This Privacy Policy explains how Modos AI, Inc. (“Modos”, “we”, “us”, or “our”) collects, uses, discloses, and otherwise processes personal information in connection with our AI-powered software platform, our websites at modos.ai (and subdomains), and related products and services (collectively, the “Service”).
1. Scope; Controller vs. Processor
This Privacy Policy applies when Modos determines the purposes and means of processing personal information ("controller" role). Examples include:
- Visitors to our marketing website at modos.ai;
- Individuals who sign up for a Modos account, free trial, or evaluation;
- Individuals who contact us for sales, support, or other inquiries; and
- Job applicants and event attendees.
Where Modos processes personal information on behalf of a business customer ("Customer") under a Customer agreement — for example, where the Customer's employees use the Service through an account provisioned by their employer, or where personal information is included in Customer Data uploaded to the Service — Modos acts as a service provider or processor for that Customer. In that role, Modos handles personal information in accordance with the Customer's instructions and applicable law, and the Customer (not Modos) is the entity responsible for responding to data-subject requests. If you interact with the Service through your employer or another organization, please contact that organization first about your privacy rights regarding their account and the data they upload.
2. Personal Information We Collect
We collect personal information in three buckets:
2.1 Information you provide
- Account information. Name, work email, password, organization, role/title, and similar identifiers when you create an account or are invited to one.
- Payment information. Billing name, billing address, payment method details, and transaction history. Card numbers are collected and processed by our payment processor; we do not store full card numbers on our systems.
- Customer Data and Inputs. Files, prompts, code, text, and other content that you or your Authorized Users upload to or generate through the Service. This may include personal information you choose to include in those materials.
- Communications. Information you provide when you contact us — for example, the contents of emails, support tickets, sales inquiries, and survey responses.
- Marketing preferences. Email subscription choices and event-registration information.
2.2 Information collected automatically
When you use the Service or our website, we and our service providers automatically collect:
- Device and connection data. IP address, device type, operating system, browser type and settings, language preferences, and similar information.
- Log and usage data. Dates and times of access, pages or features viewed, clicks, referring URLs, search terms, error messages, and other interactions with the Service.
- Approximate location. Derived from IP address for security, fraud prevention, and product analytics. We do not collect precise GPS location.
- Cookies and similar technologies. Cookies, pixels, local storage, and SDKs used for authentication, preferences, security, analytics, and (on our marketing site) measuring marketing effectiveness. See Section 7.
2.3 Information from third parties
- Authentication providers. If you sign in using a third-party identity provider (for example, Google or Microsoft SSO), we receive basic profile information from that provider as authorized by you or your administrator.
- Business contact and enrichment data. From sales-intelligence providers, public sources, and event partners.
- Customer administrators. When you are added to a Customer's workspace, we receive your name and email from your administrator.
2.4 Information we do not knowingly collect
The Service is intended for business use by adults. We do not knowingly collect personal information from children under 13 (or under 16 where applicable). We do not request, and the Service is not designed to handle, government-issued IDs, biometric identifiers, precise geolocation, or special categories of data such as health, genetic, or religious information.
3. How We Use Personal Information
We use personal information to:
- Provide and operate the Service, including authenticating users, processing Inputs and generating Outputs, supporting integrations, processing payments, and providing customer support.
- Maintain and improve the Service, including debugging, performance monitoring, capacity planning, internal analytics, and developing new features. As described in Section 4, we do not use Customer Data to train AI models.
- Communicate with you, including sending operational messages (security alerts, billing notices, service announcements), responding to inquiries, and — with your permission where required — sending marketing communications about Modos products and events.
- Secure the Service, including detecting and investigating fraud, abuse, security incidents, and violations of our Terms of Service.
- Comply with legal obligations and protect rights, including responding to lawful requests, enforcing our agreements, and protecting the rights, safety, and property of Modos, our users, and others.
- Conduct business operations, including accounting, audit, legal compliance, corporate transactions, and managing our relationships with vendors and partners.
We may also process personal information for any other purpose described to you when we collect it or that you consent to.
4. AI Models and Customer Data
Modos' Service uses machine-learning models, including models we operate ourselves and models operated by third-party providers we have engaged.
- No training on Customer Data. Modos does not use Customer Data, Inputs, or Outputs to train, fine-tune, or otherwise improve any generally available machine-learning model, and does not permit our model providers to do so. Limited exceptions apply only where (i) you expressly opt in, (ii) Customer Data is flagged for security or trust-and-safety review and is used solely to investigate and improve abuse-detection systems, or (iii) data has been irreversibly aggregated or de-identified.
- Service providers and model providers. Inputs and Outputs may be transmitted to third-party model providers strictly for the purpose of generating responses for you. These providers are contractually bound to handle the data in accordance with our agreements and not to use it for their own purposes (including training).
- Aggregated and de-identified data. We may use aggregated or de-identified usage data — that does not identify you, your organization, or any individual — to monitor system performance, debug, and improve the Service.
A current list of subprocessors used by Modos is available on request by emailing privacy@modos.ai.
5. Google Workspace Data
Modos AI, Inc.'s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Google Workspace data we access and why. When you connect a Google account, Modos accesses only the data needed for the features you enable:
- Gmail (
gmail.modify) — to read your email for work context and to draft and send replies on your behalf, always behind a human approval step. - Google Calendar (
calendar.readonly) — read-only, for meeting and event context. - Google Drive, Docs, and Sheets — on the organizational path your Workspace administrator authorizes via domain-wide delegation, to read documents for context and to write back content your team approves.
- Google Admin Directory (read-only) — to resolve the users and groups in your organization for accurate identity mapping.
How we handle it. Google Workspace data is stored in a tenant-isolated knowledge graph hosted in our cloud environment (AWS, United States), logically separated per customer. We retain it only for the duration of your subscription and delete or de-identify it within 30 days after your subscription ends, except for limited retention for legal, audit, security, or backup-rotation purposes (see Section 9). If you disconnect a connected Google account or ask us to delete your Google Workspace data, we delete or de-identify the data ingested from that account within 30 days of your request, subject to the same limited exceptions. We do not use it to train or improve generalized AI/ML models, we do not sell it, and we do not use it for advertising. Humans do not read your Google Workspace data except (i) with your documented, affirmative consent to read specific data — for example, your own review and approval of an agent-drafted action; (ii) as necessary for security purposes, such as investigating abuse; (iii) to comply with applicable law; or (iv) where the data has been aggregated and anonymized and used for internal operations in accordance with applicable privacy and other jurisdictional legal requirements. (Cross-reference Section 4 for our model-training commitments.)
Sub-processors that receive Google Workspace data. Amazon Web Services (cloud hosting and storage) and Anthropic (large-language-model inference). Both are bound by data-processing terms that prohibit using your data to train their models.
7. Cookies and Similar Technologies
We and our service providers use cookies and similar technologies on our marketing website and within the Service for the following purposes:
- Strictly necessary — authentication, session management, security, and load balancing. These cannot be disabled without breaking the Service.
- Functional — remembering preferences, language, and similar settings.
- Analytics — understanding how the Service and website are used, so we can improve them.
- Marketing — measuring the effectiveness of marketing campaigns on our website (we do not use marketing cookies inside the authenticated Service to target advertising at users).
Most browsers let you refuse or delete cookies. If you disable cookies, parts of the Service may not work properly. We currently respond to Global Privacy Control (GPC) signals from your browser as a request to opt out of "sharing" or "sale" of personal information under applicable U.S. state laws, where applicable; we do not currently respond to other "Do Not Track" signals because there is no industry standard.
8. Data Security
We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, and destruction. These include encryption in transit (TLS), encryption at rest, access controls, logging, employee training, and vendor due diligence. No system is perfectly secure, and we cannot guarantee that Customer Data or other personal information will never be subject to a security incident. You also play a role in protecting your data — use a strong password, keep credentials confidential, and notify us promptly at security@modos.ai of any suspected unauthorized use.
A more detailed description of Modos' security program is available in our Security Whitepaper, shared on request under NDA.
9. Data Retention
We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods depend on the type of information and the context:
| Information | Retention period |
|---|---|
| Account information | for the life of your account, plus a reasonable period after closure. |
| Customer Data | for the duration of the Customer's subscription, then deleted or de-identified within 30 days after termination, except for limited retention for legal, audit, security, or backup-rotation purposes. |
| Google Workspace data | for the duration of your subscription; deleted or de-identified within 30 days after it ends, except for limited retention for legal, audit, security, or backup-rotation purposes (see Section 5). |
| Billing and tax records | typically 7 years to meet financial-record-keeping requirements. |
| Marketing communications data | until you unsubscribe or request deletion, unless we have a legal obligation to retain it. |
| Logs and security data | typically 12 months. |
When personal information is no longer needed, we delete, de-identify, or anonymize it.
10. Your Privacy Rights
Depending on where you live, you may have certain rights regarding your personal information. To exercise any of these rights, email privacy@modos.ai from the email address associated with your account. We may need to verify your identity before fulfilling a request.
If you interact with the Service as an employee or other authorized user of a Customer, please contact that Customer first — Modos acts as a processor for the Customer's data and will refer the request to the Customer.
10.1 California residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what categories and specific pieces of personal information we have collected about you, the sources, the purposes for collection, and the categories of third parties with whom we share it;
- Access a copy of your personal information in a portable format;
- Delete personal information we have collected from you, subject to legal exceptions;
- Correct inaccurate personal information;
- Limit use of "sensitive personal information" — though we do not collect sensitive personal information for purposes that would trigger this right;
- Opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising — we do not sell or share personal information as those terms are defined under California law; and
- Non-discrimination — we will not deny goods or services, charge different prices, or provide a different level of quality because you exercise these rights.
You may designate an authorized agent to make a request on your behalf, in accordance with the CCPA and its regulations.
Categories of personal information collected, sources, and disclosures. In the past 12 months, we have collected the categories of personal information described in Section 2 (identifiers, commercial information, internet/network activity, geolocation derived from IP, professional information, and inferences from these), from the sources described in Section 2.3, for the purposes described in Section 3, and disclosed them to the categories of third parties described in Section 6 for business purposes only.
Notice of financial incentive. We do not offer financial incentives in exchange for personal information.
Shine the Light. Under California Civil Code §1798.83, California residents may request information about disclosures of personal information to third parties for those third parties' direct marketing purposes. We do not make such disclosures.
10.2 Other U.S. state residents
Residents of other U.S. states with comprehensive privacy laws (including, currently, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others) have rights similar to those in Section 10.1 — including rights to access, delete, correct, and obtain a portable copy of personal information, and to opt out of targeted advertising, sale of personal information, and certain profiling. We honor these rights for residents of states whose laws apply. To exercise any of these rights, contact privacy@modos.ai. If we deny your request, you may appeal by replying to our denial; we will respond to appeals within the time required by your state's law.
10.3 Nevada residents
Nevada residents may opt out of the future sale of certain personal information to third parties who would license or sell it. We do not engage in such sales, but you may submit an opt-out request to privacy@modos.ai with the subject "Nevada Opt-Out" for our records.
10.4 Choices for everyone
- Account information — you can review and update most account details directly in the Service.
- Marketing emails — you can unsubscribe at any time using the link at the bottom of marketing messages, or by emailing privacy@modos.ai. We will continue to send essential service-related messages.
- Cookies — see Section 7.
11. International Users
The Service is operated from the United States. If you access the Service from outside the United States, you understand that your personal information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate. These countries may have different data-protection rules than your country. By using the Service, you consent to this transfer.
This Privacy Policy is written for U.S. residents and does not address all rights and obligations under non-U.S. privacy laws. If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with specific data-protection laws, please contact privacy@modos.ai for additional information.
12. Third-Party Sites and Services
The Service and our website may contain links to third-party sites and integrations with third-party services. We are not responsible for the privacy practices of those third parties; please review their policies.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address associated with your account), by a notice in the Service, or by another reasonable means before the change takes effect. The "Effective date" at the top of this Policy indicates when it was last updated. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of personal information, please contact:
Modos AI, Inc.
ATTN: Privacy
21 Littlewood Dr, Piedmont, CA 94611
Email: privacy@modos.ai