Why We Need Multi-cloud Solutions - Read More

Cookie policy

Checkout the legal aspect of middleware

Our Security Commitment

Middleware works tirelessly to ensure the protection of Customers’ data within its custody and is committed to continuous improvements to its information security management practices. Middleware aims to ensure the appropriate confidentiality, privacy, integrity, and availability practices are maintained in accordance with the requirements of data security standards.

We ensure that its security commitments are well documented and illustrated to user entities through our website, contract agreement, or in-service level agreement.

Organizational Security & Compliance

Middleware is committed to ensuring that personal data obtained and processed is done in accordance with associated regulations and/or code of conduct laid out by GDPR, and its principles, and Privacy Shield Principles. Formal IT policies and procedures exist that describe physical security, logical access, operations, change control, and data communication standards.

Personnel Security & Training

The middleware workforce includes partners, regular employees, and independent contractors who have direct access to Middleware’s internal information systems. Middleware’s personnel policies and practices relating to employee hiring, orientation, training, evaluation, counseling, promotion, and disciplinary activities. Security and Privacy training are performed upon hire and on a semi-annual basis which includes but is not limited to device security, acceptable use, malware prevention, data privacy, and incident reporting, and data breach procedures. All employees are required to acknowledge the confidentiality terms that they’ve read and will follow Middleware’s information security policies at least annually. Issues related to security and privacy are required to be reported immediately to the Compliance team. Upon termination of work at Middleware, all access to Middleware systems is removed immediately.

Physical Security

Middleware is exclusively hosted on Amazon Web Services (AWS) facilities (us-east-1) in Virginia, USA, which provides robust, physical data center security and environmental controls. AWS provides secure, high-performing, resilient, and efficient infrastructure. Middleware’s corporate offices all require badge access for entry, maintain video surveillance, and require all visitors to sign in and be accompanied when present.

Security by Design

Middleware understands the security risk associated with software changes introduced during the Secure Development Lifecycle. Our security team adheres to OWASP Top 10 to categorize risks as High, Medium, or Low risk. All updates or changes to the production system be they code or system configuration changes, require review prior to deployment to the production environment. Middleware applies change control requirements to systems that store data at higher levels of sensitivity, including Personally Identifiable Information.

Infrastructure Security

Middleware network, infrastructure, and architecture have multiple protection layers that ensure the highest levels of security and control, which includes:

Access Control

Access to our production networks is controlled through multi-factor authentication over HTTPS encrypted protocol.

Strict Firewall rules restrict access to vulnerable ports to ensure secure and limited access to the production environment.

We also utilize intrusion detection systems in our corporate network to identify potential security threats.

Login Security

Each user can log in with their unique username and password with specific authorization and permission level as controlled by the account administrator.

Password complexity is conformed to defined password standards and configuration.

Logical Access

Access to data, system utilities, and program source code libraries are controlled and restricted to those authorized users who have legitimate business needs.

Responsibilities and duties are well segregated to avoid repudiation and in-compatibility of responsibilities.


Middleware services are hosted in an advanced data center operated by a recognized industry leader Amazon Web Services (AWS). Our vendor adheres to the highest industry standards of quality, security, and reliability and continuously monitors the environment using automated compliance checks based on the AWS best practices and industry recognized standards.

Application Security

The main service that Middleware protects is cloud server optimization and auto-scaling. All visitors are ‘tagged’ with the Middleware tracking code are monitored. Middleware employs both internal and external testing of our product.

Vulnerability Assessment and Penetration Testing

Vulnerability scans are performed at least quarterly on the environment to identify control gaps and vulnerabilities. Vulnerabilities found are resolved within a timeframe by our security team.

A third party performs penetration testing annually to identify and exploit vulnerabilities identified within the environment.

Incident Response and Data Breach

Middleware has documented incident response and escalation procedures for reporting security incidents are adopted to guide users in identifying, reporting, and mitigating failures, incidents, concerns, and other complaints.

When security events are detected they are escalated to the respective response team, Response time to address the event is 2 hours. We make sure to notify the supervisory authority of Personal Data Breach within 72 hours of becoming aware of the breach.

Data Encryption in Transit and at Rest

All data sent to or from Middleware is encrypted in transit using AES256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs’ tests. Middleware uses end-to-end encryption for Data in transit which ensures that only communicating users can read what is sent, and nobody in between, even Middleware.

Middleware uses a Security Hash Algorithm (SHA2) for all password entries. Middleware stores the customers’ sensitive data such as Name, Email, Phone Numbers, Remarks, and chat transcripts in PostgreSQL Database.

Data is encrypted automatically, in real-time, prior to writing to storage. As a result, hackers and malicious users are unable to read sensitive data from tablespace files, database backups or disks.

Backup and Disaster Recovery

Middleware ensures that the customers can balance the need to store backups at multiple locations in case of a disaster with the need to keep their data out of certain geographies. AWS provides clear data maps and geographic boundary information for all datacenters.

Disaster recovery plan is tested on annual basis.

Data Collection & Disposal

As an Application Service Provider, Middleware collects Personal Information such as name and contact details, server details, and information related to browsing on behalf of the brand and use of our app.

Customer data will be deleted from Middleware systems upon the termination of the account or data retention expiration deadlines. Middleware hard deletes all information from currently running production systems. Backups are destroyed within 30 days. Middleware follows industry standards and advanced techniques for data destruction

Bug Bounty Program

Our number one priority is customer’s security, we’re working with security researchers from worldwide to make our customers more secure. Middleware is pleased to recognize the security researchers who have helped make Middleware safer by finding and reporting security vulnerabilities.
The Middleware Bug Bounty Program is to encourage researchers to report vulnerabilities they’ve discovered to our security and developing team, we reward researchers for submitting their findings. If you’re a security researcher and have found a vulnerability in our service please report it to


A multi-layered approach is implemented by Middleware to support its People, Process, and Technological security requirements. If you want more advice and help, get in touch with our Compliance team at help@middleware.io

Information collected during registration

  • First and last name
  • Email addresses
  • Phone numbers
  • Company name

Payment details

  • Credit card Information
  • Billing & mailing addresses
  • Other payment-related information

Information automatically collected

  • IP address
  • Browser type & version
  • Pages of our services that you visit
  • The time and date of your visit
  • The time spent on those pages and other statistics
  • Language preferences
  • Geolocation datat

If you wish to change our access or permissions, you may do so in your
device’s settings.

Information automatically collected

Collecting this information helps us understand what you are looking for from the company, enabling us to deliver improved products and services. Specifically, we may use data:

  • For our own internal records
  • To improve products and services we provide
  • To contact you in response to specific enquiry
  • To customize the website for you
  • To send you promotional emails about products, services, offers and other things we think might be relevant to you
  • For billing, identification and authentications, and fraud prevention
  • To contact you via email, telephone, or mail for market research reasons

Information Use

Collecting this information helps us understand what you are looking for from the company, enabling us to deliver improved products and services. Specifically, we may use data:

  • For our own internal records
  • To improve products and services we provide
  • To contact you in response to specific enquiry
  • To customize the website for you
  • To send you promotional emails about products, services, offers and other things we think might be relevant to you
  • For billing, identification and authentications, and fraud prevention
  • To contact you via email, telephone, or mail for market research reasons

Information We Share

We only share and disclose your information in the following situations:

Compliance with laws.

We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).

Vital interests and legal rights.

We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

Vendors, consultants and other third-party service providers.

We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require
access to such information to do that work. Examples include: payment
processing, data analysis, email delivery, hosting services, customer service and marketing efforts.

With your consent.

We may disclose your personal information for any other purpose with your consent.

Cookies & Other Tracking Technology

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such
technologies and how you can refuse certain cookies is set out in our Cookie Policy.

Opt-out Cookies

You can configure your web browser’s cookie settings to enable or disable cookies as per your need. Mostly, the default browser settings automatically allow cookies but, it can be easily
modified as per your preferences at your end. However, some pages and services may become unavailable and prevent you from taking full advantage of the website.

Cross-border Transfers

Our servers are located in the U.S., France, Canada and Singapore. If you are accessing our Sites from outside the location mentioned above please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see "Disclosure of Your Information" above), in us-east-1(N.Virginia), us-east-2(Ohio), ap-south-1(Mumbai), ap-northeast-2(Seoul), ca-central-1( Canada), eu-central-1 (Frankfurt) having total number of 40+ servers.

If you are a resident in the European Economic Area, then these countries may not have data protection or other laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy policy and applicable law.

European Commission's Standard Contractual Clauses

Such measures implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers, which require all such recipients to protect personal information that they process from the EEA in accordance with European data protection laws. Our Standard Contractual Clauses can be provided upon request.
We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request

Information Handling and Retention

At any time, you may review or update personal data that we hold about you, by signing in to your account on our website. When we receive any request to access, edit or delete personal data we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.

We preserve and retain your information according to the respective statutory retention period to comply with law and to support a claim or defence in court. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.

Classification Description Examples General Retention Period
Personal Data
(sub-divided into)
Individuals can be identified their
data or via the data being linked with
other information owned by a data
Visitor queue, Visitor pending list,
agent login attempts from IPs, visitor
browser information, browser type,
screen size and device details
Upto 30 days in live chat cache
Customer Data Personal data about on individual customer used to enable and enhance their overall experience. Customer name
Email address contact number
chat transcripts
6 Years or as
per customer’s
own privacy
and data protection policy

Information Security

We are always committed to hold your information securely. We have implemented suitable physical and electronic security procedures to safeguard your sensitive information from unauthorized access or disclosure. We follow stringent procedures to ensure we work with all personal data in line with General Data Protection Regulations (GDPR). For more information on security kindly refer to our security page.

Use of Site by Children

We do not knowingly solicit data from or market to children under 18 years of age. By using the Sites, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Site [and App]. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at developers@middleware.io.

Your Rights & Consent

Middleware ensures the Data Subjects by providing transparent, specified and informed consent in a clear affirmative action (positive opt-in) which signifies agreement to the processing of personal data. We never used pre-ticked or opt-in boxes. Consent is always provided separately for each matter and is not a precondition for any other services. We have ensured that withdrawing consent is easy, clear and straightforward.

Certain privacy laws around the world, including the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), provide users with rights related to their personal information.

Right to Access.

You have the right to access certain personal information associated with your account that we have collected about you.

Right to Correction.

You have the right to request that we rectify inaccurate information about you.

Right to Restrict Processing.

In certain cases where we process your information, you may also have the right to restrict or limit the ways in which we use your personal data.

Right to Deletion.

In certain circumstances, you have the right to request the deletion of your personal information, except information we are required to retain by law, regulation, or to protect the safety, security, and integrity of Middleware.

Right to Object.

If we process your information based on our legitimate interests as explained above, or in the public interest, you can object to this processing in certain circumstances.

Right to Withdraw Consent.

Where we rely on consent, you can choose to withdraw your consent to our processing of your information using specific features provided to enable you to withdraw consent, like an email unsubscribe link.

Cookies and Their Use

A Cookie is a small text file placed on your computer’s hard drive that enables our website to identify your computer as you view different pages on our websites. Cookies allow information gathered by web applications to store your preferences in order to present content, options or functions that are specific to you. They also help us to analyze data about web page traffic and improve our website in order to satisfy customer requirements. We only use this information for statistical analysis purposes and then the data is removed from the system. We may use cookies to:

  1. Analyze our web traffic using an analytics package to improve website structure, design, content and functions.
  2. Identify whether you are signed in to our website.
  3. Test content on our website.
  4. Store information about your preferences.
  5. To recognize when you return to our website.
  6. cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Opt-Out Cookies

You can configure your web browser’s cookie settings to enable or disable cookies as per your need. Mostly, the default browser settings automatically allow cookies but, it can be easily modified as per your preferences at your end. However, some pages and services may become unavailable and prevent you from taking full advantage of the website.

Links from our sites

Please note that we may have links on our website that redirects you to other websites or locations, however we have no control of websites outside the Middleware domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy. Always be aware when submitting data to websites.
We firmly advised you to read the site’s data protection and privacy policies of websites you visit.

CCPA Privacy Statement for California residents

We have adopted this CCPA Privacy Statement to comply with California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA shall have the same meaning when used in this CCPA Privacy Statement. This CCPA Privacy Statement applies solely to visitors and users of our website who reside in the State of California.

Information We Collect, Use and Disclose

Identifiers, such as your real name, alias, postal address, email address, account name which is generally collected at the time of registration.

Commercial information, including records of products or services purchased.

Internet or other electronic activity information such as Location, IP address, cookie identifiers, browsing history and consumer’s interaction with a website or application.

Geolocation data such as demographic location associated with IP address, postcode when you choose to share it.

Professional or employment-related information including employees’ current or past job history or performance evaluations.

Inferences drawn from other personal information given by you at the time of creating your profile with given preferences, characteristics, and behavior.

Your Rights and Choices

From January 1, 2020, California residents have the following rights:

Right to Know

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such information is collected, the purpose for collecting such information, the categories of third parties with whom we share such information.

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

Right to Non-Discrimination

ou have the right to not be discriminated against for exercising any of these rights.

Exercising Your Rights

To exercise your California privacy rights mentioned above, please contact us by email using the contact information given below. We may need you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. We endeavour to respond to a verifiable consumer request within 45 days of its receipt..

Policy Review

We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.

Effective Date

Middleware may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. By using the Service, you agree to the collection and use of your Personal Data in accordance with this Privacy Policy. This policy is effective from April 2021.

How Can You Contact Us About This Policy?

We welcome your questions or comments regarding this Statement of Privacy. If you believe that Middleware has not adhered to this Statement, please contact our Data Protection Officer: developers@middleware.io

Run On-Premise with Ease

On Cloud Hosted Deployment

100% Secure – End-to-end Encrypted
We use cookies on this website to ensure you get the best experience. Learn more.
Got it