midL

Privacy Policy

Last updated: June 8, 2026

This Privacy Policy explains how MidL Social ("midL", "we", "us", "our") collects, uses, shares, and protects personal data when you use the midL platform, website, and related services (the "Service"). MidL Social is the data controller for the personal data described in this Policy.

1. Data We Collect

  • Account data — name, email, password hash, workspace and role.
  • Profile & client data — agency, clients, team members, brand assets you upload.
  • Content data — posts, captions, media, comments, approvals, and AI prompts.
  • Connected-platform data — OAuth tokens, page/ad-account IDs, posts, insights, and ad-performance metrics from Meta (Facebook & Instagram), TikTok, LinkedIn, X, YouTube, Google, and similar.
  • Usage & device data — log data, IP address, browser, device identifiers, pages viewed, feature usage, error reports.
  • Support data — messages you send us and our replies.
  • Billing data — collected and processed by our Merchant of Record, Paddle. We receive limited transactional data (plan, status, country, last-4 of card) — never your full card details.

2. Why We Use Your Data

  • provide, secure, and operate the Service (contract);
  • publish, schedule, and report on content via the platforms you connect (contract);
  • run, optimise, and measure advertising on third-party platforms including Meta (Facebook & Instagram), TikTok, Google, LinkedIn and similar, on your instruction — including syncing campaign data, uploading hashed audiences you provide, and reading ad performance metrics back into midL (contract / legitimate interests);
  • improve product quality, debug, and prevent abuse (legitimate interests);
  • send service emails and, if you opt in, marketing emails (consent / legitimate interests);
  • comply with legal obligations and enforce our Terms (legal obligation / legitimate interests).

We do not sell your personal data. We do not use the content of your messages or media to train foundation AI models.

3. Sharing

We share personal data only with:

  • Subprocessors — hosting, databases, email, analytics, error monitoring, AI inference providers, acting on our instructions under contract.
  • Paddle — our Merchant of Record, for sale, subscription management, payments, invoicing, tax compliance, and refunds.
  • Connected platforms you authorise — Meta, TikTok, Google, LinkedIn, X, YouTube, etc., to perform the actions you ask midL to perform on your behalf.
  • Professional advisers — legal, accounting, insurance.
  • Authorities — where required by law, court order, or to protect rights, safety, and property.
  • Successors — in a merger, acquisition, or sale of assets, subject to equivalent protections.

4. International Transfers

Our subprocessors may process data outside your country. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

5. Retention

We retain personal data only as long as needed for the purposes above, to provide the Service, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Account data is deleted or anonymised within a reasonable period after account closure, except where longer retention is required by law.

6. Your Rights

Depending on your jurisdiction you may have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent at any time. To exercise any right, email contact@getmidl.com. We will respond within the period required by applicable law (typically within one month). You may also lodge a complaint with your local data protection authority.

7. Security

We apply appropriate technical and organisational measures including encryption in transit, encryption at rest for sensitive fields, role- based access controls, audit logging, and routine vulnerability review. No system is perfectly secure; you use the Service at your own risk.

8. Cookies

We use strictly-necessary cookies to keep you signed in and to secure the Service, and limited analytics cookies to understand product usage. You can control cookies through your browser settings.

9. Children

The Service is not intended for, and we do not knowingly collect data from, children under 16.

10. Changes

We will post any changes here and, for material changes, notify you by email or in-app.

11. Contact

MidL Social — contact@getmidl.com.