Jithox
Get Started

Privacy

Plain-language summary of how Midas Agents handles your data. Startup baseline — not legal advice.

Last updated: this page is part of the V1 launch. We will date future changes here. If you find anything unclear, write us at /contact.

What Midas Agents does

Midas Agents is a marketplace of AI helpers for small businesses. Every helper produces a draft you review. Nothing is posted, sent, paid, or deleted automatically.

What we collect

  • What you type into Ask Midas and helper forms. We use it to generate the draft you asked for.
  • Saved helpers and drafts — only when you save them or sign in. Anonymous use stays in your browser (localStorage).
  • Anonymous usage events — page views, helper opens, sandbox runs. No cookies for cross-site tracking.
  • Helper requests + feedback you submit. We strip email-shaped strings from public surfaces.
  • Sign-in identity via Clerk (email, name, role). The full Clerk privacy policy applies on top of ours.

What we do not collect or do

  • No card data, no payment-method on file. Stripe is not connected for the first public launch.
  • No calls to OpenAI / Anthropic from public surfaces by default (the AI Gateway is off).
  • No external posting / sending / publishing on your behalf. The MCP runtime is read-only and partner-key gated.
  • No arbitrary creator code upload. Creator submissions are metadata-only.
  • No selling of your data. No advertising network embedded.

Where data lives

Application data lives in Postgres (Neon). Auth data lives in Clerk. Drafts you keep before signing in stay in your browser (localStorage), never on our server.

What you should not paste into prompts

Do not paste passwords, API keys, customer card numbers, or any other secret into a helper form, Ask Midas, or a support message. Use a description instead. We will not be able to recover or help you rotate a leaked secret.

Security & certifications

Midas Agents is an early-stage product. We do not claim SOC2, GDPR, HIPAA, ISO, or PCI certifications. We follow common-sense engineering practices, keep secrets server-side, and rotate them when they are exposed. Use the platform accordingly.

Contact / takedown requests

Use /contact for any privacy, data-deletion, or takedown request. A human reads every message — please do not include passwords or API keys.