Privacy Policy

Effective: March 6, 2026

This Privacy Policy explains how Midlight ("we", "us", "our") collects, uses, and protects your information when you use our web application at midlight.ai and any associated applications (collectively, the "Service").

1. Information We Collect

Account information

When you create an account, we collect your email address, display name (optional), and an encrypted password. If you sign in with Google, we receive your name, email, and profile picture from Google.

Documents and content

Your documents are stored on our servers when you use the Service.

AI interactions

When you use AI features, the content you send (such as document text, chat messages, and working set files) is transmitted to third-party AI providers (OpenAI, Anthropic, and/or Google) to generate responses. We do not use your content to train AI models. Each provider's data handling is governed by their own privacy policies and our data processing agreements with them.

Usage data

We collect anonymous usage analytics through Umami (a privacy-focused analytics tool) to understand how the Service is used. This data does not include personal information or document content. We do not use cookies for tracking.

Payment information

Payments are processed by Stripe. We do not store your credit card number. Stripe provides us with a partial card number (last 4 digits) and billing details for receipt purposes.

2. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your account and manage your subscription
  • To process AI requests through third-party providers
  • To sync your documents across devices
  • To send transactional emails (password resets, account notifications)
  • To detect and prevent abuse of the Service

We do not sell your personal information. We do not use your document content for advertising or marketing purposes.

3. Data Storage & Security

Your data is stored on servers hosted by DigitalOcean. We use encryption in transit (TLS/HTTPS) for all communications. Passwords are hashed using bcrypt. Access to production systems is restricted to authorized personnel.

4. Data Retention

Your documents and account data are retained for as long as your account is active. If you delete your account, we will remove your data from our servers within 30 days.

5. Third-Party Services

We use the following third-party services:

  • OpenAI, Anthropic, Google — AI model providers for generating text
  • Stripe — Payment processing
  • DigitalOcean — Cloud hosting
  • Google OAuth — Optional sign-in
  • Umami — Privacy-focused analytics (no cookies, no personal data)

6. Your Rights

You may:

  • Access and export your documents at any time
  • Update or correct your account information
  • Delete your account and associated data
  • Request a copy of your personal data by emailing us

7. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Effective" date at the top indicates the latest revision.

9. Contact

Questions about this Privacy Policy? Email us at [email protected].