Privacy Policy

ModlOS ("we," "us," or "our") operates the ModlOS platform (the "Platform"), a financial reporting and business management software-as-a-service application. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Platform, website, and related services (collectively, the "Services"). By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Services.

Account Information: When you create an account, we collect your name, email address, password (stored in hashed form), and firm/organization name. Financial Data: When you connect accounting software (such as QuickBooks Online or Xero), we access and store financial data including chart of accounts, profit and loss statements, balance sheets, cash flow statements, accounts receivable, and accounts payable data. This data is used solely to provide our reporting and analysis services. Usage Data: We collect information about how you interact with our Platform, including pages visited, features used, and actions taken. This helps us improve our Services. Payment Information: If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card number or bank account details. We receive and store your Stripe customer ID and subscription status. Communications: If you contact us for support or provide feedback, we collect the content of those communications.

We use the information we collect to: • Provide, maintain, and improve our Platform and Services • Generate financial reports, dashboards, and analyses for your accounts • Process transactions and manage your subscription • Send you service-related communications, including monthly financial reports • Respond to your requests, comments, or questions • Monitor and analyze usage patterns and trends • Protect against, identify, and prevent fraud and other security issues • Comply with legal obligations

When you connect third-party accounting software (QuickBooks Online, Xero), we access your financial data through their APIs using OAuth 2.0 authorization. We only request read-only access to financial reports and account data necessary to provide our Services. We do not sell, rent, or trade financial data obtained through third-party integrations. We do not use this data to train, fine-tune, adapt, or enhance any artificial intelligence or machine learning models. Your financial data is used exclusively to generate reports and analyses within our Platform for your benefit. You can revoke our access to your accounting software at any time through the third party's settings or through our Platform's Data Import page.

We implement industry-standard security measures to protect your personal and financial data, including: • AES-256 encryption for OAuth tokens and sensitive credentials • HTTPS/TLS encryption for all data in transit • Secure password hashing using bcrypt • Role-based access controls and company-level data isolation • Regular security reviews and updates Your data is stored on secure servers provided by Supabase (PostgreSQL database) and Vercel (application hosting), both of which maintain SOC 2 compliance. Generated report PDFs are stored in Supabase Storage with firm-level access isolation.

We do not sell your personal information. We may share your information only in the following circumstances: Service Providers: We use third-party services to help operate our Platform, including Supabase (database hosting), Vercel (application hosting), Stripe (payment processing), and Resend (email delivery). These providers only have access to your information as necessary to perform their services and are bound by contractual obligations to protect your data. Within Your Firm: Other users within your firm or organization may access shared data (such as financial reports, dashboards, and company data) based on their assigned role and permissions. Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request. Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We retain your personal and financial data for as long as your account is active or as needed to provide you Services. If you close your account, we will delete or anonymize your data within 90 days, except where we are required to retain it for legal or compliance purposes. Generated reports and financial data synced from third-party integrations are retained as long as your account is active.

Depending on your jurisdiction, you may have the following rights regarding your personal data: • Access: Request a copy of the personal data we hold about you • Correction: Request correction of inaccurate personal data • Deletion: Request deletion of your personal data • Portability: Request a copy of your data in a portable format • Objection: Object to certain processing of your personal data • Revocation: Revoke consent for data processing where applicable To exercise any of these rights, please contact us at the information provided below.

We use essential cookies to maintain your authentication session and remember your preferences. We do not use advertising cookies or third-party tracking cookies. We do not serve advertisements on our Platform.

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Effective Date" at the top. We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy or our data practices, please contact us at: ModlOS Email: privacy@modlos.io Website: https://modlos.io