Last Updated: July 1, 2025

1. Scope and Overview

This Privacy Policy explains how Modlific LLC ("Modlific," "we," "us," or "our") collects, uses, shares, and safeguards personal data when you visit or use our websites, web applications, mobile applications, application‑programming interfaces (APIs), or any related services (collectively, the "Service"). It also describes your privacy rights and how to exercise them.

2. Information We Collect

Identifiers and contact data. Name, postal address, telephone number, email address, unique account ID, IP address.
Account credentials. User‑name and hashed password.
Profile data you choose to add. Avatar, biography, links, preferences.
Commercial data. Subscription tier, purchase history, payment status.
Internet or electronic activity. Pages viewed, actions taken, click‑stream, feature usage, referring URLs, timestamps, cookies.
Device & log data. Browser type, operating system, device identifiers, language, crash logs.
Inferences. Segments or scores derived from the above to customise the Service.
Sensitive data. Only if you voluntarily provide it (e.g., precise geolocation, biometric identifiers)—collected with express opt‑in consent where required.

3. Legal Bases for Processing (GDPR / UK GDPR)

We rely on: (i) contractual necessity; (ii) legitimate interests such as security and analytics that are not overridden by your rights; (iii) your consent for marketing and optional cookies; and (iv) compliance with legal obligations.

4. How We Use Information

We use personal data to:

Provide, operate, maintain, and improve the Service;
Authenticate users and process transactions;
Send invoices, technical notices, security alerts, and support messages;
Analyse usage to enhance features and prevent fraud;
Market new features or offers (you may opt out); and
Comply with law and enforce our Terms of Service.

5. Information Sharing

We disclose personal data only:

To vetted processors such as hosting, payment, and analytics providers bound by confidentiality and data‑processing agreements;
To comply with lawful requests, court orders, or to defend legal rights and safety;
In connection with a merger, acquisition, financing, or asset sale; and
With your express consent.

6. Data Retention

We keep personal data only as long as needed for the purposes in Section 4, to resolve disputes, enforce agreements, or meet legal obligations. Deleted accounts are purged from active systems within 30 days; encrypted backups expire in rolling 90‑day cycles. Typical retention periods include: account records—life of the account + 2 years; analytics logs—up to 24 months; purchase records—7 years for tax compliance.

7. Your Privacy Rights

7.1 Global rights

You can request access, correction, deletion, restriction, portability, or withdrawal of consent at any time.

7.2 U.S. state‑specific rights

Residents of CA, CO, CT, DE, IA, MD, MN, MT, NE, NH, NJ, OR (non‑profits), TN, TX, UT, VA may also:

Opt out of "sale," "sharing," or targeted advertising;
Limit the use of sensitive personal data;
Appeal a refusal within 45 days (Utah: 45 days; others: 60 days).

Exercise these rights via Your Privacy Choices at https://modlific.com/privacy‑choices or email privacy@modlific.com.

7.3 Notice at collection for California residents (CPRA)

We list the categories, purposes, and retention periods above. We do not sell or share personal data as those terms are defined by the CPRA.

8. Cookies & Tracking Technologies

We use first‑ and third‑party cookies, local storage, pixels, and similar technologies to keep you signed in, remember preferences, measure traffic, and personalise content. A banner at first visit lets you accept, reject, or configure categories (essential, functional, analytics, marketing). We honour Global Privacy Control and Do Not Track signals where technically feasible. Details are provided in our separate Cookie Policy.

9. Children's Privacy (COPPA)

The Service is not directed to children under 13. We do not knowingly collect personal data from them. If you believe a child has provided data, contact us and we will delete it promptly.

10. Data Security

We use TLS 1.3 encryption in transit, AES‑256 encryption at rest, principle‑of‑least‑privilege access controls, routine penetration testing, and third‑party security audits.

11. Breach Notification

We maintain an incident‑response program and will notify affected individuals and regulators within 72 hours of confirming a notifiable breach, unless a shorter period is required by law.

12. International Transfers

If you access the Service from outside the United States, your data may be transferred to, stored, or processed in the United States or other jurisdictions. We rely on Standard Contractual Clauses and comparable safeguards where required.

13. Representative & Data Protection Officer

EU / EEA Representative: DataRep, Platz der Einheit 2, 60327 Frankfurt am Main, Germany, modlific@datarep.com
UK Representative: DataRep, 30 Moorgate, London EC2R 6DA, United Kingdom, modlific@datarep.com
Data Protection Officer: dpo@modlific.com

14. Accessibility & Alternate Formats

We strive to make this Policy accessible. Contact us for large‑print, Braille, or audio versions, or call +1‑801‑555‑0123 for assistance.

15. Changes to This Policy

We may update this Policy periodically. Material changes will be announced by email or in‑app notice at least 30 days before they take effect.

16. Contact Us

privacy@modlific.com | Modlific LLC, 3366 W 750 N, Lehi, UT 84043, USA