Privacy Policy
Last updated: 23 May 2026
1. Who we are
Midtide Ltd ("Midtide", "we", "us"), registered in the United Kingdom, operates the Midtide website and platform at midtide.co. We provide website-building software to estate agents and property businesses. For personal data processed through your Midtide account and our marketing site, Midtide is the data controller. Contact: hello@midtide.co.
2. Scope of this policy
This Privacy Policy explains how we handle personal data when you visit midtide.co, create a Midtide account, use the dashboard, subscribe, or contact us. It does not replace the privacy policy on websites our customers publish for their own businesses. Visitors to those customer websites should read the site operator's privacy policy. Midtide typically acts as a data processor for personal data submitted through customer website contact forms, as described in section 11.
3. Information we collect
Account and profile data: name, email address, authentication identifiers (including when you sign in with Google), account preferences such as dashboard language, and records of websites you create. Billing data: subscription plan, Stripe customer and subscription identifiers, and payment status (payment card details are handled by Stripe, not stored by us). Content you provide: company names, property listings, website content, images, and configuration settings. Usage and technical data: pages viewed on midtide.co and in the dashboard, feature usage, IP address, browser type, device information, referral URLs, and similar diagnostics. Communications: messages you send via our contact forms, support requests, and email correspondence. Cookies and similar technologies: as described in section 8.
4. How we use information
We use personal data to: provide, operate, and secure the Service; create and manage your account; process subscriptions and payments; host and deliver customer websites; provide support; send service-related messages (such as security, billing, and product notices); analyse and improve the platform; comply with legal obligations; and defend legal claims. We do not sell your personal data.
5. Legal bases (UK/EU)
Where UK GDPR or EU GDPR applies, we rely on: Contract — to provide the Service you signed up for. Legitimate interests — to secure, improve, and analyse the platform, prevent abuse, and communicate about the Service in a proportionate way. Consent — for non-essential analytics cookies on midtide.co and the dashboard where required. Legal obligation — where we must retain or disclose data by law. You may object to processing based on legitimate interests as described in section 10.
6. Sharing and sub-processors
We share personal data with service providers who process it on our instructions, including: Supabase (authentication, database, and hosting infrastructure); Stripe (payments and subscription management); Resend (transactional and contact-form email delivery); Mixpanel (product analytics, EU infrastructure); Google (optional OAuth sign-in; Google Analytics on the dashboard when enabled and consented); Sentry (error monitoring); Vercel (application hosting); Cloudflare R2 (media storage and delivery); MapTiler (map tiles where used); and other providers we engage to operate the Service. We may also disclose data if required by law, to protect rights and safety, or in connection with a merger or acquisition. A current list of sub-processors may be provided on request.
7. International transfers
We and our sub-processors may process data in the United Kingdom, European Economic Area, United States, and other countries. Where personal data is transferred outside the UK or EEA, we implement appropriate safeguards such as UK International Data Transfer Agreements and EU Standard Contractual Clauses, unless an adequacy regulation applies.
8. Cookies and analytics
On midtide.co and the Midtide dashboard we use: Strictly necessary cookies — including Supabase session cookies for authentication and a cookie that stores your analytics consent choice. These do not require consent. Analytics — with your consent, we use Mixpanel (via our own servers) to understand product usage, and Google Analytics on the dashboard to measure traffic. You can accept or reject non-essential analytics via the cookie banner, or disable client-side tracking in admin settings. Customer websites hosted on Midtide use separate, cookieless server-side analytics for visitor page views as described in those sites' privacy policies; that tracking does not use the midtide.co cookie banner.
9. Data retention
We retain account and website data while your account is active and as needed to provide the Service. If you delete your account or a website, we delete or anonymise data within a reasonable period, except where we must retain it for legal, security, billing, or dispute-resolution purposes. Analytics data is retained according to our analytics providers' settings and our internal retention schedules.
10. Your rights
Depending on your location, you may have the right to access, rectify, erase, restrict, or object to processing of your personal data, and to data portability where applicable. You may withdraw consent at any time where processing is consent-based (for example analytics cookies). To exercise rights relating to Midtide's processing, contact hello@midtide.co. UK residents may complain to the Information Commissioner's Office (ico.org.uk). EU residents may contact their local supervisory authority.
11. Customer websites and contact forms
When a visitor submits a contact form on a website you publish through Midtide, you are the data controller and Midtide processes that submission as a processor to relay the message to you. We do not use visitor contact-form content for our own marketing. You are responsible for your privacy policy, lawful basis, and handling enquiries. Our platform terms require you to comply with applicable data protection law.
12. Security
We implement technical and organisational measures designed to protect personal data, including access controls, encryption in transit, and monitoring. No method of transmission or storage is completely secure; please use a strong password and keep credentials confidential.
13. Children
The Service is intended for businesses and is not directed at children under 18. We do not knowingly collect personal data from children.
14. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. Material changes may also be communicated by email or in-product notice where appropriate.
15. Contact us
Privacy questions or requests: hello@midtide.co. Midtide Ltd, United Kingdom.