Privacy Policy

1. Introduction

Midas Edge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our portfolio analytics platform.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly, including:

• Name and email address when you create an account
• Payment information when you subscribe to a paid plan
• Portfolio data when you connect your brokerage account via Plaid
• Communications you send to us

2.2 Financial Data

When you connect your brokerage account, we access:

• Holdings and positions (ticker symbols, quantities, values)
• Account balances
• Transaction history (for sync purposes only)

We never see or store your brokerage credentials. All connections are handled securely through Plaid, a trusted third-party provider.

2.3 Automatically Collected Data

We automatically collect certain information, including:

• Device information and browser type
• IP address and approximate location
• Usage patterns and feature interactions
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information to:

• Provide and improve our portfolio analytics services
• Calculate factor exposures, risk metrics, and generate insights
• Send alerts and notifications you've opted into
• Process payments and manage subscriptions
• Respond to your inquiries and provide customer support
• Detect and prevent fraud or unauthorized access
• Comply with legal obligations

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service providers: Plaid (brokerage connections), Stripe (payments), Supabase (authentication), Vercel (hosting), and the configured Google AI provider (AI processing only when AI features are enabled; production AI processing requires the configured production posture guard; direct Gemini API access is reserved for non-production developer environments and is never used to process production user data)
• Legal requirements: When required by law or to protect our rights
• Business transfers: In connection with a merger, acquisition, or sale of assets

4.1 AI-Powered Features

Midas Edge uses a configured Google AI provider to power AI-generated narrative features. Vertex AI is preferred when configured. In production, AI-generated features require the Vertex configuration and contract posture guard; direct Gemini API fallback is limited to non-production environments. When you enable these features, the following data may be sent to the active Google AI provider for processing:

• Portfolio holdings (ticker symbols, position sizes, values)
• Insider transaction data for securities you hold
• SEC filing excerpts (10-K, 10-Q sections) for analysis

AI processing is used for: executive summary synthesis, LP letter generation, trading plan detection (10b5-1), SEC filing summarization, and portfolio commentary features.

You can disable AI-generated features at any time in your AI settings. When disabled, you will receive rule-based summaries instead of AI-generated content.

Google's processing is governed by the applicable terms and privacy controls for the active Google AI service. For information about Google's data practices, see the Google Privacy Policy.

4.2 Administrative Access

Authorized administrators may temporarily access your account to provide customer support, investigate reported issues, or resolve technical problems. Every such session is recorded with the administrator's identity, timestamp, duration, and reason.

You can view all administrative access sessions in your account access log. We implement strict controls to limit administrative access and require documented justification for each session.

5. Data Security

We implement security measures including:

• HTTPS/TLS for application traffic
• Encrypted Plaid access tokens before database storage
• Access controls and authentication requirements
• Secure credential storage (we never store brokerage passwords)

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your account and associated data at any time.

Retention windows for the data classes we hold:

• Active account data (profile, brokerage connections, current positions): retained while your account is active.
• Historical portfolio snapshots and positions: retained for up to 7 years after account closure for historical analysis and regulatory record-keeping; you may request earlier deletion at any time.
• Audit logs (security and financial-record events): retained for 7 years per financial-record norms; entries are append-only and removed only through the account-deletion cascade.
• AI synthesis call records: fallback or anomaly entries are targeted for 30-day retention; successful entries follow the 7-year audit window. Entries are append-only and removed only through the account-deletion cascade.
• Operational job logs (e.g., sync runs): pruned after 90 days by an automated nightly job.
• Anonymized analytics aggregates: retained indefinitely; these contain no personal information.
• Account-closed grace period: when you close your account, we hold your data for 30 days to allow recovery, then perform a full purge.

The full per-table policy is published at docs/policy/data-retention.md in our repository for transparency.

7. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Export your data in a portable format
• Opt out of marketing communications
• Disconnect linked brokerage accounts

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Limit Use of Sensitive Personal Information: Financial data is used solely to provide portfolio analytics services.

To exercise these rights, contact us at privacy@midas-edge.com or use the account deletion feature in your settings. We will verify your identity and respond within 45 days.

Categories of Information Collected: Identifiers (name, email), financial information (portfolio holdings via Plaid), internet activity (usage data, IP address), geolocation (approximate), and inferences (factor exposures, risk metrics).

Retention: We retain personal information for as long as your account is active. Portfolio snapshots are retained for 7 years for historical analysis. You may request earlier deletion at any time.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our services. Cookies are categorized as:

• Essential: Required for authentication, security, and basic site functionality. These cannot be disabled.
• Analytics: Help us understand how you use the site (via PostHog). Disabled by default until you consent.
• Performance: Enable error tracking and performance monitoring (via Sentry). Disabled by default until you consent.

You can manage your cookie preferences at any time. For more details, see our Cookie Policy.

10. Contact Us

For questions about this Privacy Policy or your data, contact us at:

Email: privacy@midas-edge.com

For information about our security practices, see our Security page.