Privacy Policy

1. Who We Are

Midaris is operated by NFOURA SAAS PLATFORM DEVELOPMENT - FZCO, a Free Zone Company registered with IFZA Dubai (licence #79424), United Arab Emirates. We are the data controller for personal data we process about our users.

For privacy queries, contact legal@midaris.ai.

2. Data We Collect

We collect the minimum personal data needed to deliver the Service:

• Account data: name, email address, hashed password (via Supabase Auth) and authentication provider IDs if you sign in with a third party.
• Subscription and billing data: plan, credit balance, invoice metadata and partial card details (e.g. last four digits, country) as returned by Paddle. We do not see or store full payment card numbers.
• Usage data: queries submitted, tickers analysed, agents used, chat history, timestamps and credits consumed.
• Technical data: IP address, browser and device identifiers, request logs and error traces, used for security and debugging.
• Communications: messages you send to support and email open and click events for transactional emails.

3. What We Do Not Collect

• Full payment card numbers, CVV codes or banking credentials — these are handled exclusively by Paddle.
• Brokerage account credentials or portfolio holdings (we do not connect to your broker).
• Sensitive categories of personal data within the meaning of GDPR Article 9.

4. How We Use Your Data

• To create and manage your account and provide the Service;
• To process payments, manage subscriptions, allocate credits and prevent fraud;
• To run AI analyses against the tickers and queries you submit;
• To deliver transactional email (sign-up confirmation, billing receipts, security alerts);
• To respond to support requests;
• To monitor performance, detect abuse and improve the Service;
• To comply with applicable legal, tax and regulatory obligations.

5. Legal Bases (GDPR)

• Performance of a contract — to provide the Service you have subscribed to.
• Legitimate interests — to secure the Service, prevent abuse and improve product quality.
• Consent — for optional analytics or marketing communications. You can withdraw consent at any time.
• Legal obligation — to comply with tax, accounting and anti-fraud requirements.

6. Third-Party Processors

We rely on the following sub-processors to run the Service. Each is bound by a data-processing agreement.

• Paddle.com Market Limited (United Kingdom) — checkout, merchant of record, tax compliance, subscription management.
• Resend (United States) — transactional email delivery.
• Supabase (United States, with EU region for storage) — authentication and primary application database.
• OpenRouter (United States) — routes prompts to the underlying large language models that power the agents.
• Financial Modeling Prep (FMP) API (United States) — market data, fundamentals and reference data.
• Vercel (United States, with multi-region edge) — hosting and content delivery.
• Perplexity (United States) — news, research and qualitative context used by analysis agents.
• chart-img (United States) — generation of TradingView-style chart screenshots embedded in reports.
• n8n (Germany — Hetzner-hosted) — workflow orchestration engine that routes user queries to the appropriate analysis agents.

We do not sell your personal data and do not share it with third parties for their independent marketing purposes.

7. International Transfers

Personal data is processed in the United Arab Emirates, the European Union and the United States, depending on the sub-processor. Where data leaves the EEA or UK, transfers rely on Standard Contractual Clauses or equivalent safeguards.

8. Data Retention

• Account data: for as long as your account is active, plus up to 90 days after deletion.
• Analysis history and chat transcripts: retained while your account is active; deletable on request.
• Billing records: retained for at least seven years to meet tax and accounting requirements.
• Server and security logs: typically 90 days, longer where needed to investigate an incident.

9. Your Rights

Subject to applicable law (including GDPR), you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or incomplete data;
• Request erasure of your data;
• Receive your data in a portable, machine-readable format;
• Object to or restrict certain processing;
• Withdraw consent where processing relies on it;
• Lodge a complaint with a competent data protection authority.

To exercise any of these rights, email legal@midaris.ai. We will respond within 30 days.

10. Cookies and Tracking

We use only the cookies strictly necessary to operate the Service (session, authentication, CSRF, basic preferences). Analytics or marketing cookies are loaded only with your consent. You can clear cookies in your browser at any time; doing so will sign you out.

11. Children

Midaris is not directed to anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has registered, contact legal@midaris.ai and we will delete the account.

12. Security

We protect personal data with technical and organizational measures including TLS in transit, encryption at rest, role-based access, least-privilege keys, and routine security review. No system is perfectly secure; you remain responsible for safeguarding your password.

13. Updates to This Policy

We may update this Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated by email or in-app notice.

14. Contact

NFOURA SAAS PLATFORM DEVELOPMENT - FZCO, IFZA Dubai, UAE. Privacy enquiries: legal@midaris.ai.