Privacy Model
Margin is built on a clear principle:
Share conclusions, not raw data—unless you deliberately opt in.
The Core Idea
Most analysts want to:
- Show stakeholders the story and results
- Keep raw datasets and exploratory work private
Margin's sharing model mirrors this.
What's Exposed When You Share
Sharing a Brief
| Exposed | Protected |
|---|---|
| Text content | Notebook code |
| Embedded charts | Raw datasets |
| Tables and images | Other notebooks |
| Formatting | Workspace info |
Viewers see your polished narrative—not how you got there.
Sharing a Dataset (Pro)
| Exposed | Protected |
|---|---|
| File contents | Other datasets |
| Metadata | Notebook code |
| Preview table | Brief content |
| Download link | Workspace info |
Only the specific dataset you share becomes accessible.
Isolation Guarantees
When you share something, viewers cannot:
- Access other items in your workspace
- See your notebook source code (unless you share the notebook)
- Browse your dataset storage
- View workspace membership or billing
- "Reach back" into your account
Each shared item is isolated. Sharing a brief doesn't expose the notebook. Sharing a dataset doesn't expose your briefs.
URLs and Discoverability
URL Structure
Public URLs follow a predictable pattern:
/@username # Profile
/@username/briefs/slug # Brief
/@username/datasets/slug # Dataset
Slugs are unique per user but not globally unique.
Unlisted by Default
There is no public directory of Margin content. Your work is:
- Not indexed in any public feed
- Not discoverable by browsing
- Only accessible if someone has the link
Think of public links as "unlisted"—visible to anyone with the URL, but not advertised.
Free vs Pro Privacy
| Feature | Free | Pro |
|---|---|---|
| Private notebooks | ✅ | ✅ |
| Private briefs | ✅ | ✅ |
| Private datasets | ✅ | ✅ |
| Public briefs | ✅ | ✅ |
| Public datasets | ❌ | ✅ |
Free users can share briefs publicly. Public datasets require Pro.
Workspace Security
Beyond sharing controls:
- Authentication – All API access requires valid session
- Row-Level Security – Database enforces workspace isolation
- Signed URLs – Downloads use time-limited tokens
- HTTPS everywhere – All traffic is encrypted
Revoking Access
When you make something private:
- Public URL immediately returns 404
- Download links stop working
- Search engines lose access (no caching)
- Shared links become invalid
There's no grace period—revocation is instant.
Best Practices
- Assume public is forever – Someone may have copied content
- Review before sharing – Check for accidental PII
- Use descriptive slugs – But not confidential project names
- Share selectively – Only what needs to be public
Questions?
If you have security questions, contact us at security@projectmargin.com.