Privacy Notice

Effective 2026-05-28.

Who we are

Midslate Inc. ("we") operates the Midslate service. We are the data controller for your account/registration data and the data processor for the workforce data you upload via the Service.

What we collect

How we use it

Registration + usage data: to operate the Service, send transactional emails (verification, billing, security alerts), and bill correctly. We do not sell personal data to third parties; we do not use your data to train AI models outside your own tenant.

Sub-processors

We rely on a cloud infrastructure provider, an email vendor (Resend or equivalent), Stripe for payment processing, and a monitoring vendor. See the DPA for the current list.

Your rights

You can:

Retention

Workforce data retention windows are configurable per tenant on /admin/retention within the bounds we enforce for compliance (e.g. audit log min 365 days). Billing records and tax-relevant data may be retained beyond your tenant's retention window to comply with our own legal obligations.

Cookies

We use a single session cookie (session_id, HttpOnly, SameSite=Lax) for authentication. We do not set analytics or advertising cookies.

Security

See the DPA section 3 for our technical and organizational measures. For vulnerability disclosure, see /.well-known/security.txt.

Contact

Privacy questions: privacy@example.test.