Introduction and Data Controller

Mid-Manager ("we," "our," or "us") is committed to protecting your privacy. For the purposes of the GDPR and other applicable European data protection law, we act as data controller for the personal data we collect through this website and the Service. Our operations are based in the European Union (Luxembourg). This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the GDPR and in a manner compatible with the USA (e.g. CCPA where applicable) and other regions.

Legal Basis for Processing (EU/EEA)

Where the GDPR applies, we process your personal data on the following legal bases: performance of a contract (providing the Service); consent (where you have given it, e.g. for marketing); legitimate interests (e.g. security, analytics, improvement of the Service) where not overridden by your rights; and compliance with legal obligations. We do not sell your personal data.

Information We Collect

Account and Contact Information

When you create an account or contact us (e.g. demo request, early-access signup), we collect your name, email address, and where relevant company name and role. This information is necessary to provide our services and communicate with you, and is processed in line with the GDPR and our Terms of Service.

Integration Data

When you connect third-party services (like Jira, GitHub, or Slack), we access metadata necessary to provide insights. We never access source code, private messages, or sensitive employee data beyond what is necessary. Data accessed includes:

Project and issue metadata (titles, status, assignees)
Repository activity metrics (commits, PRs, review activity)
Team structure and hierarchy
Public channel message metadata (optional, where configured)

Usage and Analytics Data

We collect information about how you interact with our service (e.g. pages visited, features used) to improve the product. Where we use analytics, we do so in a privacy-preserving manner and in compliance with the GDPR and ePrivacy rules. You can control cookies and similar technologies via your browser settings.

How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our services
Generate signals and insights for your management workflow
Send service-related communications
Respond to your requests and support needs
Detect, prevent, and address security issues (including in line with ISO 27001 and EU security standards)
Comply with legal obligations (EU and national law)

Data Sharing and Recipients

We do not sell your personal data. We may share data with:

Service providers who assist in operating our service (e.g. hosting, analytics), under strict data processing agreements where required by the GDPR
Legal or regulatory authorities when required by EU or national law
Business partners only with your explicit consent or where otherwise lawful

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the EU–US Data Privacy Framework where the recipient is certified, so that your data remains protected in line with EU standards.

Data Security

We implement technical and organisational measures to ensure a level of security appropriate to the risk, in line with the GDPR and ISO 27001 principles. These include encryption at rest (AES-256) and in transit (TLS 1.3), role-based access controls, and regular security and compliance reviews. See our Security and Compliance pages for more.

Data Retention

We retain your data only for as long as necessary for the purposes set out in this policy or as required by law (e.g. tax or legal retention in Luxembourg or the EU). You can request deletion of your data at any time. Upon account deletion or valid erasure request, we remove or anonymise your personal data within 30 days, except where retention is required by applicable law.

Your Rights (GDPR and Other Laws)

Depending on your location, you may have rights including:

Access — obtain a copy of your personal data
Rectification — correction of inaccurate data
Erasure — deletion of your data ("right to be forgotten" where applicable)
Restriction — limit processing in certain circumstances
Data portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interests or for direct marketing
Withdraw consent — where processing is based on consent

If you are in the EU/EEA, you have the right to lodge a complaint with a supervisory authority in your country of residence. For Luxembourg, see the National Commission for Data Protection (CNPD). We also respect rights under other laws (e.g. CCPA in California, USA) where applicable.

To exercise any of these rights, contact us at leadwithIMS@gmail.com. We will respond within the timeframes required by applicable law (e.g. one month under the GDPR, subject to extension where permitted).

International Compatibility

Our privacy practices are designed to comply with European legislation (GDPR, ePrivacy) and to be compatible with requirements in the United States (e.g. CCPA), the United Kingdom, and other regions. Where local law provides additional rights or imposes additional obligations, we respect them. See our Compliance page for a summary of our approach to EU and international standards.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our service. Where required by the GDPR or other law, we will obtain your consent or give you the opportunity to object before new processing takes effect.

Contact Us

For questions about this Privacy Policy, your personal data, or our data protection practices (including requests under the GDPR), please contact us at:

Mid-Manager
Email: leadwithIMS@gmail.com

We aim to respond to data protection enquiries within the time limits set by applicable law (e.g. one month under the GDPR).