Privacy Policy
Last updated: 2026-04-02
Version 0.1 — Pre-launch draft. Subject to attorney review before GA.
1. Introduction
Midrung LLC ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, and protect information when you use our manufacturing ERP platform ("the Service").
2. Information We Collect
Account Information
When you create an account, we collect your email address, name, and company information. This is necessary to provide the Service.
Customer Data
Data you enter into the Service (quotes, jobs, parts, customers, invoices, etc.) is stored to provide the Service. We do not access, analyze, or share your Customer Data except as necessary to operate the Service or as required by law.
Usage Data
We collect anonymized usage analytics (page views, feature usage, session duration) to improve the Service. We use PostHog for product analytics and Vercel Web Analytics for website analytics. Both are configured to minimize data collection. We do not send your email or name to analytics services — only anonymized user IDs.
Payment Information
Payment processing is handled by Stripe. We do not store credit card numbers, bank account details, or other financial information on our servers. See Stripe's Privacy Policy.
3. How We Use Your Information
- To provide and maintain the Service
- To process payments and manage subscriptions
- To send transactional emails (password resets, billing receipts, service notifications)
- To improve the Service based on anonymized usage patterns
- To respond to support requests
- To comply with legal obligations
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Cookies
We use essential cookies for authentication and session management. We use optional analytics cookies (PostHog) to understand product usage. Vercel Web Analytics is used for website measurement and does not require us to set a separate analytics cookie in the browser. Essential cookies cannot be disabled as they are necessary for the Service to function.
| Cookie | Purpose | Type |
|---|---|---|
| sb-* | Supabase authentication session | Essential |
| midrung_cookie_consent | Cookie consent preference | Essential |
| ph_* | PostHog product analytics | Optional |
5. Data Storage and Security
Your data is stored on servers in the United States via Supabase (PostgreSQL on AWS) and Railway. We use encryption in transit (TLS 1.2+) and at rest. We implement row-level security (RLS) to ensure data isolation between organizations. We conduct regular security reviews of our application code.
6. Data Retention
Active account data is retained for the duration of your subscription. After account cancellation, data is retained for 90 days to allow for reactivation, then permanently deleted. Audit logs are retained for 7 years for compliance purposes. You can request immediate data deletion by contacting us.
7. Your Rights
Depending on your location, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Export your data in a portable format (CSV)
- Object to processing
- Withdraw consent for optional data processing
To exercise these rights, contact us at privacy@midrung.com.
8. California Privacy Rights (CCPA)
California residents have additional rights under the CCPA. We do not sell personal information. You may request disclosure of the categories and specific pieces of personal information we have collected. Contact privacy@midrung.com for CCPA requests.
9. Children's Privacy
The Service is not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
10. Third-Party Services
- Supabase — Database and authentication (Privacy Policy)
- Railway — Application hosting (Privacy Policy)
- Stripe — Payment processing (Privacy Policy)
- PostHog — Product analytics (Privacy Policy)
- Vercel Web Analytics — Website analytics (Privacy Policy)
- Sentry — Error monitoring (Privacy Policy)
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect.
12. Contact
For privacy-related questions or requests, contact us at privacy@midrung.com.
Midrung LLC
Wisconsin, United States