Privacy Policy

1. Information We Collect

Personal Information

When you register for an account, we collect:

• Full name and email address
• Business name and industry
• Business contact information
• Account credentials (securely hashed)

Financial Data

Through your connected accounting platforms, we access:

• Company financial statements and reports
• Invoice and expense data
• Customer and vendor information
• Banking and transaction records
• Budget and forecast data

Usage Information

We automatically collect:

• IP address and device information
• Browser type and operating system
• Access times and dates
• Features used and interaction patterns
• Error logs and performance data

2. How We Use Your Information

We use your information to:

• Provide and maintain our financial intelligence services
• Generate insights, analytics, and recommendations
• Improve and personalize your experience
• Communicate with you about your account
• Ensure platform security and prevent fraud
• Comply with legal obligations
• Develop new features and improvements

3. Data Storage and Security

Infrastructure

Your data is stored using:

• Amazon Web Services (AWS) in US-East region
• Amazon S3 for document storage
• Amazon DynamoDB for structured data
• Amazon Cognito for authentication

Security Measures

We protect your data through:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
• Encryption at Rest: All stored data is encrypted using AWS KMS with AES-256 encryption
• Access Controls: Role-based access control (RBAC) and multi-factor authentication
• Data Isolation: Logical separation of customer data using secure tenant isolation

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your data:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: With trusted third parties who assist in operating our platform (e.g., AWS, authentication services)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, property, or safety

5. Third-Party Integrations

Midas integrates with third-party accounting platforms. QuickBooks is fully supported, with additional platforms coming soon. When you connect these services:

• We access only the data necessary for our services
• We store OAuth tokens securely and refresh them as needed
• You can disconnect integrations at any time
• Third-party services have their own privacy policies

OAuth Authentication

When connecting your accounting platform, we use OAuth 2.0 for secure authentication. We store access tokens encrypted in our database and automatically refresh them as needed. You maintain control and can revoke access at any time through your accounting platform settings.

6. Data Retention

We retain your data according to the following schedule:

• Account Information: Retained while your account is active
• Financial Data: Cleared after each session
• Conversation History: Retained while your account is active
• Usage Data: Retained for analytical purposes

7. Cookies and Tracking

We use cookies for essential service functionality:

• Authentication Cookies: Used to maintain your login session (accessToken, idToken)
• Security: Cookies are marked as Secure in production and use SameSite policy
• Duration: Session-based, expire according to token validity

You can manage cookies through your browser settings, but disabling them will prevent you from using our service.

8. Your Rights and Choices

You have the right to:

• Access Your Data: View your personal information in your account
• Correct Your Data: Update or correct inaccurate information
• Disconnect Integrations: Revoke access to connected accounting platforms
• Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@zenith-grp.co

9. International Data Transfers

Our servers are located in the United States. If you access our services from outside the US, your information will be transferred to, stored, and processed in the US. By using our services, you consent to this transfer.

10. Children's Privacy

Midas is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (which we do not do).

12. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of our services after any changes indicates your acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: