Privacy Policy

This Policy applies to Modo and any related pages, dashboards, application features, API routes, subscription flows, and account tools that link to it. “Modo,” “we,” “us,” and “our” refer to the operator of the Modo service. “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an individual or household.

Modo is designed as a structured learning platform, not a general-purpose chatbot. Users enter a learning topic and preferences; Modo creates and saves a course that can be viewed later from the database without regenerating the course solely because it is opened.

The information we collect depends on how you use Modo, whether you create an account, whether you generate courses, and whether you subscribe to a paid plan. We aim to collect information that is reasonably necessary and proportionate for the purposes described in this Policy.

Modo is not intended to receive highly sensitive personal information as course topics, prompts, lesson feedback, quiz answers, or flashcard content. Do not submit Social Security numbers, government IDs, payment card numbers, bank credentials, passwords, health records, legal secrets, confidential business information, or information about another person unless you have the right to provide it.

If you choose to enter sensitive information into a course topic or learning prompt, Modo may process it as part of the requested feature. We may delete, restrict, or refuse to process content that creates legal, safety, security, or abuse risks.

• Provide, operate, maintain, secure, and improve Modo.
• Authenticate users, maintain sessions, and protect accounts from unauthorized access.
• Generate, save, display, and personalize courses, lessons, quizzes, flashcards, quests, streaks, XP, and progress tracking.
• Apply plan limits, manage credits, process subscriptions, and provide access to paid features.
• Respond to support, privacy, billing, safety, and security requests.
• Detect, investigate, and prevent fraud, spam, abuse, excessive generation, security incidents, and violations of our terms.
• Analyze product performance, reliability, and learning outcomes using aggregated or limited internal data.
• Comply with legal obligations, enforce agreements, and protect the rights, safety, and integrity of Modo, users, and others.

Modo’s core feature is course generation. For the MVP, generation may run in mock mode. When live AI or search integrations are enabled, Modo may send your course topic, learning preferences, selected plan, relevant course context, and generated-content instructions to server-side AI, search, retrieval, or citation providers. The frontend should not receive provider secret keys or select final AI models directly.

We log AI usage metadata such as provider, model, generation stage, token estimates, estimated cost, status, and course ID to support abuse prevention, credit accounting, debugging, quality review, and spend limits. Viewing a saved course should read from Modo’s database and should not call an AI provider simply because you opened an existing course.

Generated educational content may be incomplete, outdated, or inaccurate. Modo is a learning aid and does not provide medical, legal, financial, safety, or other professional advice. You are responsible for evaluating generated content before relying on it.

If laws such as the GDPR or UK GDPR apply, our legal bases may include performance of a contract, legitimate interests, consent, and compliance with legal obligations. Examples include using account and learning information to provide the service, using security logs to protect accounts, using billing data to process subscriptions, and using consent where legally required for optional cookies or marketing.

Modo may use cookies, local storage, and similar technologies for authentication, session management, security, remembering preferences, subscription checkout, customer portal access, and basic service operation. Stripe, Supabase, Vercel, or other infrastructure providers may also use cookies or similar technologies when they provide their services.

If Modo later adds analytics, advertising, or optional tracking technologies, we will update this Policy and provide additional choices where required by law.

We do not sell personal information for money. We do not currently share personal information for cross-context behavioral advertising. We disclose personal information to service providers, processors, and other parties as described below.

Payments and subscriptions are processed by Stripe. Modo receives limited subscription and billing-status information from Stripe, such as customer ID, subscription ID, plan, status, invoice/payment status, current billing period, and cancellation state. Modo does not store full payment card numbers. Stripe may collect and process payment information according to its own terms and privacy practices.

We retain personal information for as long as reasonably necessary to provide Modo, maintain your account, save courses and progress, process subscriptions, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud and abuse, maintain security, and support backups and disaster recovery.

Course and learning data generally remains in your account until you delete it, request deletion, or the account is deleted, subject to legal, security, billing, and backup limitations. Billing and transaction records may be retained for tax, accounting, audit, fraud-prevention, and legal compliance. Security and AI usage logs may be retained as needed to investigate abuse, maintain reliability, enforce credits, and protect the service.

Depending on where you live, you may have rights under privacy laws such as state consumer privacy laws in the United States, the GDPR, the UK GDPR, or similar laws. These rights may include the ability to:

• Request access to personal information we maintain about you.
• Request correction of inaccurate personal information.
• Request deletion of personal information, subject to legal, security, billing, fraud-prevention, and backup-retention limits.
• Request a portable copy of certain account or learning information where required by law.
• Object to or restrict certain processing where applicable.
• Opt out of marketing communications if Modo sends them in the future.
• Appeal a denied privacy request where applicable law provides an appeal right.
• Use an authorized agent where applicable law allows it and verification requirements are met.

We may need to verify your identity before fulfilling a request. We will not discriminate against you for exercising privacy rights, but some features may not work if required information is deleted or restricted. To submit a request, contact the Support page.

This section supplements the rest of the Policy for residents of California and other U.S. states with comprehensive privacy laws. The categories of personal information we collect, the sources, purposes, and disclosures are described in Sections 2, 4, and 8 above. We do not knowingly sell personal information or share it for cross-context behavioral advertising. We do not use sensitive personal information to infer characteristics about you.

Where applicable, you may request to know, access, correct, delete, or obtain a copy of personal information; opt out of sale or sharing if those activities are introduced; limit certain uses of sensitive personal information; and appeal a denied request. If Modo later uses targeted advertising or data sharing that qualifies as “sale” or “sharing” under applicable law, we will update this Policy and provide required opt-out mechanisms.

Modo is not directed to children under 13 and should not be used by children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to Modo, contact the support contact listed on the Support page so we can review and delete the information where appropriate.

If Modo later offers school, family, classroom, or child-directed features, we will update this Policy and implement additional consent, notice, retention, and parental-rights procedures as required.

We use administrative, technical, and organizational safeguards designed to protect personal information. Modo is designed to keep secret keys server-side, use secure authentication flows, apply database row-level security policies, limit access to user-specific data, verify Stripe webhook signatures, and restrict sensitive operations to server-side routes.

No website, application, database, or transmission method is completely secure. You should use a strong password, keep account credentials confidential, and avoid entering sensitive information into course topics or prompts.

Modo and its service providers may process personal information in the United States and other countries where we or our providers operate. These countries may have privacy laws that differ from those in your jurisdiction. Where required, we rely on appropriate safeguards for international transfers.

Modo uses automated systems to generate educational content, calculate progress, enforce plan limits, track credits, recommend review, and detect abuse. Modo does not use automated processing to make legal, employment, credit, housing, insurance, or similarly significant decisions about users.

We may update this Policy from time to time. If changes are material, we will take reasonable steps to notify users, such as updating the effective date, posting a notice, or providing an in-product or email notice where appropriate. Your continued use of Modo after an update means the updated Policy applies to information processed after the effective date, subject to applicable law.

For privacy requests, account questions, or concerns about this Policy, contact Modo Support. If you operate Modo through a legal entity, ensure your legal entity name, mailing address, and privacy contact are also made available before accepting real users.