Data Security & Privacy Whitepaper

01Our Commitment to Your Security

Agent Midas is built by Buji Development Corporation, headquartered in Atlanta, Georgia. We are an AI-powered business operating system that handles sensitive business data including customer records, financial transactions, marketing content, and personal information.

We believe that security is not a feature — it is a foundation. Every architectural decision, every code review, and every deployment pipeline is built with the assumption that your data is sacred. This whitepaper describes how we protect it.

Our subscription-based business model means we have zero incentive to monetize your data. You are our customer, not our product.

02Architectural Overview: How Your Data Is Isolated

Agent Midas operates on a multi-tenant architecture with strict data isolation at the database level. Every subscriber's data is stored in shared PostgreSQL tables (Supabase) but enforced with Row-Level Security (RLS) policies that make it physically impossible for one subscriber to access another's records.

Key architectural components: Supabase (PostgreSQL 15 with pgvector), Cloudflare CDN and WAF, DigitalOcean infrastructure (Atlanta production, San Francisco development), and a dedicated Toronto sidecar for audio transcription (data is never stored permanently).

03Data Classification: Four Levels of Protection

04Encryption Standards

At rest: All data stored in Supabase PostgreSQL is encrypted with AES-256 via the hosting provider's disk-level encryption. Supabase applies additional column-level encryption for critical fields.

In transit: All connections use TLS 1.3 minimum. HTTP requests are automatically upgraded to HTTPS via Cloudflare. API-to-database connections use encrypted channels. WebSocket connections (MidasMeet, MidasChat) are secured via WSS.

Key management: Encryption keys are managed by Supabase's infrastructure (AWS KMS). Application-level secrets are stored in environment variables, never in source code.

05Authentication and Access Control

Authentication is handled by Supabase Auth with JWT tokens. Sessions are short-lived (1 hour) with automatic refresh. Role-based access is enforced through subscriber_tags and the feature_gates system, which controls access to all 34 platform features based on subscription tier.

Support team access requires explicit subscriber consent (24-hour window) through the Settings > Privacy panel. All support access is logged with timestamps.

06Multi-Factor Authentication (MFA)

Agent Midas supports TOTP-based multi-factor authentication (Google Authenticator, Authy, etc.). When enabled, subscribers must provide a time-based one-time password in addition to their credentials. MFA enrollment status is tracked per subscriber, and recovery codes are provided during setup.

07Third-Party Integration Security (OAuth 2.0)

Social login providers (Google, Apple, Facebook) are integrated via OAuth 2.0 with PKCE flow. Agent Midas never receives or stores social login passwords. OAuth tokens are managed by Supabase Auth and stored encrypted. Third-party integrations (Google Drive for RAG, Nango for social media) use scoped OAuth grants — we request only the minimum permissions required.

08Plaid Banking Integration: Bank-Grade Security

Banking data for affiliate payouts is handled exclusively through Plaid Link. Agent Midas never sees, stores, or transmits bank account numbers, routing numbers, or login credentials. Plaid provides a tokenized access layer — we receive only an access token that authorizes specific operations. Plaid is SOC 2 Type II certified and undergoes annual third-party audits.

09Row-Level Security: Database-Enforced Isolation

Every table containing subscriber data has PostgreSQL Row-Level Security (RLS) policies enabled. These policies enforce that database queries can only return rows belonging to the authenticated subscriber. This is enforced at the database engine level — even if application code contained a bug, the database itself would prevent cross-subscriber data access.

RLS policies are applied to: crm_subscribers, crm_contacts, crm_activities, token_balance, token_consumption, daily_blogs, midas_meet_rooms, midaschat_channels, fin_commissions, fin_payouts, and all other subscriber-scoped tables.

10Infrastructure and Network Security

Cloudflare WAF: All traffic passes through Cloudflare's Web Application Firewall, which blocks SQL injection, XSS, and other OWASP Top 10 attacks before they reach our servers.

Bot Management: Automated abuse detection blocks credential stuffing, scraping, and DDoS attempts. Rate limiting is enforced at both the CDN and application layers.

SSL/TLS: Full strict SSL mode. All certificates are managed automatically. HSTS headers enforce HTTPS-only access.

Load Balancing: Cloudflare load balancer distributes traffic between production (Atlanta) and failover (San Francisco) with automatic health checks every 30 seconds.

Container Isolation: Tier 5+ subscribers who use the ODSS Forge Engine (app development) receive isolated sandbox containers. Code execution is sandboxed and cannot access the main platform, other subscribers, or host infrastructure.

11Fraud Detection: SENTINEL-PAY and Hermes

Agent Midas employs an 8-signal fraud detection engine called SENTINEL-PAY that analyzes every financial transaction in real-time. Signals include: velocity checks, geographic anomalies, device fingerprinting, behavioral patterns, IP reputation, transaction amount analysis, time-of-day patterns, and payment method risk scoring.

High-risk transactions are escalated to Hermes (powered by DeepSeek R1), an AI-based fraud scoring engine that provides a confidence score between 0-100. Transactions scoring above the threshold are flagged for manual review before processing.

12AI Data Handling: What Our AI Does and Does Not Do

What we DO: Use your dossier answers and business data to personalize AI responses within YOUR session. Process your content through our Supra Intelligence Engine (10 LLMs) to generate business-specific output. Store conversation context to improve your experience over time.

What we DO NOT do: Train any AI model on your data. Sell, share, or license your data to any third party. Use your data to improve other subscribers' experiences. Allow AI models to retain your data after processing. Send your data to AI providers in a way that allows them to train on it (all API calls use opt-out flags where available).

All LLM API calls are made server-side. Your data never leaves our infrastructure in raw form — only processed prompts are sent to AI providers, and responses are received and stored within our secured environment.

13Consumer Consent Management

Agent Midas operates on an opt-in basis. Subscribers explicitly consent to data processing during registration by accepting our Terms of Service. Email communications follow granular preference controls — subscribers can opt out of marketing emails while continuing to receive transactional notifications. Every marketing email includes an unsubscribe link.

14Data Retention and Deletion

When a subscriber cancels their account, data is retained for 30 days (grace period for reactivation). After 30 days, a deletion queue processes the complete removal of all subscriber data including: CRM contacts, financial records, content, conversations, analytics, and personal information. Deletion is irreversible and logged.

Subscribers can request immediate deletion at any time through Settings > Delete Account. Financial records required for tax compliance (commission payments, invoices) are retained for 7 years as required by law, but anonymized.

15Vulnerability Management and Penetration Testing

Dependencies are scanned automatically via npm audit on every build. Critical vulnerabilities are patched within 24 hours. High-severity vulnerabilities within 72 hours. We run automated security scans on every code deployment.

Responsible disclosure: Security researchers can report vulnerabilities to [email protected]. We do not pursue legal action against good-faith security research.

16Incident Response

Our incident response follows a 4-phase protocol: (1) Detection — automated monitoring alerts on anomalies, (2) Containment — isolate affected systems within 1 hour, (3) Eradication — remove the threat and patch the vulnerability, (4) Recovery — restore services and conduct post-mortem.

Affected subscribers are notified within 24 hours of a confirmed data breach, in compliance with GDPR and state breach notification laws.

17Regulatory Compliance

Agent Midas follows SOC 2 Type II practices for data security, availability, processing integrity, confidentiality, and privacy. We are GDPR-compliant for European subscribers (data portability, right to erasure, DPA available) and CCPA-compliant for California residents.

Our Data Processing Addendum (DPA) is available at agentmidas.xyz/legal/dpa and can be executed by enterprise subscribers upon request.

18Plaid Attestation Compliance (8 Requirements)

19Continuous Monitoring and Audit

Automated monitoring covers: server uptime (30-second health checks via Cloudflare), error rate tracking (PM2 process monitoring), database performance (Supabase dashboard), API response times, token consumption anomalies, and fraud detection alerts (SENTINEL-PAY).

Quarterly security reviews include: dependency audit, access control review, RLS policy verification, encryption key rotation assessment, and incident log review.

20Your Rights as a Subscriber

Right to Access: View all data we hold about you through your dashboard or by requesting a data export.

Right to Correction: Update your personal information at any time through Settings.

Right to Deletion: Request complete deletion of your account and all associated data.

Right to Portability: Export your CRM contacts, content, and analytics in standard formats.

Right to Object: Opt out of marketing communications while retaining full platform access.

Right to Restrict Processing: Limit how we use your data for specific purposes.