale.

Built on Trusted Infrastructure

We don't roll our own crypto or host our own servers. We build on industry-leading platforms with proven security track records.

Supabase

Database & Auth

SOC 2 Type IIHIPAA EligibleGDPR

Vercel

Hosting & Edge

SOC 2 Type IIISO 27001GDPR

Stripe

Payments

PCI DSS Level 1SOC 2GDPR

Compliance & Data Rights

Your data, your rights. We comply with major privacy regulations.

Your Rights

Access: Export all your data anytime
Rectification: Update your information
Erasure: Delete everything with one click
Portability: Download in standard formats
Objection: Opt out of analytics

Regulatory Alignment

GDPR: EU data protection compliance
CCPA: California privacy rights
SOC 2: Via infrastructure partners
Data Processing Agreements: see our DPA
Sub-processor list published in our Privacy Policy

Data Residency

United States Data Residency

All data processing and storage occurs exclusively within the United States. No customer data leaves US jurisdiction at any point in the pipeline.

Database

Supabase Postgres hosted in US region (AWS us-east-1)

Application Hosting

Vercel US edge network with US-based serverless functions

AI Processing

AI processing via US-headquartered and US-hosted providers

Payments

Stripe US infrastructure — PCI DSS Level 1 compliant

No cross-border data transfers. Your financial data, customer identifiers, analysis results, and AI-generated insights are processed and stored entirely within US-based infrastructure. This applies to all tiers — free, Growth, and Enterprise.

Security Questions?

We take security seriously. If you have questions, need a DPA, or want to report a vulnerability, we're here to help.

General Inquiries

Questions about our security practices

[email protected]

Responsible Disclosure

Found a vulnerability? Let us know.