Privacy Policy

Effective date: 1 January 2025

MIDEEYE ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you when you use our platform at mideeye.com.

1. Information We Collect

Information you provide

• Account data: name, email address, profile photo, bio
• Content: questions, answers, comments, showcase posts
• Communications: direct messages between users
• Settings: notification preferences, theme

Information collected automatically

• IP address and approximate location (country/city level)
• Device type, browser, operating system
• Pages visited, features used, time spent
• Cookies and local storage identifiers (see Cookie Policy)

2. How We Use Your Information

• Provide, maintain and improve the platform
• Authenticate your account and keep it secure
• Send transactional emails (password reset, verification)
• Send notifications about activity on your content (with your consent)
• Detect and prevent abuse, spam, and violations
• Comply with legal obligations
• Generate aggregated, anonymous analytics

We do not sell your personal data to third parties.

3. Legal Basis for Processing (GDPR)

• Contract: processing necessary to provide the service you signed up for
• Legitimate interests: security monitoring, fraud prevention, analytics
• Consent: marketing emails, optional cookies, push notifications
• Legal obligation: compliance with applicable law

4. Data Sharing

We share data only with:

• Supabase Inc. — our database and authentication provider (EU data residency available)
• Vercel Inc. — our hosting provider
• Email provider — transactional email delivery only
• Law enforcement — when legally required with a valid request

All processors are bound by data processing agreements and GDPR safeguards.

5. Data Retention

• Active accounts: data retained while account is active
• Deleted accounts: personal data removed within 30 days; anonymised content may remain
• Logs: server logs retained for 90 days
• Backups: purged within 60 days of deletion request

6. Your Rights (GDPR & applicable law)

• Access: request a copy of your personal data
• Rectification: correct inaccurate data
• Erasure: request deletion of your account and data
• Portability: receive your data in machine-readable format
• Restriction: limit how we process your data
• Objection: object to processing based on legitimate interests
• Withdraw consent: at any time for consent-based processing

To exercise these rights, email privacy@mideeye.com. We will respond within 30 days.

7. Account Deletion

You can delete your account at any time from Settings → Account → Delete Account. All personal information will be permanently removed within 30 days. Public content (questions and answers) may be retained in anonymised form to preserve community knowledge.

8. Cookies

We use essential cookies for authentication and optional analytics cookies. See our Cookie Policy for full details.

9. Children

MIDEEYE is not directed at children under 13 (or 16 in the EU/EEA). We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately.

10. International Transfers

Your data may be transferred to and processed in countries outside your own, including the United States. We ensure appropriate safeguards (Standard Contractual Clauses) are in place for all such transfers.

11. Security

We use industry-standard measures including HTTPS/TLS encryption, Row Level Security on our database, hashed passwords via Supabase Auth, and regular security reviews. No method of transmission is 100% secure; we cannot guarantee absolute security.

12. Changes to This Policy

We may update this policy. Material changes will be notified via email or in-app banner at least 7 days before taking effect.

13. Contact & Jurisdiction

Data Controller: MIDEEYE
Email: privacy@mideeye.com
Governing Law: This policy is governed by applicable data protection law. EU/EEA residents may lodge complaints with their local supervisory authority.