Privacy Policy

1. Introduction

This notice applies to anyone who visits the public site, requests information, creates an account, or uses Mida. Additional notices may apply to specific initiatives when needed.

2. Data Controller

3. Categories of personal data

We process the following personal data:

• Account details: identification and contact data needed to create and maintain user profiles and credentials.
• Organization data: information about customer organizations, roles, billing contacts, and settings chosen by administrators.
• Service usage data: technical logs, timestamps, IP addresses, and device details generated while accessing the service.
• Support content: messages, documents, or attachments you send to support channels.
• Integration data: limited details received from Meta Platforms or other processors strictly necessary to operate connected services.

Unless otherwise stated, providing the requested data is required to access the service. Without it we may be unable to respond or activate your account.

4. Purposes and legal bases

We process personal data only when a lawful basis applies, as set out below.

5. Recipients and transfers

We share personal data only when necessary for the purposes above or when required by law, including with:

• providers of cloud, infrastructure, and communication services (including Supabase and other hosting partners) that host the technical components of the platform;
• Meta Platforms Ireland Limited and Meta Platforms Inc. for the management of WhatsApp Business channels connected to Mida;
• external consultants and professionals (for example, legal, fiscal, accounting advisors) supporting Leedia with regulatory compliance;
• public authorities or supervisory bodies whenever required by law or by formal orders.

If providers are located outside the European Economic Area, Leedia uses safeguards required by Articles 44 and following of the GDPR, such as Standard Contractual Clauses and additional security measures where appropriate.

6. Data retention

We keep personal data only for the time needed to meet the stated purposes or legal duties, including:

• account and organization data: for the entire duration of the contract and, after closure, for up to 24 months to manage outstanding requests or potential disputes;
• technical logs and security data: up to 12 months from collection, unless longer retention is necessary to investigate incidents or breaches;
• administrative and tax documentation: for the terms required by law (currently 10 years in Italy);
• WhatsApp templates and content linked to channels: retained for the lifetime of the channel and, afterward, for the time needed to document operations carried out, not exceeding 24 months.

When retention is no longer necessary, data is deleted or irreversibly anonymized unless the law requires longer storage.

7. Data subject rights

You can exercise your GDPR rights at any time by contacting Leedia. In particular, you may:

• obtain confirmation that processing is taking place;
• access their personal data and receive a copy in interoperable format;
• request rectification of inaccurate data or completion of incomplete data;
• request erasure ("right to be forgotten") in the cases provided for by Article 17 GDPR;
• obtain restriction of processing where the conditions are met;
• object to processing based on legitimate interests, providing reasons related to their particular situation;
• withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
• request portability of the data they supplied, when technically feasible.

You can also lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or with the authority of your place of residence or work.

8. Cookies and tracking tools

Mida uses technical cookies needed to run the service. Any optional analytics or marketing tools are activated only after collecting consent when required. Further details are available in Leedia's Cookie Policy.

9. Changes to this notice

Leedia may update this privacy policy to reflect regulatory developments, technical improvements to the platform, or new features. When material changes occur, users will be notified via Mida or by email.

10. Contact

To exercise your rights or request clarifications regarding the processing of personal data, you can contact the Controller at:

Leedia will respond within the timeframe established by Article 12 GDPR and, if needed, may request additional information to verify the identity of the requester.