Skip to main content
Book a Demo

Legal

Privacy Policy

Effective date: February 1, 2026  ·  Last updated: February 19, 2026

Note to institutional clients: This Privacy Policy governs information MidLyr, Inc. collects through this website and in connection with sales and business development activities. Data processing activities performed by MidLyr on behalf of financial institution clients under executed agreements are governed by the applicable Data Processing Addendum or Master Services Agreement, not this Policy.

1. Who We Are

MidLyr, Inc. ("MidLyr," "we," "our," or "us") is a Delaware corporation that provides AI-native banking infrastructure software to financial institutions. Our registered address is on file with the Delaware Secretary of State. We operate this website at midlyr.com (the "Site").

For purposes of applicable data protection law, MidLyr is the data controller for personal information collected through this Site.

2. Scope of This Policy

This Policy applies to personal information we collect when you:

  • Visit or use this Site;
  • Submit a contact or inquiry form;
  • Download resources such as product briefs or security documentation;
  • Correspond with us by email, telephone, or other means; or
  • Interact with us in a sales, marketing, or business development context.

This Policy does not apply to information that MidLyr processes as a service provider on behalf of financial institution clients under executed agreements. Such processing is governed by the applicable contractual data protection terms between MidLyr and the relevant institution.

3. Information We Collect

3.1 Information You Provide Directly

  • Contact and inquiry information: When you complete a contact form, schedule a conversation, or reach out to us, we collect your name, business email address, job title, company name, and any message content you provide.
  • Event and webinar registrations: Name, email address, company, and any other fields presented in the registration form.
  • Correspondence: Records of emails, call notes, and other communications between you and MidLyr personnel.

3.2 Information Collected Automatically

  • Usage data: Pages visited, time spent, links clicked, referring URLs, and navigation paths within the Site.
  • Device and browser data: IP address, browser type and version, operating system, screen resolution, and language preferences.
  • Cookies and similar technologies: As described in our Cookie Policy.

3.3 Information from Third Parties

We may receive professional contact information from business networking platforms, data enrichment providers, or referral partners in connection with our sales and marketing activities. We use this information solely for legitimate B2B outreach purposes.

4. How We Use Information

We use the information we collect for the following purposes:

  • Responding to inquiries: To answer questions, schedule demonstrations, and communicate about our products and services.
  • Sales and business development: To identify and contact prospective institutional clients on a business-to-business basis.
  • Site improvement: To understand how visitors use our Site and to improve its content, navigation, and functionality.
  • Security and fraud prevention: To detect, investigate, and prevent fraudulent transactions or unauthorized access to our systems.
  • Legal compliance: To comply with applicable laws, regulations, court orders, and other legal obligations.
  • Communications: To send relevant product updates, insights, and event invitations to business contacts who have not opted out.

Legal bases (for EEA/UK individuals): We process personal information on the bases of legitimate interests (B2B outreach, Site analytics, security), contractual necessity (responding to inquiries), and legal obligation. Where we rely on legitimate interests, we have assessed that our interests are not overridden by your fundamental rights. You may object to processing based on legitimate interests at any time.

5. Sharing Information

MidLyr does not sell personal information. We share personal information only in the following circumstances:

  • Service providers: We engage vendors who assist with CRM, marketing automation, analytics, infrastructure, and legal services. These vendors process data only on our instructions and under appropriate confidentiality obligations.
  • Professional advisers: Lawyers, accountants, auditors, and insurers who provide professional services to MidLyr under confidentiality obligations.
  • Corporate transactions: In connection with a merger, acquisition, financing, or sale of all or a portion of our business, subject to standard confidentiality obligations.
  • Legal requirements: Where required by applicable law, regulation, court order, or lawful request from government authorities, to the extent permitted by law.
  • Protection of rights: Where necessary to protect the rights, property, or safety of MidLyr, our clients, or others.

6. Data Security

We implement technical and organizational security measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our platform infrastructure operates under SOC 2 Type II and ISO 27001 certifications, independently audited on an annual basis.

Notwithstanding the foregoing, no data transmission over the internet or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately using the details in Section 12.

7. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For business contact information collected in a sales or marketing context, we review and purge inactive records on a periodic basis, typically no longer than three (3) years from the date of last meaningful interaction. You may request deletion at any time as described in Section 8.

8. Your Rights

Depending on your location, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request erasure of your personal information, subject to applicable legal retention obligations.
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Restriction: Request that we restrict processing of your information in certain circumstances.
  • Portability: Receive your information in a structured, machine-readable format (where technically feasible).
  • Opt-out of marketing: Unsubscribe from marketing communications at any time using the link in any email or by contacting us directly.

To exercise any of these rights, contact us at legal@midlyr.com. We will respond within the timeframe required by applicable law (generally 30 days). We may need to verify your identity before processing certain requests.

If you are located in the EEA or UK and believe we have not addressed your concern adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

9. International Transfers

MidLyr is headquartered in the United States. If you are located outside the United States, please be aware that information we collect may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your country.

Where required, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission, to legitimize cross-border transfers of personal information from the EEA, UK, or Switzerland to third countries.

10. Children's Privacy

MidLyr's services are directed exclusively to financial institutions and business professionals. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MidLyr, Inc.

Attn: Legal & Privacy

Email: legal@midlyr.com