Midas Edge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our portfolio analytics platform.
2. Information We Collect
2.1 Personal Information
We collect information you provide directly, including:
Name and email address when you create an account
Payment information when you subscribe to a paid plan
Portfolio data when you connect your brokerage account via Plaid
Communications you send to us
2.2 Financial Data
When you connect your brokerage account, we access:
Holdings and positions (ticker symbols, quantities, values)
Account balances
Transaction history (for sync purposes only)
We never see or store your brokerage credentials. All connections are handled securely through Plaid, a trusted third-party provider.
2.3 Automatically Collected Data
We automatically collect certain information, including:
Device information and browser type
IP address and approximate location
Usage patterns and feature interactions
Cookies and similar tracking technologies
3. How We Use Your Information
We use the collected information to:
Provide and improve our portfolio analytics services
Calculate factor exposures, risk metrics, and generate insights
Send alerts and notifications you've opted into
Process payments and manage subscriptions
Respond to your inquiries and provide customer support
Detect and prevent fraud or unauthorized access
Comply with legal obligations
4. Data Sharing
We do not sell your personal information. We may share data with:
Service providers: Plaid (brokerage connections), Stripe (payments), Supabase (authentication), Vercel (hosting), and the configured Google AI provider (AI processing only when AI features are enabled; production AI processing requires the configured production posture guard; direct Gemini API access is reserved for non-production developer environments and is never used to process production user data)
Legal requirements: When required by law or to protect our rights
Business transfers: In connection with a merger, acquisition, or sale of assets
4.1 AI-Powered Features
Midas Edge uses a configured Google AI provider to power AI-generated narrative features. Vertex AI is preferred when configured. In production, AI-generated features require the Vertex configuration and contract posture guard; direct Gemini API fallback is limited to non-production environments. When you enable these features, the following data may be sent to the active Google AI provider for processing:
Portfolio holdings (ticker symbols, position sizes, values)
Insider transaction data for securities you hold
SEC filing excerpts (10-K, 10-Q sections) for analysis
AI processing is used for: executive summary synthesis, LP letter generation, trading plan detection (10b5-1), SEC filing summarization, and portfolio commentary features.
You can disable AI-generated features at any time in your AI settings. When disabled, you will receive rule-based summaries instead of AI-generated content.
Google's processing is governed by the applicable terms and privacy controls for the active Google AI service. For information about Google's data practices, see the Google Privacy Policy.
4.2 Administrative Access
Authorized administrators may temporarily access your account to provide customer support, investigate reported issues, or resolve technical problems. Every such session is recorded with the administrator's identity, timestamp, duration, and reason.
You can view all administrative access sessions in your account access log. We implement strict controls to limit administrative access and require documented justification for each session.
5. Data Security
We implement security measures including:
HTTPS/TLS for application traffic
Encrypted Plaid access tokens before database storage
Access controls and authentication requirements
Secure credential storage (we never store brokerage passwords)
6. Data Retention
We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your account and associated data at any time.
Retention windows for the data classes we hold:
Active account data (profile, brokerage connections, current positions): retained while your account is active.
Historical portfolio snapshots and positions: retained for up to 7 years after account closure for historical analysis and regulatory record-keeping; you may request earlier deletion at any time.
Audit logs (security and financial-record events): retained for 7 years per financial-record norms; entries are append-only and removed only through the account-deletion cascade.
AI synthesis call records: standard entries are targeted for 90-day retention; QA-sampled entries are targeted for up to one year. Entries are append-only and removed only through the account-deletion cascade or controlled retention operations.
Operational job logs (e.g., sync runs): pruned after 90 days by an automated nightly job.
Anonymized analytics aggregates: retained indefinitely; these contain no personal information.
Account-closed grace period: when you close your account, we hold your data for 30 days to allow recovery, then perform a full purge.
The full per-table policy is published at docs/policy/data-retention.md in our repository for transparency.
7. Your Rights
You have the right to:
Access your personal data
Correct inaccurate data
Delete your account and data
Export your data in a portable format
Opt out of marketing communications
Disconnect linked brokerage accounts
8. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Right to Limit Use of Sensitive Personal Information: Financial data is used solely to provide portfolio analytics services.
To exercise these rights, contact us at privacy@midas-edge.com or use the account deletion feature in your settings. We will verify your identity and respond within 45 days.
Categories of Information Collected: Identifiers (name, email), financial information (portfolio holdings via Plaid), internet activity (usage data, IP address), geolocation (approximate), and inferences (factor exposures, risk metrics).
Retention: We retain personal information for as long as your account is active. Portfolio snapshots are retained for 7 years for historical analysis. You may request earlier deletion at any time.
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to provide and improve our services. Cookies are categorized as:
Essential: Required for authentication, security, and basic site functionality. These cannot be disabled.
Analytics: Help us understand how you use the site and run A/B tests to improve features (via PostHog). Disabled by default until you consent.
Performance: Enable error tracking and performance monitoring (via Sentry). Disabled by default until you consent.
You can manage your cookie preferences at any time. For more details, see our Cookie Policy.
10. Contact Us
For questions about this Privacy Policy or your data, contact us at: