Last Updated: January 15, 2025
Privacy at a Glance: We collect only the data necessary to provide custom AI development services. You retain full ownership of your data. We never sell or share your data with third parties. We implement enterprise-grade security measures and comply with GDPR, HIPAA, and other privacy regulations.

1. Information We Collect

1.1 Data You Provide to Us

We collect information when you:

  • Contact us: Name, email, phone number, company information
  • Place an order: Billing information, project requirements, business goals
  • Upload training data: Your datasets, documents, and files for AI model development
  • Use our services: API calls, usage patterns, performance feedback

1.2 Automatically Collected Information

Our website and services automatically collect:

  • Technical data: IP address, browser type, device information
  • Usage data: Pages visited, time spent, features used
  • Service data: API requests, response times, error logs
  • Analytics data: Aggregated usage statistics and performance metrics

1.3 Training Data Classification

Classification of data types, their purposes, retention periods, and user control options
Data Type Purpose Retention Your Control
Business Data AI model training Duration of service + 30 days Full ownership, export/delete anytime
Personal Data Account management, support Duration of relationship + 7 years Access, correct, delete
Usage Data Service improvement 24 months (anonymized) Opt‐out available
Payment Data Billing, compliance 7 years (legal requirement) Access, correct (delete restricted)

2. How We Use Your Information

2.1 Primary Purposes

  • Service delivery: Developing, training, and deploying your custom AI models
  • Account management: Managing your account, billing, and customer support
  • Communication: Project updates, technical support, service notifications
  • Compliance: Meeting legal, regulatory, and contractual obligations

2.2 Service Improvement

Anonymized Data Only: We may use anonymized, aggregated data to improve our services, develop new features, and enhance AI development methodologies. This data cannot be traced back to you or your organization.

2.3 What We DON'T Do

We Never:

  • Sell your data to third parties
  • Use your data to train AI models for other clients
  • Share your business data with competitors
  • Use your data for advertising or marketing to others
  • Train general AI models using your proprietary data

3. Data Security and Protection

3.1 Technical Safeguards

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access controls: Role-based access, multi-factor authentication, least privilege principle
  • Network security: Firewalls, intrusion detection, VPNs, and secure cloud infrastructure
  • Data isolation: Each client’s data is logically and physically separated
  • Backup security: Encrypted backups with access controls and retention policies

3.2 Compliance Certifications

Security Standards We Meet:

  • SOC 2 Type II: Annual audits of security, availability, and confidentiality controls
  • ISO 27001: Information security management system certification
  • GDPR Compliance: Full compliance with European data protection regulations
  • HIPAA Ready: Healthcare data protection capabilities (Enterprise plans)
  • PCI DSS: Payment card data security standards

3.3 Incident Response

In the unlikely event of a security incident:

  • We will notify you within 24 hours of discovery
  • We provide detailed incident reports and remediation plans
  • We work with you to minimize any potential impact
  • We conduct thorough post‐incident reviews and improvements

4. Data Sharing and Disclosure

4.1 Service Providers

We may share limited data with trusted service providers who help us deliver our services:

  • Cloud hosting providers: AWS, Google Cloud (with data processing agreements)
  • Payment processors: Stripe (for payment processing only)
  • Communication tools: Email and support platforms (encrypted)
  • Security providers: Monitoring and security services (anonymized data only)

4.2 Legal Requirements

We may disclose information when required by law or to:

  • Comply with valid legal processes (court orders, subpoenas)
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Enforce our Terms of Service

4.3 Business Transfers

If Modly.ai is involved in a merger, acquisition, or sale, your data may be transferred. We will notify you and ensure the new entity honors this Privacy Policy.

5. Your Data Rights

5.1 Access and Control

You have the right to:

  • Access: Request copies of all personal data we hold about you
  • Correct: Update or correct inaccurate information
  • Delete: Request deletion of your personal data (subject to legal requirements)
  • Export: Receive your data in a portable format
  • Restrict: Limit how we process your data

5.2 Data Portability

Your Data, Your Choice: You can export your training data and AI models at any time. We provide standard formats and assist with migration to other platforms if you choose to leave our service.

5.3 Exercising Your Rights

To exercise any of these rights:

  • Email us at privacy@modly.ai
  • Include your account information and specific request
  • We will respond within 30 days
  • Some requests may require identity verification

6. International Data Transfers

6.1 Data Locations

Your data is primarily processed in:

  • United States: Primary data centers and processing
  • European Union: For EU clients requiring data residency
  • Regional data centers: For performance and compliance requirements

6.2 Transfer Protections

When data crosses borders, we ensure protection through:

  • Standard Contractual Clauses (SCCs) for EU transfers
  • Data Processing Agreements with all service providers
  • Encryption during transit and storage
  • Regular compliance audits

7. Data Retention

7.1 Retention Periods

  • Training data: Duration of service + 30 days for transition
  • AI models: Duration of service + ability to export
  • Account data: Duration of relationship + 7 years
  • Usage logs: 24 months (anonymized after 12 months)
  • Financial records: 7 years (legal requirement)

7.2 Secure Deletion

When data is deleted:

  • We use secure deletion methods that make data unrecoverable
  • Backups are purged according to retention schedules
  • We provide deletion certificates upon request
  • Cloud storage providers confirm secure deletion

8. Cookies and Tracking

8.1 Website Cookies

We use cookies for:

  • Essential functions: Login, security, basic functionality
  • Analytics: Understanding website usage (Google Analytics)
  • Preferences: Remembering your settings and choices

8.2 Third-Party Services

Our website may include:

  • Google Analytics: Website usage statistics (anonymized)
  • Stripe: Payment processing (with their privacy policy)
  • Email services: For communication and support

9. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect personal information from children. If we discover we have collected such information, we will delete it promptly.

10. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

  • Right to know: What personal information we collect and how we use it
  • Right to delete: Request deletion of personal information
  • Right to opt‐out: Of the sale of personal information (we don't sell data)
  • Non‐discrimination: We won't discriminate for exercising these rights

11. Updates to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our services or business practices
  • New legal requirements or regulations
  • Enhanced security measures or protections
  • Customer feedback and best practices

Notice of Changes: We will notify you of significant changes via email at least 30 days before they take effect. Continued use of our services after changes constitute acceptance of the updated policy.

12. Contact Information

Data Protection Officer

Email: privacy@modly.ai

Phone: +1-555-MODLY-AI

Address: Modly.ai LLC, Ohio, United States

Response Time: We respond to privacy requests within 30 days

Questions or Concerns? We’re committed to transparency and protecting your privacy. Don’t hesitate to contact us with any questions about how we handle your data or to exercise any of your privacy rights.