Middleware
Privacy policy

Information You Provide and We Collect

While delivering our Services, we may collect and process certain information about you. The following section describes the categories of information we gather in connection with your use of our platform.

Information You Give to Us

We obtain information that you choose to share with us directly in the course of using our Services.

• Account Information: When you register for an account, we collect details such as your name, email address, company name, profile image (if provided), postal address, phone number, and payment-related information. This data is used to create, manage, and secure your account, as well as to process transactions.
• Support Information: When you contact us for assistance—whether through our support channels, email, or third-party platforms such as social media—we collect the details you share with us. This may include your name, email address, job title, company name, and any other information you choose to provide in your request or correspondence.
• Sales and Marketing Information: We collect details you provide for promotional or marketing purposes, such as when your complete forms on our website or engage with our marketing campaigns. This may include your name, email address, phone number, and other relevant contact information.
• Product Information: When you use our Services, we may collect personal information submitted through platform features such as logs, traces, and metrics. This can include details like your name, email address, IP address, online identifiers, and mailing address, as applicable.

System-Collected Information

We also gather certain information automatically when you access or interact with our Services.

• Your Use of Our Services: We collect data about how you interact with our platform, including session dates, times, and durations; pages viewed; and the website or page visited before accessing our Services.
• Device Information: When you access our Services, we collect details about the device you use, such as your browser type, IP address, and, where applicable, the approximate location of your device.
• Cookies and Similar Technologies: We use cookies and related tracking tools—such as web beacons and pixels—to gather information about how you interact with our Services. This may include identifiers, usage patterns, session details, links clicked, pages viewed, and cursor activity. For more details, please refer to our Cookie Policy.

Data Obtained from External Sources

We may also receive information about you from additional sources.

• Linked Services: If you connect your account with third-party services, we may collect certain information from those services as permitted by your settings. For example, when you sign up or log in using Google Apps credentials via single sign-on, we may access details such as your name and email address, as authorized in your Google Apps profile.
• From Other Users’ Activity: We may obtain information about you through the actions or use of our Services by other users.
• Affiliates: We may receive your information from our affiliated entities if you engage with them directly, for instance, when submitting a support request. Such information may include your name, email address, and details related to your inquiry.
• Third-Party Sources: We may obtain information about you from third-party providers of business data or from publicly available sources. This may include details such as your name, job title, email address, phone number, and social media profile. We may combine this data with information collected through other methods outlined in this policy.

How We Handle Your Personal Data

We process your information for the purposes outlined below.

To Deliver Our Services: We use your information to provide you with access to our platform, which includes creating and managing your account, processing transactions, and issuing invoices.

For Research, Improvement, and Innovation: We use the information we collect—including product usage data—to monitor performance, analyze trends, and evaluate how our Services are used. This helps us enhance existing features, address issues, and develop new offers. We may also combine your information with data from other sources to better understand your needs and deliver improved solutions.

To Communicate with You: We use your information to keep in touch, which may include sending technical notices, product updates, security alerts, support responses, and important administrative messages regarding our Services. This also covers notifications related to your account and data, such as updates to our terms or significant changes in how we process your information.

For Security: We use your information to help protect and maintain the security of our Services. This includes detecting, investigating, and preventing fraud, unauthorized access, and other unlawful activities, as well as safeguarding the rights, property, and safety of our company, our customers, and third parties.

To Market and Promote Our Services: We use your information to share promotional content, display advertisements, and suggest offers that may be relevant to you. This may include delivering personalized marketing, recommending services you might find useful, and managing activities such as contests, sweepstakes, or other promotions, including processing entries and delivering rewards.

To Comply with Legal Obligations: We process your information as necessary to meet our legal and regulatory requirements. For example, we may retain payment records for tax, accounting, or audit purposes.

With Your Consent: We may use your information for additional purposes when you have explicitly agreed to such use. For example, if you consent to being highlighted as a Featured Customer, we may display your details on our public website.

Information We Disclose

We may disclose your personal information in the ways described below.

Service Providers: We engage trusted third-party vendors to perform services on our behalf—such as hosting, authentication, cybersecurity, fraud prevention, and advertising, which may require sharing your personal information with them.

Payment Services: We use PayPal, Inc.’s Braintree platform to process payments for our Services. PayPal operates as an independent controller of the personal information it receives while providing these payment services. For details on how PayPal handles personal data, please refer to the Braintree Privacy Statement.

For Legal Compliance and Protection: In certain circumstances, we may disclose your information if we believe it is permitted or required under applicable laws, regulations, or legal processes—such as responding to a subpoena or court order. We may also share your personal data when necessary to enforce our rights under this policy or any agreement with you, or to safeguard the rights, property, and safety of our company, our customers, or third parties.

Business Transfers: We may disclose your information as part of, or during discussions related to, a merger, acquisition, sale of assets, financing, or other transfer of all or part of our business to another entity.

Affiliates: We may share your personal information with our parent company, subsidiaries, and other affiliated entities—both current and future—that operate under common ownership or control, for any of the purposes outlined in this Privacy Policy.

Marketing and Analytics: We may share your personal information with analytics providers and search engine services that help us improve, optimize, and measure the performance of our websites, in accordance with our Cookie Policy.

Social media: Our websites may include social sharing tools or features that allow you to share content on third-party platforms such as Twitter, LinkedIn, or YouTube. By using these features, you authorize us to enable the sharing of information, and you acknowledge that the handling of such shared data is subject to the respective social media platform’s privacy policy.

With Your Consent: We may share your personal information when you have given us explicit consent or when you direct us to do so.

Protecting Your Data

Protecting your personal information is a top priority for us. We implement and maintain robust technical and organizational safeguards to prevent unauthorized access, unlawful processing, and accidental loss, destruction, or damage of your data. For details about our specific security measures, please refer to our Security page.

Data Retention Period

We retain your personal information only for as long as it is necessary to fulfill the purposes for which it was collected, unless a longer retention period is required to meet legal, regulatory, or other legitimate business needs. When determining the appropriate retention period, we take into account factors such as:

• The terms of our agreements with you
• Our legitimate interests as described in this Privacy Policy
• Applicable legal and regulatory requirements
• The nature and sensitivity of the personal information involved in certain cases, we may anonymize your data so that it can no longer identify you, allowing us to use it for lawful purposes without further notice.

Children

Our Services are not intended for individuals under the age of 18, and we do not knowingly collect, use, or sell personal information from children under 18.

Control Over Your Data

You have control over how we collect and use your personal information.

Account Information: You may view, update, or correct the personal information associated with your account at any time by logging into your Middleware account or by contacting us at [email protected]. If you wish to deactivate your account, you can submit a request to our support team, subject to the terms outlined in your agreement with us. Please note that we may retain certain data as required by law, to resolve disputes, enforce our agreements, or for other legitimate business purposes. Additionally, copies of or archived copies of your information may remain in our systems for a limited time before being securely deleted.

Advertising and Promotional Communications: You can choose to stop receiving marketing or promotional emails from Middleware by following the unsubscribe instructions provided within those messages or by contacting us at [email protected]. Even if you opt out of promotional communications, we may still send you essential, non-promotional emails related to your account, service updates, or other matters necessary to maintain our business relationship. If you wish to opt out of receiving promotional phone calls, please reach out to us using the contact details provided in the “Contact Us” section of this Agreement.

GDPR/UK GDPR/Swiss Privacy Addendum

This section outlines further details regarding how we handle and process personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) and the United Kingdom GDPR (UK GDPR).

Data Controller: Unless specified otherwise in a supplemental notice, Middleware is the primary data controller responsible for the processing of your personal information.

Your Rights Under Data Protection Laws: Subject to applicable legal requirements, you may exercise the following rights in relation to your personal information:

• Right of Access – You may request a copy of the personal data we hold about you, including the ability to receive it in a structured, commonly used, and machine-readable format.
• Right to Rectification – You may request that we correct or update any inaccurate or incomplete personal information.
• Right to Erasure – You may request the deletion of your personal data from our systems, subject to applicable legal and contractual obligations.
• Right to Restrict Processing – You may request that we limit or suspend the processing of your personal information in situations where such processing is deemed inappropriate.
• Right to Object – You may object to the processing of your personal information, including processing carried out for direct marketing purposes.
• Right to Withdraw Consent – Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.

Data Processing Legal Foundations

We process your personal information under one or more of the following lawful bases:

• Contractual Necessity – When required to establish, perform, or fulfill our contractual obligations to you, including the provision of Middleware services.
• Legal Obligation – When processing is necessary for us to comply with applicable laws or regulatory requirements.
• Legitimate Interests – When processing supports our legitimate business purposes, as described in this Agreement and our Privacy Policy, provided such interests do not override your fundamental rights and freedoms.
• Consent – When you have provided your explicit consent for specific processing activities, which you may withdraw at any time.

International Information Exchange

Your personal information may be collected, stored, accessed, or processed in countries outside of your own, including the United States, where data protection laws may differ from those in your jurisdiction. Any such transfers are carried out in compliance with applicable data protection laws, which may include transferring data to countries recognized as providing an adequate level of protection or using safeguards such as European Commission–approved Standard Contractual Clauses (SCCs). Your rights in relation to such transfers are outlined in the “Your Privacy Rights” section of this Agreement.
Middleware complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as established by the U.S. Department of Commerce (collectively, the “DPF”). We have certified our adherence to the DPF Principles for personal data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland. A current list of participating organizations can be found on the U.S. Department of Commerce’s official DPF website.
If you have any questions, concerns, or complaints regarding our DPF compliance, you may contact us using the details provided in the “Contact Us” section of this Agreement. You may also contact TRUSTe, our U.S.-based third-party dispute resolution provider, free of charge, if you have an unresolved concern regarding our handling of personal data under the DPF. In certain circumstances, you may have the right to pursue binding arbitration as outlined on the DPF website. Please note that Middleware.io is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
In limited cases, we may be required to disclose personal data in response to lawful requests by public authorities, including for purposes of national security or law enforcement. For more information on the safeguards we apply to international transfers, please refer to our Transfer Impact Assessment.
If we transfer your personal data to a third party, we will remain responsible under the DPF Principles if that third party processes the information in a way that is inconsistent with those Principles.

United States Privacy Rights Notice.

This section provides further details on the personal information we collect about individuals and the rights granted to them under applicable U.S. state data protection and privacy regulations.

Your Rights: Subject to the requirements of applicable laws, you may exercise the following rights regarding your personal information:

• Right to Access – You may request that we provide, in a portable and readily usable format, the personal information we have collected, used, disclosed, shared, or sold about you.
• Right to Correct – You may request that we correct inaccuracies or errors in your personal data.
• Right to Delete – You may request the deletion of personal information we have collected about you, subject to certain legal or contractual retention obligations.
• Right to Update – You may request that inaccurate or outdated personal data we hold be promptly updated.
• Right to opt Out – You may opt out of behavioral or targeted advertising, automated decision-making or profiling, and the sale of your personal information.
• Right to Restrict Use of Sensitive Data – You may request that we limit the use and disclosure of your sensitive personal information.
• Right to Non-Discrimination – You have the right not to be treated unfairly or denied services for exercising any of your privacy rights.

If you, or an authorized representative acting on your behalf, wish to exercise any of the rights listed above, you may complete our Data Subject Rights Request Form or contact us using the details provided in the “Contact Us” section of this Agreement. For verification and security purposes, we may require additional information from you or your authorized agent to confirm your identity before processing the request. You may also opt out of the “sharing” of personal information for cross-context behavioral advertising by selecting the “Your Privacy Choices” link located in the footer of our website and following the provided instructions. Where applicable, we will also honor opt-out requests submitted through recognized privacy preference signals, such as the Global Privacy Control (GPC) or other legally recognized Do Not Track (DNT) mechanisms.
If you submit a privacy rights request and disagree with our decision, you may have the right to appeal under applicable law. To initiate an appeal, simply reply to our response, and we will review your request in accordance with relevant regulations.

Categories of Personal Information Collected: In the past twelve (12) months, we have collected the following categories of personal information as defined under the California Consumer Privacy Act (CCPA), as amended:

• Identifiers – Such as your full name, mailing address, unique personal identifier, online identifier, IP address, and email address.
• Information Described in Cal. Civ. Code §1798.80(e) – Including your name, physical address, telephone number, and certain financial details.
• Commercial Information – Details regarding products or services you have purchased or considered.
• Internet or Electronic Network Activity – Information related to your interactions with Middleware services and features.
• Geolocation Data – Location information derived from your use of our services.
• Audio, Electronic, Visual, or Similar Information – For example, audio recordings of support or service-related calls.
• Inferences – Insights drawn from other collected information, such as aggregated or analytical metrics.
• Sensitive Information – Such as an account login or credit card number when combined with authentication credentials that permit access to your account.

For more details on the personal information we collect, please refer to the “Personal Information We Collect” section above.

Categories of Personal Information Disclosed for a Business Purpose: In the past twelve (12) months, we have disclosed the following categories of personal information for legitimate business purposes, including disclosures to our service providers, as defined under the California Consumer Privacy Act (CCPA), as amended:

• Identifiers – Such as your full name, mailing address, unique personal identifier, online identifier, IP address, and email address.
• Information Described in Cal. Civ. Code §1798.80(e) – Including your name, physical address, telephone number, and certain financial details.
• Commercial Information – Details regarding products or services you have purchased or considered.
• Internet or Electronic Network Activity – Information related to your interactions with Middleware services and features.
• Geolocation Data – Location information derived from your use of our services.
• Audio, Electronic, Visual, or Similar Information – For example, audio recordings of support or service-related calls.
• Inferences – Insights drawn from other collected information, such as aggregated or analytical metrics.
• Sensitive Information – Such as an account login or credit card number when combined with authentication credentials that permit access to your account.

For further details on how we share personal information, including disclosures to service providers, please refer to the “How We Share Personal Information” section above.

Categories of Personal Information Shared for Cross-Context Behavioral Advertising: In the past twelve (12) months, we have shared the following categories of personal information with our advertising partners for purposes of cross-context behavioral advertising, as defined under the California Consumer Privacy Act (CCPA), as amended:

• Identifiers – Such as your full name, mailing address, unique personal identifier, online identifier, IP address, and email address.
• Internet or Electronic Network Activity – Information related to your interactions with Middleware services and features.
• Geolocation Data – Location information derived from your use of our services.
• Inferences – Insights drawn from other collected information, such as aggregated or analytical metrics.

Sensitive Personal Information: We do not use or disclose sensitive personal information except as allowed under applicable data protection laws.

Requesting Access to Your Rights

To exercise any of the above rights, please contact our Data Protection Officer:

Email: [email protected]

We will respond to valid requests within 30 days of receipt, or as otherwise required by applicable law. We may request additional information to verify your identity before processing your request.

Amendments to Our Privacy Practices

We may revise this Privacy Policy from time to time. The “Last Updated” date at the top of this page reflects the most recent changes. Any updates will take effect once the revised policy is posted on this page.

Contact Us

If you have any questions or concerns regarding this Privacy Policy, you may contact us at: