Privacy Policy
Last updated: April 16, 2026
MYDWARE IT Solutions Inc. ("MYDWARE", "we", "us") operates the business-operations platform available at app.mydware.com (the "Service"). This policy explains what information we collect, why we collect it, how we use it, how we protect it, and the choices you have.
If you have any questions about this policy, contact us at privacy@mydware.com.
1. Who this policy applies to
This policy applies to:
- Authorized users of the Service (our staff and the staff of partner organizations granted access by us).
- End customers whose records our users process inside the Service (CRM contacts, payroll records, support tickets, CDRs, etc.).
- Visitors to the public pages of
app.mydware.com. - Social-media account owners who connect a Facebook Page, LinkedIn profile, X (Twitter) account, or other social network to the Service's Social Scheduler module.
2. Information we collect
2.1 Information you provide
- Account credentials (name, email, phone, hashed password, MFA secret).
- Business records you create or import into the Service (contacts, invoices, tickets, contracts, calls, HR records, social posts, etc.).
- OAuth tokens issued by third-party platforms when you connect an integration (Microsoft 365, Facebook, LinkedIn, X, Sophos, HaloPSA, 3CX, and others).
2.2 Information we collect automatically
- Session cookies, CSRF tokens, last-interaction timestamps.
- IP address, browser user-agent, and access times (for security logging and abuse prevention).
- Application telemetry — audit logs of who did what inside the Service.
2.3 Information received from integrations
When you connect a third-party account, we retrieve only the data required to perform the task you requested:
| Integration | Data received | Purpose |
|---|---|---|
| Facebook Pages | Page list, Page access token, your name, Page posts we publish | Publishing social posts you create in the Social Scheduler |
| Profile id, access token, profile name, posts we publish | Publishing social posts | |
| X (Twitter) | User id, access token, tweets we publish | Publishing social posts |
| Microsoft 365 (Graph) | Mailbox messages (only for explicitly-scoped mailboxes such as importantdates-shared@mydware.com and 3cx-transcriptions@mydware.com) |
Calendar sync, transcript ingestion |
| HaloPSA, 3CX, Sophos, Pax8, Dropsuite, ITGlue, etc. | Account, asset, ticket, billing and CDR records | Business operations workflows you initiate |
We never purchase or sell personal data.
3. How we use your information
We use collected information to:
- Provide and operate the Service.
- Authenticate users, enforce MFA, detect abuse, and ban hostile IPs.
- Publish social media content you explicitly schedule through the Social Scheduler.
- Send transactional emails you have configured (cron job summaries, notifications, password resets).
- Comply with legal obligations and enforce our Terms of Service.
4. How we share information
We do not sell personal information. We share data only with:
- The third-party platforms you connect (e.g., publishing a social post pushes that post's content to Facebook/LinkedIn/X per your instruction).
- Sub-processors we rely on to operate the Service — cloud hosting, email delivery, OpenAI / Anthropic / Gemini for AI-assisted content generation when you use those features.
- Law enforcement or regulators when required by valid legal process.
5. Data retention and deletion
- Authenticated user accounts: retained while the account is active and for up to 12 months after deactivation, then purged except where legally required.
- Business records created in the Service: retained for as long as the owning organization requires; the organization's admin can delete them at any time.
- OAuth tokens for social integrations: deleted immediately when you disconnect the integration or revoke access from the provider's side.
- Publishing records and audit logs: retained up to 24 months for compliance and diagnostics.
To request deletion of your personal data, see the Data Deletion Instructions.
6. Facebook / Meta Platform Terms
When you use the Social Scheduler to connect a Facebook Page, we operate as a consumer of the Facebook Pages API subject to the Facebook Platform Terms and Developer Policies. Specifically:
- We only request the minimum permissions required to publish posts you explicitly create:
pages_show_list,pages_read_engagement,pages_manage_posts,pages_manage_metadata. - We never access Facebook data for any purpose other than executing actions you initiated.
- We do not use Facebook Platform data to build user profiles, sell to data brokers, or power advertising.
- If you revoke access inside Facebook (Settings → Business Integrations), we detect the revocation on the next token refresh and purge the stored token.
7. Your rights
Depending on where you live, you have the right to:
- Request a copy of your personal data.
- Correct inaccurate data.
- Delete your personal data (subject to legal retention obligations).
- Withdraw consent for specific processing.
- Lodge a complaint with your local privacy regulator (e.g. Office of the Privacy Commissioner of Canada, ICO, EDPB supervisory authority).
To exercise any of these rights, email privacy@mydware.com.
8. Security
We protect your data using encryption in transit (HTTPS), encryption at rest for secrets and tokens, role-based access control, two-factor authentication for all staff, least-privilege OAuth scopes, per-tenant database isolation of sensitive records, and 24/7 endpoint and network monitoring through our own Sophos-based SOC.
9. Children
The Service is not directed to children under 16 and we do not knowingly collect data from children.
10. Changes to this policy
We may update this policy from time to time. The "Last updated" date above reflects the most recent revision. Material changes will be announced to authorized users inside the Service.
11. Contact
MYDWARE IT Solutions Inc. Ontario, Canada Email: privacy@mydware.com