Checkout the legal aspect of middleware
Middleware works tirelessly to ensure the protection of Customers’ data within its custody and is committed to continuous improvements to its information security management practices. Middleware aims to ensure the appropriate confidentiality, privacy, integrity, and availability practices are maintained in accordance with the requirements of data security standards.
We ensure that its security commitments are well documented and illustrated to user entities through our website, contract agreement, or in-service level agreement.
Middleware is committed to ensuring that personal data obtained and processed is done in accordance with associated regulations and/or code of conduct laid out by GDPR, and its principles, and Privacy Shield Principles. Formal IT policies and procedures exist that describe physical security, logical access, operations, change control, and data communication standards.
The middleware workforce includes partners, regular employees, and independent contractors who have direct access to Middleware’s internal information systems. Middleware’s personnel policies and practices relating to employee hiring, orientation, training, evaluation, counseling, promotion, and disciplinary activities. Security and Privacy training are performed upon hire and on a semi-annual basis which includes but is not limited to device security, acceptable use, malware prevention, data privacy, and incident reporting, and data breach procedures. All employees are required to acknowledge the confidentiality terms that they’ve read and will follow Middleware’s information security policies at least annually. Issues related to security and privacy are required to be reported immediately to the Compliance team. Upon termination of work at Middleware, all access to Middleware systems is removed immediately.
Middleware is exclusively hosted on Amazon Web Services (AWS) facilities (us-east-1) in Virginia, USA, which provides robust, physical data center security and environmental controls. AWS provides secure, high-performing, resilient, and efficient infrastructure. Middleware’s corporate offices all require badge access for entry, maintain video surveillance, and require all visitors to sign in and be accompanied when present.
Middleware understands the security risk associated with software changes introduced during the Secure Development Lifecycle. Our security team adheres to OWASP Top 10 to categorize risks as High, Medium, or Low risk. All updates or changes to the production system be they code or system configuration changes, require review prior to deployment to the production environment. Middleware applies change control requirements to systems that store data at higher levels of sensitivity, including Personally Identifiable Information.
Middleware network, infrastructure, and architecture have multiple protection layers that ensure the highest levels of security and control, which includes:
Access to our production networks is controlled through multi-factor authentication over HTTPS encrypted protocol.
Strict Firewall rules restrict access to vulnerable ports to ensure secure and limited access to the production environment.
We also utilize intrusion detection systems in our corporate network to identify potential security threats.
Each user can log in with their unique username and password with specific authorization and permission level as controlled by the account administrator.
Password complexity is conformed to defined password standards and configuration.
Access to data, system utilities, and program source code libraries are controlled and restricted to those authorized users who have legitimate business needs.
Responsibilities and duties are well segregated to avoid repudiation and in-compatibility of responsibilities.
Middleware services are hosted in an advanced data center operated by a recognized industry leader Amazon Web Services (AWS). Our vendor adheres to the highest industry standards of quality, security, and reliability and continuously monitors the environment using automated compliance checks based on the AWS best practices and industry recognized standards.
The main service that Middleware protects is cloud server optimization and auto-scaling. All visitors are ‘tagged’ with the Middleware tracking code are monitored. Middleware employs both internal and external testing of our product.
Vulnerability scans are performed at least quarterly on the environment to identify control gaps and vulnerabilities. Vulnerabilities found are resolved within a timeframe by our security team.
A third party performs penetration testing annually to identify and exploit vulnerabilities identified within the environment.
Middleware has documented incident response and escalation procedures for reporting security incidents are adopted to guide users in identifying, reporting, and mitigating failures, incidents, concerns, and other complaints.
When security events are detected they are escalated to the respective response team, Response time to address the event is 2 hours. We make sure to notify the supervisory authority of Personal Data Breach within 72 hours of becoming aware of the breach.
All data sent to or from Middleware is encrypted in transit using AES256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs’ tests. Middleware uses end-to-end encryption for Data in transit which ensures that only communicating users can read what is sent, and nobody in between, even Middleware.
Middleware uses a Security Hash Algorithm (SHA2) for all password entries. Middleware stores the customers’ sensitive data such as Name, Email, Phone Numbers, Remarks, and chat transcripts in PostgreSQL Database.
Data is encrypted automatically, in real-time, prior to writing to storage. As a result, hackers and malicious users are unable to read sensitive data from tablespace files, database backups or disks.
Middleware ensures that the customers can balance the need to store backups at multiple locations in case of a disaster with the need to keep their data out of certain geographies. AWS provides clear data maps and geographic boundary information for all datacenters.
Disaster recovery plan is tested on annual basis.
As an Application Service Provider, Middleware collects Personal Information such as name and contact details, server details, and information related to browsing on behalf of the brand and use of our app.
Customer data will be deleted from Middleware systems upon the termination of the account or data retention expiration deadlines. Middleware hard deletes all information from currently running production systems. Backups are destroyed within 30 days. Middleware follows industry standards and advanced techniques for data destruction
Our number one priority is customer’s security, we’re working with security researchers from worldwide to make our customers more secure. Middleware is pleased to recognize the security researchers who have helped make Middleware safer by finding and reporting security vulnerabilities.
The Middleware Bug Bounty Program is to encourage researchers to report vulnerabilities they’ve discovered to our security and developing team, we reward researchers for submitting their findings. If you’re a security researcher and have found a vulnerability in our service please report it to
A multi-layered approach is implemented by Middleware to support its People, Process, and Technological security requirements. If you want more advice and help, get in touch with our Compliance team at help@middleware.io
If you wish to change our access or permissions, you may do so in your
device’s settings.
Collecting this information helps us understand what you are looking for from the company, enabling us to deliver improved products and services. Specifically, we may use data:
Collecting this information helps us understand what you are looking for from the company, enabling us to deliver improved products and services. Specifically, we may use data:
We only share and disclose your information in the following situations:
We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require
access to such information to do that work. Examples include: payment
processing, data analysis, email delivery, hosting services, customer service and marketing efforts.
We may disclose your personal information for any other purpose with your consent.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such
technologies and how you can refuse certain cookies is set out in our Cookie Policy.
You can configure your web browser’s cookie settings to enable or disable cookies as per your need. Mostly, the default browser settings automatically allow cookies but, it can be easily
modified as per your preferences at your end. However, some pages and services may become unavailable and prevent you from taking full advantage of the website.
Our servers are located in the U.S., France, Canada and Singapore. If you are accessing our Sites from outside the location mentioned above please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see "Disclosure of Your Information" above), in us-east-1(N.Virginia), us-east-2(Ohio), ap-south-1(Mumbai), ap-northeast-2(Seoul), ca-central-1( Canada), eu-central-1 (Frankfurt) having total number of 40+ servers.
If you are a resident in the European Economic Area, then these countries may not have data protection or other laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy policy and applicable law.
Such measures implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers, which require all such recipients to protect personal information that they process from the EEA in accordance with European data protection laws. Our Standard Contractual Clauses can be provided upon request.
We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request
At any time, you may review or update personal data that we hold about you, by signing in to your account on our website. When we receive any request to access, edit or delete personal data we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
We preserve and retain your information according to the respective statutory retention period to comply with law and to support a claim or defence in court. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.
| Classification | Description | Examples | General Retention Period |
|---|---|---|---|
| Personal Data (sub-divided into) |
Individuals can be identified their data or via the data being linked with other information owned by a data controller |
||
| Event-Based Data |
Visitor queue, Visitor pending list, agent login attempts from IPs, visitor browser information, browser type, screen size and device details |
Upto 30 days in live chat cache | |
| Customer Data | Personal data about on individual customer used to enable and enhance their overall experience. | Customer name Email address contact number chat transcripts |
6 Years or as per customer’s own privacy and data protection policy |
We are always committed to hold your information securely. We have implemented suitable physical and electronic security procedures to safeguard your sensitive information from unauthorized access or disclosure. We follow stringent procedures to ensure we work with all personal data in line with General Data Protection Regulations (GDPR). For more information on security kindly refer to our security page.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Sites, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Site [and App]. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at developers@middleware.io.
Middleware ensures the Data Subjects by providing transparent, specified and informed consent in a clear affirmative action (positive opt-in) which signifies agreement to the processing of personal data. We never used pre-ticked or opt-in boxes. Consent is always provided separately for each matter and is not a precondition for any other services. We have ensured that withdrawing consent is easy, clear and straightforward.
Certain privacy laws around the world, including the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), provide users with rights related to their personal information.
You have the right to access certain personal information associated with your account that we have collected about you.
You have the right to request that we rectify inaccurate information about you.
In certain cases where we process your information, you may also have the right to restrict or limit the ways in which we use your personal data.
In certain circumstances, you have the right to request the deletion of your personal information, except information we are required to retain by law, regulation, or to protect the safety, security, and integrity of Middleware.
If we process your information based on our legitimate interests as explained above, or in the public interest, you can object to this processing in certain circumstances.
Where we rely on consent, you can choose to withdraw your consent to our processing of your information using specific features provided to enable you to withdraw consent, like an email unsubscribe link.
A Cookie is a small text file placed on your computer’s hard drive that enables our website to identify your computer as you view different pages on our websites. Cookies allow information gathered by web applications to store your preferences in order to present content, options or functions that are specific to you. They also help us to analyze data about web page traffic and improve our website in order to satisfy customer requirements. We only use this information for statistical analysis purposes and then the data is removed from the system. We may use cookies to:
You can configure your web browser’s cookie settings to enable or disable cookies as per your need. Mostly, the default browser settings automatically allow cookies but, it can be easily modified as per your preferences at your end. However, some pages and services may become unavailable and prevent you from taking full advantage of the website.
Please note that we may have links on our website that redirects you to other websites or locations, however we have no control of websites outside the Middleware domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy. Always be aware when submitting data to websites.
We firmly advised you to read the site’s data protection and privacy policies of websites you visit.
We have adopted this CCPA Privacy Statement to comply with California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA shall have the same meaning when used in this CCPA Privacy Statement. This CCPA Privacy Statement applies solely to visitors and users of our website who reside in the State of California.
Information We Collect, Use and Disclose
Identifiers, such as your real name, alias, postal address, email address, account name which is generally collected at the time of registration.
Commercial information, including records of products or services purchased.
Internet or other electronic activity information such as Location, IP address, cookie identifiers, browsing history and consumer’s interaction with a website or application.
Geolocation data such as demographic location associated with IP address, postcode when you choose to share it.
Professional or employment-related information including employees’ current or past job history or performance evaluations.
Inferences drawn from other personal information given by you at the time of creating your profile with given preferences, characteristics, and behavior.
From January 1, 2020, California residents have the following rights:
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such information is collected, the purpose for collecting such information, the categories of third parties with whom we share such information.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
ou have the right to not be discriminated against for exercising any of these rights.
To exercise your California privacy rights mentioned above, please contact us by email using the contact information given below. We may need you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. We endeavour to respond to a verifiable consumer request within 45 days of its receipt..
We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.
Middleware may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. By using the Service, you agree to the collection and use of your Personal Data in accordance with this Privacy Policy. This policy is effective from April 2021.
We welcome your questions or comments regarding this Statement of Privacy. If you believe that Middleware has not adhered to this Statement, please contact our Data Protection Officer: developers@middleware.io
