Privacy Policy

We are the data controller for the personal information described in this policy. midconnect is operated independently by its founders and can be reached at midconnect.app@gmail.com. This policy applies to our website (including midconnect.app and its subdomains) and the midconnect application.

Account information. When you create an account we collect your name, email address and a password. If you sign in with Google, we receive your basic Google profile (such as your name, email address and profile picture) instead of a password. Authentication and passwords are handled by our authentication provider; we never store your password in plain text.

Connected social accounts. When you connect a social platform, we store the information needed to publish on your behalf: your account identifier, username, display name and profile picture, the permissions (scopes) you granted, and the access and refresh tokens issued by that platform. Tokens are encrypted at rest (see Security).

Content you create. We store the posts you compose — captions and per-platform variations, the images and videos you upload, optional thumbnails, scheduling times, and per-platform options (for example a YouTube title and tags, or the Pinterest board you select). We also keep the publishing status of each post and the resulting post IDs and links returned by the platforms.

Engagement metrics. For content you have published through midconnect, we may retrieve engagement metrics (such as views, likes, comments and shares) from the relevant platform to show you analytics. These snapshots are cached briefly to reduce load.

Waitlist information. If you join our waitlist, we collect your email address, your IP address (for anti-abuse and rate limiting), and the page or source you came from, and we send you a confirmation email.

Usage and device data. We collect product-analytics and technical data automatically, including pages viewed, actions taken, approximate location derived from your IP address, browser and device information, and log data. See Cookies and similar technologies.

Communications. If you email us, we keep your message and contact details so we can respond.

midconnect only accesses a connected platform after you authorize it through that platform’s official OAuth screen, and only within the permissions you grant. You can revoke access at any time (see Your rights and choices). We request the following permissions:

We may add more platforms over time (for example LinkedIn, Bluesky or X). When we do, the same principles apply: we request only the permissions needed to publish and report on your behalf, and we disclose them here.

• Provide the service — to create, schedule and publish your content to the platforms you connect, and to show you the status and analytics of what you published.
• Authenticate you — to create and secure your account and keep you signed in.
• Communicate with you — to send transactional emails such as waitlist confirmations, account emails and notifications when a scheduled post fails.
• Improve the product — to understand how midconnect is used and to fix and improve it.
• Security and abuse prevention — to rate-limit, detect abuse, and protect the service and our users.
• Legal compliance — to comply with applicable law and enforce our terms.

We do not sell your personal information, and we do not use the content of your posts or your connected-account data for advertising.

If you are in the European Economic Area, the United Kingdom, or Türkiye, we rely on the following legal bases to process your personal data:

• Performance of a contract — to provide the features you ask for, such as connecting accounts and publishing content.
• Consent — for connecting each social account and for non-essential analytics cookies, where required. You may withdraw consent at any time.
• Legitimate interests — to secure, maintain and improve the service, so long as your rights do not override those interests.
• Legal obligation — where we must process data to comply with the law.

We do not sell your personal information. We share it only as described below.

Connected platforms. When you publish, we send the content and options you provide (captions, media, titles, the selected board, etc.) to the platform you chose, so it can be posted to your account.

Service providers (subprocessors). We use a small number of trusted providers to run midconnect. They process data only on our instructions:

Legal and safety. We may disclose information if required by law, to enforce our terms, or to protect the rights, safety and security of our users or the public.

Business transfers. If midconnect is involved in a merger, acquisition or sale of assets, your information may be transferred as part of that transaction; we will notify you of any such change.

Google / YouTube. midconnect’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Our use of YouTube API Services is also subject to the YouTube Terms of Service and the Google Privacy Policy. We use YouTube API Services to read your channel information and upload videos you create. You can revoke midconnect’s access to your Google data at any time via your Google account permissions or the Google security settings page. We do not use YouTube data for advertising and do not transfer it except as described in this policy.

Meta (Instagram, Facebook, Threads). Our use of these platforms complies with the applicable Meta Platform Terms and Developer Policies. You can remove midconnect’s access from your Instagram, Facebook or Threads settings, and you can request deletion of the data associated with these connections as described under Deleting your data.

TikTok and Pinterest. Our use of the TikTok and Pinterest APIs complies with their respective developer and platform policies, and is limited to reading your basic profile and publishing the content you create through midconnect.

Your use of each connected platform also remains subject to that platform’s own terms and privacy policy.

We use a limited set of cookies and similar storage:

• Essential cookies — to keep you signed in (authentication session) and to protect the security of the sign-in and account-connection flows (short-lived state cookies used to prevent cross-site request forgery during OAuth).
• Analytics — we use PostHog to understand product usage (for example which pages are viewed). This may set cookies or use similar storage. Where required by law, we ask for your consent.

You can control cookies through your browser settings. Blocking essential cookies may prevent parts of midconnect from working.

We keep personal data for as long as your account is active or as needed to provide the service, and then delete or anonymize it, unless a longer period is required by law. In particular:

• Connected-account details and tokens are kept until you disconnect that account or delete your account.
• Posts and uploaded media are kept until you delete them or delete your account.
• Engagement metric snapshots are cached only briefly.
• Waitlist entries are kept until launch or until you ask us to remove you.
• Security and rate-limiting data is kept only as long as needed for that purpose.

Depending on where you live, you may have some or all of the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your personal data.
• Restriction and objection — ask us to limit or stop certain processing.
• Portability — receive your data in a portable format.
• Withdraw consent — where we rely on consent, withdraw it at any time.

United States (California and similar laws). You have the right to know what personal information we collect, to request deletion or correction, and to opt-out of the “sale” or “sharing” of personal information. We do not sell or share your personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights.

You can manage many choices yourself: disconnect any social account from the Accounts page in the app, delete individual posts, and revoke third-party access from the platform directly (for example, your Google account permissions). To exercise any right, email us at midconnect.app@gmail.com. We will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

You can delete your data at any time in one of these ways:

• Disconnect a platform — open the Accounts page and disconnect the account. This deletes the stored tokens and connection details for that platform from midconnect.
• Delete content — delete individual posts to remove their captions and uploaded media.
• Delete your account — email us at midconnect.app@gmail.com with the subject “Delete my account”. We will delete your account and associated personal data, except anything we must retain for legal reasons.

Deleting data from midconnect does not delete content that was already published to a connected platform — please remove that from the platform directly.

We take measures designed to protect your information. Access and refresh tokens for your connected accounts are encrypted at rest using AES-256-GCM authenticated encryption, data is transmitted over encrypted connections (HTTPS), and database access is restricted with row-level security so that you can only access your own records. No method of transmission or storage is 100% secure, but we work to protect your data and to respond promptly to any incident.

midconnect and our service providers may process and store your information in countries other than your own, including the United States. Where we transfer personal data internationally, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) where required by law.

midconnect is not directed to children. You must be at least 16 years old (or the minimum age required in your country) to use the service. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of midconnect after an update means you accept the revised policy.

If you have questions, requests, or concerns about this policy or your personal data, contact us at midconnect.app@gmail.com.