Privacy Policy

Effective date:

July 1, 2026

Last Updated:

July 8, 2026

Overview

This Privacy Policy describes how Modio AI, Inc. (“Modio,” “we,” “us,” or “our“) collects, uses, shares, and protects information in connection with the Modio websites, web application, iOS application, APIs, and related services (collectively, the “Service“), and the choices and rights available to you. Capitalized terms not defined here have the meaning given in our Terms of Service.

Our core privacy commitments, stated up front and repeated in binding detail below: (1) we do not use your content — uploads, prompts, or generated results — to train any AI model; (2) your content is private by default and never made public by us; (3) we do not sell personal information; and (4) deleting your content or account actually deletes it, on the published timelines.

1. Information We Collect

(a) Information you provide directly

  • Account and profile information: name, email address, password (stored in hashed form), company or brand name, role, workspace settings.

  • Customer Content: product photography, brand assets, style references, brand guidelines, catalog data, and other materials you upload so the Service can work for your brand.

  • Prompts and instructions: the briefs, prompts, and feedback you give the Service’s agent, and the configuration of your Brand Profiles.

  • Payment and transaction information: processed by our payment providers (Stripe for web; Apple for iOS purchases). We receive transaction confirmations, plan and Credit details, and billing country — never full card numbers.

  • Communications: support requests, survey responses, and correspondence with us.

(b) Information from third-party sign-in

If you register or sign in via a supported identity provider (e.g., Apple, Google), we receive your name, email address, and an account identifier from that provider, per its authorization screens.

(c) Information from connected platforms

When you connect a third-party platform (e.g., Shopify), we receive the data reasonably necessary for the integration to function — product catalog entries, product imagery, and store metadata. We do not import your store’s customer personal data beyond what the integration strictly requires, and we do not use connected-platform data for any purpose other than providing the Service to you.

(d) Information collected automatically

  • Usage information: features used, campaigns and assets created, Credit consumption, agent interactions, session activity, referral pages.

  • Device and log information: IP address, browser and operating-system type and version, device identifiers, language, time zone, crash and error logs, timestamps of access.

  • Approximate location: derived from IP address, used for security, localization, and tax compliance. We do not collect precise GPS location.

(e) Cookies and similar technologies

We and our service providers use cookies, SDKs, local storage, and similar technologies as described in Section 6.

(f) Email interaction data

Our transactional and marketing emails may contain standard open/click measurement. You can opt out of marketing email at any time (Section 9(b)); transactional service email is not tracked for marketing purposes.

(g) Information you should not provide

The Service is a creative tool for brand content. Do not upload government identifiers, financial account numbers, health information, or biometric identifiers. See the Terms of Service for content rules, including the consent requirements for images of real people.

2. How We Use Your Information

We use the information described in Section 1 to:

(a) Provide and operate the Service — generate your content, operate Agentic Features, maintain your workspace and Brand Profiles, synchronize across devices, and honor your Credit balances; (b) Personalize the Service for your brand — build and apply the Brand Profile that makes output match your products and style, used solely for your workspace (Section 3); (c) Process transactions — subscriptions, Credits, invoicing, and tax compliance; (d) Communicate with you — service, security, and billing notices (always), and product news and marketing where permitted (with opt-out, and opt-in consent where the law requires); (e) Analyze and improve the Service — aggregate analytics on feature usage, funnels, performance, and reliability, using usage metadata and not the content of your uploads or generations; (f) Measure our own marketing — attribution and conversion measurement for Modio’s advertising (Section 6); (g) Maintain safety and security — detect and prevent fraud, abuse, and security incidents; enforce our Terms of Service, including automated safeguards and human review of flagged material; (h) Comply with legal obligations — accounting, tax, sanctions screening, and responses to valid legal process; (i) Establish and defend legal claims.

Purposes we expressly exclude: we do not use Customer Content, prompts, or Outputs to train, fine-tune, or improve any machine-learning model (ours or a third party’s); we do not use your content for advertising or marketing without your separate written consent for identified content; and we do not build advertising profiles of you for third parties.

3. Brand Profiles and AI Processing

(a) Brand Profiles. What the Service learns about your brand — products, visual identity, preferences, campaign history — is stored within your workspace, associated only with your account or organization, used solely to provide the Service to you, and never merged into shared models or used for other customers. Brand Profiles are deletable (Section 9).

(b) AI generation. Generating content requires processing your Inputs through AI models operated by specialist AI-infrastructure providers. This processing is transient: content is transmitted for generation and results returned to your workspace. Our agreements require these providers not to retain your content beyond operational necessity and not to use it for training.

(c) Controller/processor roles. For account, billing, usage, and marketing data, Modio acts as controller. Where we process Customer Content within an organization’s workspace, we act as processor on the organization’s behalf under our Data Processing Addendum, available on request.

4. How We Share Information

We share personal information only as follows:

(a) Service providers (subprocessors), under written contracts limiting use to providing services to us, and — for any provider that touches Customer Content — prohibiting retention beyond operational need and any model training:

  • Category: Purpose

  • Payment processors (Stripe for web; Apple for iOS): Billing, subscription state, Credits

  • Subscription management: Cross-platform subscription state

  • AI generation infrastructure: Content generation (transient; no training)

  • Application backend, hosting & content delivery: Data storage, processing, delivery

  • Product analytics: Usage analytics

  • Email delivery: Transactional and consented marketing email

  • Advertising measurement (Meta Pixel/Conversions API; AppsFlyer mobile attribution): Measuring Modio’s own campaigns

  • Support tooling: Customer support

A current list of our subprocessors, including their names, is available on request under our Data Processing Addendum; business customers on a DPA may subscribe to change notifications.

(b) Platforms you connect, at your direction — e.g., publishing generated content to your Shopify store.

(c) Within your organization — workspace content and activity are visible to authorized members of your organization’s workspace under its admin’s control.

(d) Corporate transactions. If Modio is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. Any successor remains bound by this policy’s commitments — including the no-training and no-sale commitments — with respect to information collected under it, or we will provide notice and an opportunity to delete your data before a materially different policy applies.

(e) Legal and safety. We may disclose information where required by law or valid legal process, or where necessary to protect the rights, property, or safety of Modio, our users, or the public. We review each request, narrow overbroad requests where we can, and notify affected users where legally permitted.

(f) Aggregated or de-identified information that cannot reasonably identify you (e.g., feature-usage statistics) may be used and shared for any lawful purpose. De-identified data never includes your Customer Content or Outputs.

We do not sell personal information, and we do not share it for cross-context behavioral advertising, except that our web and app surfaces use standard advertising-measurement technologies you can control (Sections 6 and 11).

5. Content Visibility

Your Customer Content, prompts, Brand Profiles, and Outputs are private by default. They are not visible to other Modio customers, not published to any public gallery or feed, and not indexable by search engines. Content leaves your workspace only when you publish, export, or share it through features under your control. Modio personnel access workspace content only for support at your request, security investigation, legal compliance, or review of material flagged under our Terms.

6. Cookies, Analytics, and Advertising Measurement

(a) Essential cookies — authentication, security, load balancing. Always active. (b) Analytics — product analytics to understand feature usage and improve the Service. (c) Advertising measurement — we use measurement technologies to measure the performance of Modio’s own advertising: on our public web surfaces (e.g., Meta Pixel and Conversions API) and in our mobile app (Meta and AppsFlyer SDKs, plus server-side conversion events for sign-ups and purchases). On iOS, app-side measurement that would track you across other companies’ apps and websites runs only if you allow it at the App Tracking Transparency prompt. These technologies never receive your Customer Content or Outputs. (d) Consent and controls. Where the law requires consent for non-essential cookies or similar technologies, we request it before they are used. You can control cookies through your browser settings, and app-side measurement through your device settings (including the iOS tracking permission). To opt out of advertising measurement or exercise related rights, see Sections 9 and 11.

7. How We Transfer, Store, and Protect Information

(a) Storage locations. Information may be processed in the United States, the European Economic Area, and other countries where we or our subprocessors operate. (b) Transfer safeguards. Where personal information of EEA, UK, or Swiss residents is transferred to countries without an adequacy determination, we rely on the European Commission’s Standard Contractual Clauses and the UK/Swiss addenda, plus supplementary measures where appropriate. Copies of relevant safeguards are available on request. (c) Security. We maintain administrative, technical, and organizational measures appropriate to the risk, including encryption in transit (TLS) and at rest, workspace isolation, role-based and least-privilege access, audit logging, secrets management, and vendor security review. No method of transmission or storage is completely secure; we will notify you and applicable regulators of a personal-data breach as required by law, without undue delay. (d) Your responsibilities. Use a strong, unique password, protect your credentials, and manage member access to your organization’s workspace.

8. How Long We Keep Information
  • Data: Retention

  • Account and profile data: Life of the account; deleted within 30 days of account deletion

  • Customer Content, Brand Profiles, Outputs: Life of the account (so your workspace and history remain available); deleted within 30 days of content or account deletion

  • Encrypted backups: Age out within 90 days of deletion from active systems

  • Transaction and invoicing records: As required by tax and accounting law (typically 7–10 years)

  • Product analytics (identifiable): Maximum 24 months, then deleted or aggregated

  • Support correspondence: 24 months after resolution

  • Security and abuse logs: 12 months, longer where an investigation or legal obligation requires

Where deletion is requested, we may retain the minimum information necessary to comply with legal obligations, resolve disputes, and enforce agreements, and will isolate it from other use.

9. Your Choices and Rights

(a) Access, export, correction, deletion. You can access and edit account information, download your Customer Content and Outputs, and delete individual content, Brand Profiles, or your entire account from within the Service — or request any of these at privacy@themodio.com. (b) Marketing opt-out. Use the unsubscribe link in any marketing email, or email privacy@themodio.com. Service and billing notices continue while you hold an account. (c) Cookie controls. Section 6(d). (d) Depending on your jurisdiction, you may have rights to: access/know, correction, deletion, portability, restriction of or objection to processing, withdrawal of consent (without affecting prior processing), opting out of sale/sharing/targeted advertising, and non-discrimination for exercising rights. Jurisdiction-specific detail is in Sections 10 and 11. (e) How we respond. We verify requests using your account email (or equivalent evidence), respond within one month (GDPR) or 45 days (U.S. state laws), each extendable once where the law allows with notice to you, and we will explain any refusal and your right to appeal or complain. Authorized agents may act for you with documented authority.

10. Additional Information for Users in Europe (EEA, UK, Switzerland)

(a) Controller. Modio AI, Inc., c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, United States.

(b) Legal bases.

  • Processing: Legal basis

  • Providing the Service, workspaces, generation, Credits, support: Performance of a contract (Art. 6(1)(b))

  • Billing, tax, accounting, legal process: Legal obligation (Art. 6(1)(c))

  • Service analytics, security and abuse prevention, own-service marketing to existing customers, corporate transactions: Legitimate interests (Art. 6(1)(f)) — balanced against your rights; details on request

  • Non-essential cookies, marketing to prospects, optional testimonials/showcases: Consent (Art. 6(1)(a)) — withdrawable at any time

(c) Your GDPR rights — access, rectification, erasure, restriction, portability, objection (including to direct marketing, which we honor absolutely), and withdrawal of consent — exercisable per Section 9. You also have the right to lodge a complaint with your supervisory authority, though we would welcome the chance to address concerns first at privacy@themodio.com.

(d) Automated decision-making. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Content-safety systems that flag material are subject to human review and appeal (Terms of Service, Section 10).

11. Additional Information for Users in the United States

(a) Categories of personal information (as defined by the CCPA/CPRA and similar state laws) collected in the last 12 months: identifiers (name, email, IP); commercial information (transactions, subscriptions); internet/network activity (usage and device data); approximate geolocation (from IP); audio/visual information (only as contained in Customer Content you provide); professional information (company, role); and inferences limited to product personalization for your brand. Sources, purposes, and recipients are as described in Sections 1, 2, and 4.

(b) No sale; no sharing. We do not sell personal information and have not done so in the preceding 12 months. We do not “share” personal information for cross-context behavioral advertising, except advertising-measurement technologies on our web and app surfaces, which you can control as described in Section 6(d). We have no actual knowledge of selling or sharing personal information of consumers under 16.

(c) Sensitive personal information is neither sought nor used to infer characteristics; account credentials are used only for authentication.

(d) Your state-law rights — know/access, delete, correct, portability, opt out of sale/sharing/targeted advertising, limit use of sensitive information (not applicable given (c)), appeal, and non-discrimination — exercisable per Section 9 or at privacy@themodio.com. If we deny a request, you may appeal by replying to our decision; where required, we will inform you of your ability to contact your state attorney general.

12. Children

The Service is a business tool for adults. It is not directed to, and may not be used by, anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided personal information, contact privacy@themodio.com and we will delete it.

13. Third-Party Websites and Services

The Service links to and interoperates with third-party sites and services (including platforms you connect). Their privacy practices are governed by their own policies, which we encourage you to review. This policy does not apply to them.

14. Changes to This Policy

We may update this policy. For material changes, we will provide at least fourteen (14) days’ advance notice by email and in-Service notice, with a summary of the changes. Material reductions in protection will not be applied retroactively to previously collected information — and no update will grant us training, publicity, or sale rights over content or data collected before the change. The “Last updated” date above reflects the current version; archived versions are available on request.

15. How to Contact Us

Modio AI, Inc. c/o Legalinc Corporate Services Inc. 131 Continental Dr, Suite 305 Newark, DE 19713, United States

  • Privacy requests and questions: privacy@themodio.com

  • General support: support@themodio.com

If you have an unresolved privacy concern that we have not addressed satisfactorily, you may contact your local data-protection authority (EEA/UK) or your state attorney general (U.S.).