Privacy Policy
At MIDO Technologies Inc., we believe that the less information we know about you, the better. After all, it is impossible to lose, misuse, or abuse information we don’t have. We pride ourselves on not being able to see your data. To the extent that we have control over your data or data about you, we see ourselves as custodians of that data on your behalf.
We use your data solely to provide you with services in which you enroll. Our business is providing MIDO products and services to you, the customer. We have no desire or interest to use or transfer the limited data we acquire for any other purposes.
Who We Are
MIDO Technologies Inc. is a Canadian company. MIDO Technologies Inc. complies with Canadian privacy laws. We are fully compliant with the Canadian privacy laws and the GDPR. The European Union (“EU”) recognizes Canada as a destination country with “adequate level of protection” for data privacy of individuals. We are not U.S.- EU Privacy Shield certified since we are a Canadian company.
Who You Are
Unless otherwise noted, we refer you, the Customer, as an owner or organizer of an individual, family, team, or business account.
Non-Owners
If you are a non-owner member of a team, business, or family account, your use of MIDO may be subject to your organization’s privacy policy or practices, if any. Non-owner members of an account transfer some of the rights described here to the account owners.
Personal Data We Collect and How We Use your Personal Data
We do not collect or obtain data from third parties. We collect some data from you, in order to provide you with our MIDO products and associated services. You provide some data directly, such as when you register for a MIDO event or a webinar, or contact us for support. Such data is limited to your email address only. We get some limited data from your use of the MIDO products and services. Such data includes your IP address, and the make and model of your device through which you access or use MIDO products or services.
We use your personal data to provide you with services associated with the use of MIDO account and to provide you with a rich customer experience through our customer support. In particular, we use your data to provide MIDO services, which includes updating, securing and troubleshooting, and providing support. Such data includes a copy of your ID information when you create your account.
The following is a more detailed description of the types of MIDO account user data:
We process two kinds of user data to deliver our services:
1. Secure Data and
2. Service Data
Both are treated securely with respect for customer privacy and data confidentiality, but there are important technical and usage differences.
1. Secure Data
Secure Data are the data that we are not capable of decrypting under any circumstance. It includes all information stored as documents in MIDO accounts.. These data are encrypted using secure cryptographic keys that exist only in the possession and under the control of our customers. We have no way of accessing or providing decrypted Secure Data, and we never receive copies of unencrypted Secure Data. The sole exception to this is the name of a document and the expiration date so that we can perform services such as send reminders if a document is expiring.
Your Secure Data is your property. We claim no rights to it beyond those necessary to deliver services to you. You may add, modify, and delete Secure Data at your discretion. If you do not have a MIDO account, you cannot provide us with Secure Data.
2. Service Data
We inevitably acquire Service Data about your usage of MIDO, your account, and your payments through operating our services. We retain only enough Service Data to operate and maintain the services. These data are never used for any other purpose.
Service Data are kept confidential. It is visible to our staff and includes, but is not limited to, server logs, billing information, client IP addresses, number of documents, hubs and shared documents to an individual or company account. Service data includes the name you provide us for your profile and any image that you may upload, at your option and discretion, as part of your profile.
As long as you are using our services, we retain the right to hold and use Service Data to provide our services, troubleshoot problems, analyze the performance and demands on our services, and to provide our payment processors with the information they need to process payments.
3. Diagnostic Data
Diagnostic Data are a category of Service Data which are not automatically collected or required for operation of our services.
In some cases we seek diagnostic reports and other troubleshooting, bug, and crash reports from customers to help identify and solve problems with our products and services. This information is sent to us only on a case by case basis, or by users who explicitly opt into our beta software programs or who otherwise explicitly choose to provide diagnostic data to us.
Diagnostic Data may contain sensitive information about your devices and operating environment as well as personally identifying information. Although there may be occasions when we ask for Diagnostic Data to assist you with a problem, you are never obligated to provide it.
Diagnostic data never includes decrypted Secure Data. We will never ask for your Master Password or Secret Key.
Keeping Your Information Safe
We understand and accept our responsibility to protect Service Data and Secure Data. We use strict access control mechanisms, network isolation, and encryption to ensure that Secure and Service Data is only available to authorized personnel. Additionally, Secure Data cannot be decrypted even by those who do have access to it.
Compliance with the laws
MIDO Technologies Inc. fully complies with the Canadian privacy laws and the GDPR. MIDO Technologies Inc. is a Canadian company, we are not U.S.- E.U. Privacy Shield certified.
Data Location and Transfer
MidoApp.com data are held on servers located within the United States. Service Data access is restricted to members of our staff. The European Union recognizes Canada as a destination country with “adequate level of protection” for data privacy of individuals.
Customer support system
Our customer support and email services are hosted primarily in the United States. Any information you choose send us through email or our customer support system may pass through and be stored on a variety of intermediate services.
Third-Party Data Processors
Your Secure and Service data are held by third party data processors, who provide us with hosting and other infrastructure services. The locations of these are described above. In many cases (but we cannot promise that this will always be the case) even Service data held by these entities is encrypted with keys held only by us.
Data needed to process payments is collected by our payment processors, Google and Apple App Stores respectively.
Contacting You
We may use your contact information, that is, the contact email address provided by you, to communicate with you about Service activity, provide support, and send you other information such as product updates and announcements. You may choose to stop receiving communications from us, except certain important notifications such as billing and account security alerts.
Your Responsibilities for Protecting Your Data
When you create a MIDO account you will be prompted to create a Password and a Pin Code. For your protection, you should create a strong and unique Password to ensure that it is not easily guessed.
It is extremely important that you understand that anyone with both your Password and Pin Code can access and decrypt your Secure Data. It is equally important that you keep a copy of both Password and Pin Code in a safe place for your own reference, because future access to your Secure Data depends on having access to both your Password and Pin Code. We will never ask you for your Password or Pin Code, and you should never send it to us or anyone.
Due to the nature of our design and the sensitivity of the information you entrust to us (even in encrypted form), it may not be possible for us to help you with certain customer service requests unless you are listed as an account owner and are communicating from your verified email address. In the event that you change your email address, it is very important that you update your email on your MIDO account(s) or you may eventually lose access.
Data Protection Principles that We Practice
1. Your Right to Know to What We Know
You have the right to know what we know about you and to see how that data is handled. You may request a screenshot of what we can see about you in our back office systems. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
2. Your Right to Have Your Data Erased
As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. After your account has been deleted, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 24 days.
Disaster recovery and data availability requirements mean that MIDO Technologies Inc. has a legitimate interest in maintaining secure and immutable backups. Backups are kept for 35 days. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
3. Your right to access and control your personal data
You can also make choices about collection and use of your data by MIDO Technologies Inc. You can control your personal data and exercise your data protection rights by contacting MIDO Technologies Inc. at the address and information provided below. You can add, remove, edit, change any data that are in the MIDO account. If you are an affiliate of an organization which provides you with the access to MIDO account and services, there may be certain restrictions to the above, based on your affiliate organization’s privacy or other similar policies.
Cookies and Tracking
We do not engage in or support cross-service tracking.
We do set and use cookies (small text files placed on your device) on our own domains and subdomains to store settings that assist with identifying your account for sign-in. We also use third party analytics packages for our public pages that may set cookies on your computer. These are limited to our domains, and do not involve cross-service tracking. You may disable cookies in your browser and continue to use our services without impact.
Client applications, including web browsers, will store information about your account to assist with future sign-ins and keep some information available to you when you are not signed in. Users may remove all such information from their devices, but doing so will require that they provide complete information (account details, Password, and Pin Code) on subsequent sign-ins.
Consent for Underage Enrollment
Those under the age of 16 may not use the services without the consent or authorization of their parent or legal custodian. Family account organizers and team owners are responsible for that authorization when they add someone under the age of 16 to an account.
Disclosure
We will comply with applicable laws and the contracts with our customers to provide Service Data and encrypted Secure Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied. Your Secure Data remains encrypted with keys which we do not possess, and so we can only hand over Secure Data in encrypted form.
Some Service Data is made available to family account organizers and team owners. In some limited circumstances we may provide some information to non-owner members of these accounts. Account owners will be informed in these circumstances.
Breach Notification
In an event of a breach, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. We follow applicable requirements under the laws, that is, the Canadian data privacy breach notification requirements and the requirements related to data breach notification under the GDPR.
MIDO Product or Account provided by your Organization
When we offer MIDO products and services to you through your organization, we continue to adhere to the Canadian privacy laws and the data protection requirements under the GDPR. We follow the Canadian data privacy laws and the GDPR, in addition to any requirements under the contracts with your organization, to ensure that your data are located, and if applicable, appropriately transferred.
If you use a MIDO product or MIDO account to access our products and services, and such MIDO product or MIDO account was provided by the organization that you are affiliated with, that organization is the controller or the administrator of your MIDO product or MIDO account. Your organization can access and process your data associated with your MIDO product or account. If your organization provides you with access to MIDO product or MIDO account, your use of the product or account is subject to your organisation’s policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator. We are not responsible for the privacy or security practices of your organization, which may differ from those set out in this privacy policy.
If you lose access to the organization that you are affiliated with (for example, if you change your employment), you may lose access to MIDO product or MIDO account and the content or data associated with such product or account.
Updates to our Privacy Policy
At our discretion, we may make changes to this Policy and note the date of the last revision. You should check here frequently if you need to know of updates to our Privacy Policy. We maintain the right to send you emails informing you of substantive changes. Previous versions will be made available from this page.
Contact Us
If you have any questions about this Policy, you can contact our support team.
Glossary
- MIDO Technologies Inc., we, our, Service Provider
- MIDO Technologies Inc. Inc., a Canadian company that owns and operates MIDO products. As Data Processors, we include MIDO Technologies Inc.’ employees and subcontractors appointed by MIDO Technologies Inc..
- Data Processor
- Data Processor as defined by the GDPR. We and the subprocessors (hosting services, payment processors) we appoint are the Data Processors.
- Password
- A user secret that, along with the user’s Pin Code, is necessary to decrypt Secure Data.
- MIDO Technologies Inc. staff, staff
- Our Directors, employees, and subcontractors
- GDPR
- European Union’s General Data Protection Regulation
- Decrypt
- Decryption transforms encrypted data back to its original form. It cannot be performed without the appropriate cryptographic key.
- Encrypt, Encryption
- Encryption transforms usable data into a form that conceals all information contained in the original data. This data transformation uses a cryptographic key.
- Personal Data
- As defined under the Canadian privacy laws and the GDPR.
- Pin Code
- A user secret that is necessary, along with the user’s Password to decrypt Secure Data.
- Subprocessor
- Anyone other than us who we have appointed to process customer data. Subprocessors can see no more data than we can see. Examples include our data hosting providers and payment processors.
- Supervisory Authority
- A local regulator under the GDPR which has the job of seeing that we protect your data properly.
- Secure Data
- Data encrypted with keys derived from the user’s Password and Pin Code. This data cannot be decrypted by MIDO Technologies Inc..
- Service Data
- Data about a user account, which is available to MIDO Technologies Inc.
- You, Data Subject
- You are the Data Subject as defined in the GDPR. In general, we are addressing “you” as the Owner of a MIDO Account.
Change log
2021-05-13: Uploaded new Privacy Policy.