This Privacy Policy explains how Midas Technologies handles information collected through our website and through business inquiries. It is written to be read, not just to satisfy a checklist.
Introduction
This Privacy Policy explains how Midas Technologies, LLC ("Midas Technologies," "we," "us," or "our") collects, uses, and protects information when you visit midastech.org (the "Site") or contact us about a potential business engagement.
We are a US-based software engineering firm headquartered in Dallas, Texas. Our work focuses on building, securing, and modernizing enterprise software for clients in sectors where data protection is not optional — including healthcare, financial services, and technology. We bring that same posture to our own data practices.
This policy applies to information collected through this public Site and through business inquiries submitted to us. It does not govern information we handle on behalf of clients under separate engagement agreements; those relationships are covered by the specific contracts, business associate agreements, and data processing addenda we execute with each client.
By using this Site or contacting us, you confirm that you have read and understand this Privacy Policy.
Information We Collect
We collect information in two distinct categories. We treat each one differently.
2.1 Information You Provide Directly
When you contact us — typically through the contact form on this Site or by direct email — you may provide:
- Your name
- Your business email address
- Your phone number
- Your company name and your role
- A description of the project or problem you would like to discuss
- Any other information you choose to include in your message
If a conversation progresses to a proposal or engagement, we may also collect business contact information for additional team members, scoping documents, technical materials, and similar project-related communications. We treat all of this as confidential business communications.
2.2 Information Collected Automatically
When you visit the Site, our servers and analytics tools automatically collect limited technical information, including:
- IP address (and the approximate geographic region derived from it)
- Browser type and version
- Device type and operating system
- Pages viewed, time spent on pages, and referring URLs
- Date and time of access
This information is collected through standard web mechanisms including server logs, cookies, and similar tracking technologies. We use it in aggregate to understand how the Site is used and to improve its performance. We do not attempt to identify individual visitors from this technical data.
2.3 Cookies and Similar Technologies
This Site uses a limited number of cookies and similar technologies:
- Essential cookies that are required for the Site to function properly
- Analytics cookies that help us understand aggregate usage patterns
You can control cookies through your browser settings. Disabling cookies may affect how parts of the Site function, but it will not prevent you from contacting us.
How We Use Your Information
We use the information described above for the following purposes:
- To respond to your inquiry. When you contact us, we use your information to understand what you are asking about, assess whether we are the right fit for the work, and reply with a substantive response.
- To prepare proposals and engagement materials. If a project conversation progresses, we may use the information you have shared to draft scoping documents, statements of work, and similar materials.
- To improve our services and Site. Aggregate analytics help us understand which content and capabilities are most useful so we can improve them over time.
- To communicate with you about related matters. We may occasionally follow up on past inquiries or share updates about our work, but only with parties who have engaged with us directly. We do not send unsolicited marketing communications.
- To comply with legal obligations. We may use or disclose information where required by law, regulation, court order, or other legal process.
We do not use your information for any purpose unrelated to those listed above without your consent.
AI Use & Data Security
Because of the nature of our work — building secure software, implementing Zero Trust architectures, and engineering AI systems for enterprise clients — we want to be explicit about our own practices in two areas where the industry has earned reasonable skepticism.
We do not sell client data. We do not use confidential inquiries to train public AI models.
We do not sell your information. We do not sell, rent, or otherwise transfer personal information or business inquiry information to third parties for their own commercial purposes. This applies to information collected through this Site, information shared in business inquiries, and information exchanged during engagements. We do not participate in data broker arrangements.
Your inquiries stay confidential. Information you share with us — through the contact form, in email, in calls, or during scoping conversations — is not used to train, fine-tune, or otherwise improve any public, third-party, or commercially-available AI model. Confidential inquiries stay confidential.
4.1 Our Internal Use of AI Tools
Our team may use AI tools internally to assist with administrative tasks (for example, drafting follow-up emails or summarizing call notes). Where we do, we configure those tools so that the underlying providers do not retain or train on the inputs. We do not use consumer-grade AI products that lack these guarantees for any work involving client or inquiry data.
4.2 Security Safeguards
We apply reasonable administrative, technical, and physical safeguards designed to protect the information we hold against unauthorized access, alteration, disclosure, or destruction. These measures are aligned with industry-standard practices for a firm of our size and the nature of the information we handle.
No method of electronic transmission or storage is perfectly secure, and we cannot guarantee absolute security. In the event of a data security incident affecting your information, we will notify affected parties and applicable regulators consistent with applicable law.
How We Share Information
We share information only in the limited circumstances described below.
5.1 Vetted Service Providers
We use a small number of vetted third-party service providers to operate our business — for example, email hosting, calendar scheduling, accounting software, and website hosting. These providers may have incidental access to information you share with us in the ordinary course of providing their services. All such providers are bound by written agreements that require them to protect the confidentiality and security of the information and to use it only for the purposes for which it was disclosed. We do not sell information to data brokers or third-party advertisers.
5.2 Business Engagements
If your inquiry leads to an engagement, the relevant information will be shared with the Midas Technologies team members assigned to your project, under our internal confidentiality obligations and any client-specific confidentiality agreements we have executed.
5.3 Legal Disclosures
We may disclose information when required to do so by law, in response to valid legal process, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
5.4 Corporate Transactions
In the event of a merger, acquisition, financing, or sale of all or substantially all of our assets, information held by us may be transferred as part of that transaction. Any acquiring party will be bound by the commitments made in this Privacy Policy unless and until you are notified of changes.
Data Retention
We retain information for as long as reasonably necessary to fulfill the purposes outlined in this Privacy Policy, to comply with legal and tax obligations, to resolve disputes, and to enforce our agreements.
Business inquiries that do not lead to an engagement are typically retained for a reasonable period after the last contact, to support potential follow-up conversations and to maintain a record of our communications. Engagement-related materials are retained consistent with our contractual obligations and applicable record-keeping requirements.
You may request deletion of your information at any time, subject to the legal exceptions described in Section 7.
Your Rights
Regardless of where you are located, you may contact us to:
- Request a copy of the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of your information
- Object to or restrict certain processing of your information
- Withdraw any consent you have previously provided
We will respond to verifiable requests within the time periods required by applicable law. Some requests may be subject to limitations where we are required to retain information by law or for legitimate business purposes (for example, active engagement records, tax records, or pending legal matters).
7.1 California Residents (CCPA / CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. These include the rights described above, as well as the right to non-discrimination for exercising your rights. We do not sell or share personal information as those terms are defined under California law.
7.2 Texas Residents (TDPSA)
If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act, which became effective on July 1, 2024. These include rights to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of certain processing activities.
7.3 European Visitors (GDPR & UK GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation and equivalent national laws, including the right to lodge a complaint with a supervisory authority.
7.4 How to Exercise Your Rights
To exercise any of these rights, contact us at the email address in Section 12. We will need to verify your identity before fulfilling certain requests, which may require us to ask for additional information.
International Data Transfers
We are based in the United States, and the information we hold is stored and processed in the United States. If you are accessing this Site from outside the United States, your information will be transferred to, stored in, and processed in the United States, which may have data protection laws different from those of your country.
By using this Site or contacting us from outside the United States, you consent to the transfer of your information to the United States.
Children's Privacy
This Site and our services are intended for business audiences and not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will take appropriate steps to delete it.
Do Not Track Signals
Some browsers offer a "Do Not Track" setting that signals websites not to track a user across sites. We do not currently respond to Do Not Track signals because no consistent industry standard for honoring them has emerged. We do, however, limit the tracking we perform to what is described in this Policy.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this policy and, where appropriate, provide additional notice through this Site or by other means.
We encourage you to review this Privacy Policy periodically.
Contact Us
For privacy questions, to exercise your rights under this Policy, or to report a concern about our data practices, contact us using the information below. We will respond to verifiable requests within a reasonable time and as required by applicable law.