Privacy Policy

This Privacy and Cookies Policy (“policy”) describes Modash's commitment to protecting your personal data and respecting your privacy. This policy applies to our customers (including those on free trials), subscribers, website visitors, and applicants (hereinafter referred to as “you”, “your” and “yours”).

The following statements describe who we are, which types of personal data we collect when you use our services, visit our websites, communicate with Modash, and/or apply for a job at Modash, what happens with this personal data, and how you can object to this processing, where applicable. All collection, processing, and use of personal data (“processing”) by Modash is exclusively for the purposes of providing and optimising the Modash services (“services”), monitoring the function and performance of our websites, supporting our business operations, complying with legal and regulatory obligations, providing customer service, and marketing our services. The services have been designed with the goal of collecting as little personal data as possible to function.

Except as otherwise provided herein, for the purposes of this policy and data protection laws, namely the General Data Protection Regulation (GDPR) (EU) 2016/679 (“GDPR”), we are the data controller, meaning we determine the purpose and means of processing, of your personal data. If you have questions about our processing of personal data, you will find our contact information and the contact details below.

There may be situations when more than one data controller processes your information, such as when you access the Modash website through a widget. In these situations, we act as an independent data controller over our processing activities and make determinations over how data will be processed independently from other data controllers. We are not responsible for the processing of other data controllers, including customers, and you should contact them directly regarding questions about how they process your personal data. If you have questions about our processing of personal data, you will find our contact information and the contact details for our Data Protection Officer in the section below.

Controller

The controller, sometimes referred to as the responsible entity, according to Art. 4 Nr. 7 of the GDPR is:
Modash OÜ based in Tallinn, Estonia.

Definitions

When we refer to “personal data,” we mean all particulars related to an identified or identifiable natural person (“data subject”).

When we refer to Modash, “we” or “us”, we mean Modash OÜ. All customers are billed through this entity. When we refer to “our website(s)” and/or “Modash websites,” we mean any website owned and / or operated by Modash, especially https://modash.io

When we refer to “Modash application,” we mean Modash’s product hosted https://marketer.modash.io

Data Protection Principles

The GDPR sets out the principles which must be complied with by any party handling personal data. Modash will comply with these principles, as detailed in Article 5 of the GDPR;

Processed lawfully, fairly, and in a transparent manner in relation to the data subject;

Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes subject to appropriate safeguards, and provided that there is no risk of breaching the privacy of the data subject;

Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;

Accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;

Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by GDPR in order to safeguard the rights and freedoms of the data subject;

Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;

Article 5(2) states that the controller is responsible for and must be able to demonstrate compliance with the data protection principles

Accountability

The GDPR obliges organizations to demonstrate that their processing activities are compliant with the data protection principles. The principle of accountability seeks to guarantee the enforcement of these principles. We will demonstrate compliance in the following ways:

- by maintaining a record which will include details on Personal Data collected, held, or processed in line with Article 30 – ‘Records of Processing Activities’;

- upon request, these records will be disclosed to the relevant lead authority in the applicable jurisdiction.

Legal Basis for Processing Personal Data

In order to process personal data, a lawful ground must exist. A number of permitted grounds for processing are enumerated in Article 6 of the GDPR.

One ground for the processing of personal data is Article 6, Paragraph 1(a) of the GDPR, which is the freely given consent of the data subject to do so. This consent is bound to a particular purpose. For example, we may collect personal data such as your name and email address when you subscribe to our newsletter.

A second ground for the processing of personal data is to fulfill the requirements of a contract, as specified in Article 6, Paragraph 1(b) of the GDPR. Performance of contract is understood to include the initiation of a commercial relationship. This ground applies to Modash when a user completes our contact form or contacts our Customer Success or Sales team using any other means to obtain a non-binding quotation.

Article 6, Paragraph 1(c) of the GDPR permits the processing of personal data where a legal requirement to do so exists.

Article 6, paragraph 1(d) permits the processing of personal data in exceptional circumstances, where doing so is necessary to protect the vital interests of the data subject.

It is also possible that personal data will be processed on the basis of Article 6, paragraph 1(f) of the GDPR. This is the so-called “legitimate interests” ground, which is interpreted with reference to Recital 47 of the GDPR. The GDPR treats this as a “fallback ground”, which only applies where no other previously listed lawful ground for processing applies. When this ground is relied upon, an assessment must carefully weigh the legitimate interests of the data subject against the legitimate interests of the data controller.

What Personal Data We Collect

Unless expressly stated, the provision of your personal data is not required or obligatory. The personal data that we collect about you broadly falls into the categories set out below. Some of this information you provide voluntarily when you interact with Modash services, websites, and/or application. Other types of information may be collected automatically from your device, such as Device and Service Data. From time to time, we may also receive personal data about you from third party service providers (as further described below).

Category of personal data
What this can include
Third Party Service Providers that may process this data (see more detailed information in section below entitled Third Party Service Providers)
Account Data
Name, email address, company name, unique identifier (such as customer ID), mailing address, department, role, and details about subscriptions and services you have purchased from Modash, including subscription or plan name, sign up date
Amplitude, Apollo, Atlassian, Aurinko, AWS, Chartmogul, Customer.io, Debounce, Google reCaptcha, Google Workspace, Intercom, Calendly, Pipedrive, Segment, Slack, Stripe, Vitally, Webflow, Zapier
Activity Data
Requested URI, date and time of request, amount of data transferred to you in response, whether the request was successfully processed or not, referring website from which you made the request, navigation paths between pages, query string, usage data, pages viewed, links clicked, and interaction and duration data
Amplitude, AWS, Fullstory, Google Analytics, Intercom, Microsoft Clarity, Pipedrive, Segment, Vitally, Webflow, Zapier
Billing Data
Billing address and payment history
Stripe
Communications Data
If you correspond with us by email or otherwise, we may retain the content of such messages and our responses
AWS, Aurinko, Customer.io, Beehiiv, Google Workspace, Intercom, Loom, Calendly, Pipedrive, Slack, Vitally, Webflow, Zapier
Contact Data
Name, email address, mailing address, telephone number, department, role, company name
AWS, Amplitude, Aurinko, Beehiiv, Calendly, Webflow, Chartmogul, Pipedrive, Stripe, Customer.io, Segment, Debounce, Zapier, Google reCaptcha, Google Workspace, Intercom, Slack, Atlassian, Apollo, Vitally
Cookie Data
Data from trackers like cookies, pixels, clear GIFs, and/or web widgets stored on your device, including cookie IDs and settings. For more details, see the section entitled Use of Cookies below.
Amplitude, AWS, Google Analytics, Google reCaptcha, Microsoft Clarity, Intercom, Stripe, YouTube
Device and Service Data
Internet protocol (IP) address, geolocation data, unique identifier, login data, date and time of access, name of your Internet Service Provider, browser type and version, time zone setting, operating system and platform and other technology on the devices you use to access our websites or use our services
Amplitude, AWS, Debounce, Fullstory, Google Analytics, Google reCaptcha, Microsoft Clarity, Intercom, Calendly, Segment, Webflow
Financial Data
Bank account and/or payment card details
Stripe
Professional Data
Educational and professional history, certifications, interests and accomplishments, job and salary preferences, professional resumes and CVs, job applications, interviewing information, assessments, references, hiring results, and other optional data you send
Google Workspace, Angellist, LinkedIn
Sensitive Data
Modash does not intentionally collect any sensitive data, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning sexual life or orientation, except with specific consent or as necessary for compliance purposes.
Any sensitive data that might be included in official profiles of Creators is stores in our core infrastructure services hosted on AWS or Webflow.

Use of Cookies

In addition to the previously listed data, cookies will be saved on your computer when you use our website. Cookies are small pieces of textual data which are saved on your hard disk by your web browser, through which Modash, who sets the cookie’s contents, can collect certain information about you. Cookies cannot execute any code, nor transfer any viruses to your computer. We use them in order to anonymously or pseudonymously analyse the use of the website and present relevant offers to you.

This website uses the following types of cookies, whose scope and functionality is detailed in the following paragraphs.

transient cookies (see paragraph 1)

persistent cookies (see paragraph 2)

Transient cookies are automatically deleted when you close your browser. They are used particularly as session cookies. These save a so-called “session ID” which is used to link subsequent requests made by your browser to each other. Through this, your computer can be recognized when you return to our website. These session cookies are deleted, when you log out, or close your browser.

Persistent cookies are only deleted after a predetermined duration, which can be different for each cookie. You can delete these persistent cookies anytime, though, in the “Settings” configuration of your browser. We advise you that, if you do so, not all functionality of this website will be available.

Previously set cookies can be deleted through the settings of your browser. You may also be able to prevent the placement of some cookies on your computer through the relevant settings of your internet browser. We advise you that preventing the placement of cookies on your computer can mean that not all functionality of our website is available without limitations. Moreover, due to a lack of industry standard for recognizing Do Not Track browser signals, it’s possible that third party service providers may continue to collect your personal data through cookies.

Click here to view our cookie declaration.

How We Use Your Personal Data

We may collect personal data about our customers users, subscribers, website visitors, and applicants in the following situations for the purposes listed (to the extent applicable):

Modash Websites

When you visit our websites, our server temporarily saves details of your access in its logs. These logs contain the following personal data, which are kept until their automatic deletion:

- Device and Service Data
- Activity Data

The purpose of recording this personal data is to make it possible to serve the website to you (by establishing a TCP/IP connection), to secure our servers, and for the technical administration of our infrastructure as well as the optimisation of our services. Only in the case of unauthorised access or attacks on our infrastructure will your IP address be analysed. No further information is required from you to access our website, though Cookie Data may be processed in accordance with your selections on our website. See the section below entitled Use of Cookies for more details.

Website Registration

To register on our website, you must enter your details in the “Sign Up” form. These details are processed solely for registration, and not passed to any third parties unless Modash has a lawful basis to do so.

- Contact Data

In accordance with your cookie selections, and to prevent any potential misuse, we may also process:

- Cookie Data
- Device and Service Data

During or after the registration, you are free to alter your personal data. It is also possible to completely cancel your registration, so that personal data is deleted.

Modash Application

When you trial or subscribe to and use the Modash application, you provide the following data, which is kept until you (1) request its deletion (which may render some services or functions unavailable), (2) unsubscribe and request deletion, or 3) unsubscribe and a set period of time elapses, in accordance with our data retention policy:

- Contact Data
- Account Data
- Billing Data
- Communications Data
- Cookie Data
- Device and Service Data
- Activity Data

The purpose of processing this data is to provide, maintain, promote, and optimize services, communicate with you, process payments, monitor and analyze trends and usage, prevent misuse, personalize our websites and services, and for other purposes for which we obtain your consent.

Newsletter Subscriptions

When you subscribe to our newsletter, you provide the following data, which is kept until you unsubscribe from the newsletter:

- Your email address

The purpose of processing this data is to send newsworthy updates to our subscribers. Please note that you will continue to receive legal notices and other important account information after you unsubscribe from our newsletter.

Marketing Communications

When you download gated content from us, or otherwise provide us with a means of contacting you, we may use it to communicate with you. For example, we may send you product updates, information about webinars and podcasts, promotional offers, industry news, or other communications about your use of the services. We may receive confirmation when you open a message from us, which helps us make our communications more interesting and improve our services. If you do not want to receive marketing communications from us, please indicate your preference by using the unsubscribe mechanism provided by the communication. Please note, however, that you will continue to receive legal notices and other important account information after you unsubscribe from our marketing list. When you request gated content from us, you provide the following data, which is kept until you unsubscribe:

- Your email address

The purpose of processing this data is to send marketing updates, promotional offers, and other communications, as well as to improve our services.

Job Applications and Employment

It is possible to apply for jobs at Modash through our online application system hosted by Webflow (see details below). When you do so, we will process the personal data you send us, and save it to continue the application process.

If the application leads to an employment relationship, the supplied personal data will be retained, according to the requirements of relevant law. Should the application not lead to an offer of employment, the personal data of the applicant will be deleted in accordance with our data retention policy.

The following personal data may be processed to advertise open positions, recruit and communicate with candidates, source and select applicants for open positions, and communicate offers:

- Contact Data
- Professional Data
- Communications Data

Securing Your Data

To secure your data, we have put in place technical, organizational, and personnel procedural measures to safeguard personal data against loss, theft, and unauthorised access, uses, or modifications. These measures meet the requirements of the GDPR, and we require any third party service providers we use to do the same. Security and testing are performed on systems containing personal data to verify and control effectiveness. Security of these systems is monitored continuously.

Your data is only ever saved on secure servers, which may only be accessed by a few authorized personnel. When you use a form on our website to transmit data to us, this transmission is only performed over an encrypted TLS connection.

Deletion of Personal Data

Unless you specifically ask us to delete your personal data, Modash keeps and processes personal data for as long as it is necessary to comply with our data retention requirements, provide you with services, and successfully run our business. However, even if you request a deletion, we may be required to retain your data for as long as necessary to:

1. comply with our legal or regulatory compliance needs (e.g. maintaining records of transactions you have made with us);
2. to exercise, establish or defend legal claims;
3. and/or to protect against fraudulent or abusive activity on our service.

When the purpose of the processing has been fulfilled, your personal data will be deleted in accordance with our data retention policy, unless we are required to retain it. There may be occasions where we are unable to fully delete, anonymize, or de-identify your information due to technical, legal, regulatory compliance, or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your personal data from any further processing until such time as we are able to delete, anonymize, or de-identify it.

Your Rights

You have the following rights concerning your personal data:

- The right to access your personal data
- The right to correct or delete your personal data
- The right to restrict processing of your personal data
- The right to object to the processing of your personal data
- The right to data portability
- The right to confirm whether your personal data is being processed or not
- The right to withdraw consent at any time where processing is based on consent
- The right to information on the existence of automated decision-making, if any, as well as meaningful information about the logic involved, its significance, and its envisaged consequences
- The right to lodge a complaint with a supervisory authority

If you have given your consent to the processing of your personal data, you can freely withdraw this consent at any time. This will only affect the processing of your personal data after you have withdrawn consent.

Please note that even if you request your personal information to be deleted, certain data may be retained for us to meet our legal or regulatory compliance, exercise, establish, or defend against legal claims, and protect against fraudulent or abusive activity. Personal data retained for these purposes will be handled as described in the section above, entitled Deletion of Personal Data.

Should we continue to process your personal data because we assess our legitimate interests to do so outweigh your legitimate interests (per Article 6, paragraph 1(f) of the GDPR) you may object to this processing. This is only applicable in the case where the processing of personal data is not required for us to fulfill a contract with you. To exercise such an objection, we request that you detail the grounds based on which we should no longer process your personal data. We will check the details of your circumstances based on the grounds you provide, and either stop processing your personal data, or detail to you the legal basis on which we continue to process your personal data.

How you can exercise your rights

Should you wish to exercise any of these rights, you will need to provide proof of identification that you are the person to whom the personal data relates. When you exercise your right to access, the information you will receive includes the personal data we have related to you, the source of that personal data, the recipients or types of recipients to whom the data was transferred, how long the personal data will be stored, and the purposes for data processing. To exercise any of these rights, please contact us by email: privacy@modash.io

California Residents

If you are a consumer located in California, we process your personal data in accordance with the California Consumer Privacy Act (CCPA). Any references to personal data in this policy will also mean “personal information” as that term is defined in the CCPA.

How We Collect, Use, and Disclose your Personal Information

The section above entitled What Personal Data We Collect describes the personal data we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the section above entitled How We Use Your Personal Data. We share this information as described in the section above entitled Third Party Service Providers. Modash uses cookies, including advertising cookies, as described in the section above, entitled Use of Cookies.

Your CCPA Rights and How to Exercise Them

As a California consumer and subject to certain limitations under the CCPA, you have rights regarding your privacy, and corresponding choices regarding our use and disclosure of your personal information. Below you will find details about your rights and how to exercise them.

Right to know: You may request the following information about the personal information we have collected about you:

- the categories of personal information we have collected
- the categories of sources from which we collected the personal information
- the business or commercial purpose for collecting the personal information
- the categories of third parties with whom we shared the personal information
- the categories of personal information that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose

Right to delete: You may request that we delete the personal information we have collected about you, subject to certain limitations under applicable law.

Right to opt-out: You may request to opt out of any “sale” of your personal information that may take place. We do not sell your personal information in the conventional sense. However, like many companies, we use advertising services that tailor online ads to your interests based on information collected via cookies and similar technologies about your activity on our websites and other online services. The definition of “sale” under the CCPA is broad and may include use of retargeting and interest-based advertising services. You can read more information about cookies and your ability to opt-out in the section above entitled Use of Cookies.

Right to non-discrimination: The CCPA provides that you may not be discriminated against for exercising these rights.

To submit a request to exercise any of the rights described above, contact privacy@modash.io

When exercising your rights, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may be required.

How We Share Your Data

Modash may process your personal data in the European Economic Area and in any other country where our subsidiaries or service providers operate facilities in accordance with and as permitted by applicable laws and regulations. Some of these countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).

When we process personal data outside of the European Economic Area, we take appropriate safeguards to require that it remains protected in accordance with this policy and applicable law. We may use contracts, the Standard Contractual Clauses approved by the European Commission, or other contractual regulations provided for by law, which are intended to ensure adequate protection of your data and which you can review on request.

Partners

You may be provided with offers, products, and services from third party companies who, for example, integrate with our Services. If you choose to export your data to a third party, interact with or apply for services or offerings from a third party, or otherwise link or sync your Modash account to a third party’s product or service, you consent and instruct Modash to share your information, including personal information, to the third party providing the service or offering. Remember that any information you provide to a third party, whether through us or on your own, will be subject to their privacy policies and terms and conditions.

Third Party Service Providers

In order to operate and perform functions such as hosting our application, storing and analyzing data, processing payments, communicating with you, and providing and optimizing our services, we use third party service providers. Some of these third party service providers are located outside the European Economic Area. We shall disclose your information to third parties only when you have authorised us to do so, it is necessary as part of business practices, or when there is a legal or statutory obligation to do so. Whenever we disclose information to third parties, we will only disclose that amount of personal information necessary to meet such business need or legal requirement.

We only engage third party service providers after a comprehensive review which carefully considers each third party service provider’s competence, as well as their technical and organizational data protection measures. The results of this review are recorded in writing. To protect your personal data, we also sign data processing agreements, complete with standard contractual clauses, as applicable, that comply with Article 28 of the GDPR with third party service providers. Here are the details of our main third party service providers and the data they collect or that we share with them:

Google API Limited Use Requirements

Modash use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Infrastructure

Amazon Web Services

Modash uses Amazon Web Services (AWS) to host its infrastructure. All persistent data (such as databases, file storage, and temporary data), as well as compute power (such as web servers and processing machines), run on AWS EU Ireland Region (eu-west-1).

The responsible entity is: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, United States

Data processed:
- Contact Data
- Account Data
- Communications Data
- Cookie Data
- Device and Service Data
- Activity Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(b) of the GDPR. You can find further information about AWS’ data processing and data protection at: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Webflow

Modash uses Webflow to host its' website and to manage the content of its' website.

The responsible entity is: Webflow, Inc. 398 11th Street, 2nd Floor San Francisco, CA 94103, United States

Data processed:
- Contact Data
- Account Data
- Communications Data
- Cookie Data
- Device and Service Data
- Activity Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(b) of the GDPR. You can find further information about Webflows’ data processing and data protection at: https://webflow.com/legal/privacy

Aurinko

Modash uses Aurinko to connect and sync to different email APIs on behalf of it's customers.

The responsible entity is: Aurinko, Inc., 4343 Anchor Plaza Pkwy, Suite 150, Tampa, FL 33634, United States

Data processed:
- Contact Data
- Account Data
- Communications Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(b) of the GDPR. We have concluded an agreement with Aurinko with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Aurinkos’ data processing and data protection at: https://www.aurinko.io/privacy/

Web Performance and Security

Debounce

Modash uses Debounce to prevent sign-up fraud.

The responsible entity is: Yeşilköy EGS Business Park B2, No.1 Bakırköy. İstanbul Turkey

Data processed:
- Contact Data
- Account Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(b) of the GDPR. You can find further information about Debounces’ data processing and data protection at: https://debounce.io/privacy-policy/

Google reCaptcha

Modash uses Google reCaptcha to prevent sign-up fraud.

The responsible entity is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA  94043, United States

Data processed:
- Contact Data
- Account Data
- Cookie DataDevice and Service Data
- Activity Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(b) of the GDPR. You can find further information about Googles’ data processing and data protection at: https://policies.google.com/privacy

Communications

Calendly

Modash uses Calendly to book call with prospects and customers.

The responsible entity is: Calendly LLC, 115 E Main St., Ste A1B Buford, GA 30518, United States

Data processed:
- Communications Data
- Cookie Data
- Device and Service Data
- Activity Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(a) of the GDPR. You can find further information about Calendly’ data processing and data protection at: https://calendly.com/privacy

Loom

Modash uses Loom for video recording and sharing those video with prospects and customers.

The responsible entity is: Loom Inc, 140 2nd St Floor 3, San Francisco, United States

Data processed:
- Communications Data
- Cookie Data
- Device and Service Data
- Activity Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(a) of the GDPR. You can find further information about Looms’ data processing and data protection at: https://www.loom.com/privacy-policy

Google Workspace

Modash uses Google Workspace, including its applications for email (Gmail), calendar (Google Calendar), cloud storage (Google Drive), word processing (Google Docs), and spreadsheets (Google Sheets).

The responsible entity is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data processed:
- Contact Data
- Account Data
- Billing Data
- Professional Data
- Communications Data

The legal basis is our legitimate interest in communications and file management, Art. 6 1(f) of the GDPR. We have concluded an agreement with Google with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Google’s data processing and data protection at: https://policies.google.com/

Slack

Modash uses Slack as a chat tool to discuss such matters as operations, projects, support needs, and feature requests.

The responsible entity is: Slack Technologies Limited, 4th Floor, One Park Place, Hatch Street Upper, Dublin 2, Ireland

Data processed:
- Contact Data
- Account Data
- Professional Data
- Communications Data

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. You You can find further information about Slack’s data processing and data protection at: https://slack.com/trust/privacy/privacy-policy

Payments

Stripe

Modash uses Stripe to process payments from some of our existing customers and provide billing information to these customers.

The responsible entity is: Stripe, Inc, 354 Oyster Point Boulevard, South San Francisco, CA 94080, United States

Data processed:
- Contact Data
- Account Data
- Financial Data
- Billing Data
- Device and Service Data

If you wish to avoid sending your data to Stripe, you can do so by not signing up for a paid Modash plan. If you do so however, your ability to use Modash’s services could be severely reduced.The legal basis is performance of our contract to provide you services, Art. 6 1(b) of the GDPR. We have concluded an agreement with Stripe with regard to the processing of your data in accordance with Art. 28 GDPR. You You may find further information about Stripe’s data processing and data protection here: https://stripe.com/en-ee/privacy

vatlayer API

Modash uses vatlayer API to validate VAT-IDs of customers.

The responsible entity is: Apilayer Data Products GmbH, 13-15 / 6. Floor., Untere Donaustraße, 1020 Vienna, Austria

Data processed:
- Contact Data
- Billing Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(b) of the GDPR. You can find further information about vatlayer APIs’ data processing and data protection at: https://www.ideracorp.com/Legal/APILayer/PrivacyStatement

Project Management

Jira

Modash uses Jira to create tickets and tasks to process and track UI development, product updates and requests and product documentation.

The responsible entity is: Atlassian Pty Ltd, ℅ Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94194, United States

The designated EU representative is: Atlassian B.V., ℅ Atlassian, Inc., 350 Bush Street, Floor 13, San Francisco, CA 94104, United States

Data processed:
- Contact Data
- Account Data
- Communications Data

The legal basis is our legitimate interest in task management, Art. 6 1(f) of the GDPR. You can find further information about Jiras' data processing and data protection at: https://www.atlassian.com/legal/privacy-policy

Customer Support and Management

Apollo

Modash uses Apollo to data enrichment of customers.

The responsible entity is: ZenLeads Inc, 101 MONTGOMERY STREET, SUITE 400, SAN FRANCISCO CA 94104, United States

Data processed:
- Contact Data
- Account Data

The legal basis is our contractual obligation to provide services to you, Art. 6 1(f) of the GDPR. You can find further information about Apollos’ data processing and data protection at: https://www.apollo.io/privacy-policy/

Pipedrive

Modash uses Pipedrive to manage the relationships with it’s prospects and customers.

The responsible entity is: Pipedrive OÜ, Mustamäe tee 3a, Tallinn 10615, Estonia

Data processed:
- Contact Data
- Account Data
- Communications Data
- Activity Data

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. You You can find further information about Pipedrives' data processing and data protection at: https://www.pipedrive.com/en/privacy

Vitally

Modash uses Vitally to manage the relationships with it’s customers.

The responsible entity is: Vitally, Inc, 185 Wythe Ave, Floor 2, Brooklyn, NY 1124

Data processed:
- Contact Data
- Account Data
- Communications Data
- Activity Data

The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. You You can find further information about Vitally' data processing and data protection at: https://www.vitally.io/privacy-policy

Intercom

Modash uses Intercom to notify users of new features in our application, websites, and/or services. We also use Intercom to advertise events hosted or sponsored by Modash and to manage information about our customers and leads. The option to subscribe to notifications about new features, events, and other news about Modash is made possible using JavaScript and cookies.

The responsible entity is: Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Ireland

Data processed:
- Contact Data
- Account Data
- Communications Data
- Cookie Data
- Other information, including Device and Service Data, is submitted to Intercom when a user loads resources embedded in, or a link contained in, an email sent through Intercom
- Activity Data

The analyses of your actions on our website and the notifications sent through Intercom are transferred to us in the form of reports. Intercom may give any of your information to further parties where legally required to do so, or as contracted by Intercom.The legal basis is our legitimate interest in effective communication, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Intercom with regard to the processing of your data in accordance with Art. 28 GDPR. You You can find further information about Intercom’s data processing and data protection at: https://www.intercom.com/legal/privacy

Segment

Modash uses Segment, a Customer Data Platform, to track information from our websites and application, consolidate customer data, and integrate that data with other services.

The responsible entity is: Segment.io, Inc., 101 Spear Street, Floor 1, San Francisco, CA 94105, United StatesThe designated EU representative is: Segment Technologies Ireland, Limited, ℅ Segment.io, Inc., 101 Spear Street, Floor 1, San Francisco, CA 94105, United States

Data processed:
-
Contact Data
- Account Data
- Device and Service Data
- Cookie Data

The legal basis is our legitimate interest in analytics and advertising Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Segment with regard to the processing of your data in accordance with Art. 28 GDPR. You You may find further information about Segment’s data processing and data protection here: https://segment.com/legal/privacy/

Marketing

Customer.io

Modash uses C to sent automated transactional emails to prospects and customers.

The responsible entity is: PEABERRY SOFTWARE INC., 921 SW WASHINGTON STREET, SUITE 820, PORTLAND, 97205, United
States

Data processed:
-
Contact Data
- Account Data
- Activity Data
- Device and Service Data

The legal basis is our legitimate interest in analytics and advertising Art. 6 1(f) of the GDPR. You You may find further information about Customer.ios' data processing and data protection here: https://customer.io/legal/privacy-policy/

Beehiiv

Modash uses Beehiiv to manage it's marketing newsletter.

The responsible entity is: beehiiv Inc., 228 Park Avenue, Unit 2329976, New York, NY, 10003​, United States

Data processed:
- Contact Data
- Communications Data

The legal basis is our legitimate interest in analytics and advertising Art. 6 1(f) of the GDPR. You You may find further information about Beehiivs' data processing and data protection here: https://www.beehiiv.com/privacy

Analytics

Fullstory

Modash uses Fullstory to record the usage of the Modash App.

The responsible entity is:
Fullstory Inc, 1745 Peachtree Rd NW Suite G, Atlanta, GA 30309, United States

Data processed:
- Activity Data
- Device and Service Data

The legal basis is our legitimate interest in analytics, Art. 6 1(f) of the GDPR. We have concluded an agreement with Fullstory with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Fullstorys' data processing and data protection at: https://www.fullstory.com/legal/privacy-policy/ Modash uses Fullstory to record the usage of the Modash App.

Microsoft Clarity

Modash uses Microsoft Clarity to analyse vititor behavior on its websites.

The responsible entity is:
Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, United States

Data processed:
- Activity Data
- Device and Service Data
- Cookie Data

The legal basis is our legitimate interest in analytics, Art. 6 1(f) of the GDPR. We have concluded an agreement with Microsoft with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Microsofts' data processing and data protection at: https://privacy.microsoft.com/en-us/privacystatement

Amplitude

Modash uses Amplitude to analyze the usage of its App to improve the user experience.

The responsible entity is: Amplitude Inc., 201 3rd Street, Suite 200, San Francisco, CA 94103, United States

Data processed:
- Contact Data
- Account Data
- Cookie Data
- Device and Service Data
- Activity Data

The legal basis is our legitimate interest in analytics, Art. 6 1(f) of the GDPR. We have concluded an agreement with Amplitude with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Amplitudes data processing and data protection at: https://amplitude.com/privacy

Google Analytics

Modash uses Google Analytics, a service provided by Google Inc, to analyze website access and improve our website. The analysis of your use of our website is made possible through the use of cookies. The Google tracking on our website uses the “anonymizeIp()” function, which truncates the transmitted IP addresses so as to prevent the direct identification of any individual users.

The responsible entity is: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States

Data processed:
- Cookie Data
- Activity Data

The analyses of your actions on our website are transferred to us in the form of reports. Google may give this information to further parties where legally required to do so, or as contracted by Google.

You can stop the placement of Google Analytics cookies on your computer through the settings of your web browser. If you do so, we cannot guarantee that all the functions of our website will be fully available to you. You may also stop the placement of cookies with browser extensions, such as: https://tools.google.com/dlpage/gaoptout The legal basis is our legitimate interest in analytics, Art. 6 1(f) of the GDPR. We have concluded an agreement with Google Analytics with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about Google’s data processing and data protection at: https://policies.google.com/  and https://www.google.com/analytics/terms/

Workflow Management

Zapier

Modash uses Zapier to connect and share data between multiple web services used by Modash.

The responsible entity is: Zapier, Inc., 548 Market Street #62411, San Francisco, CA 94104, United States

Data processed:
- Contact Data
- Account Data
- Communications Data
- Cookie Data
- Activity Data

Any information, including personally identifiable information, collected by any other service listed in this policy, may be submitted to Zapier’s servers, located in the United States, and saved there when a user takes an action that results in the submission of information to the original service. Zapier may give this information to further parties where legally required to do so, or as contracted by Zapier.The legal basis is our legitimate interest in effective data management, Art. 6 1(f) of the GDPR. We have concluded an agreement, with Standard Contractual Clauses, with Zapier with regard to the processing of your data in accordance with Art. 28 GDPR. You may find further information about Zapier’s data processing and data protection here: https://zapier.com/privacy/

Recruitment and Job Applications

AngelList

Modash uses AngelList to source candidates for job openings.

The responsible entity is: AngelList Holdings, LLC, 90 Gold Street, San Francisco, CA 94133, United States

The designated EEA representative is: PrighterGDPR-Rep by Maetzler Rechtsanwalts GmbH & Co. KG, ℅ AngelList, Schellinggasse 3/10, 1010 Vienna, Austria

The designated UK representative is: AngelList Ltd., 2nd Floor, White Bear Yard, Clerkenwell Road, London, UK EC1R 5DF

Data processed:
- Contact Data
- Professional Data

The legal basis is our legitimate interest in recruitment, Art. 6 1(f) of the GDPR. We have concluded an agreement with AngelList with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about AngelList’s data processing and data protection at: https://angel.co/privacy

LinkedIn

Modash uses LinkedIn to source candidates for open positions. Modash also uses LinkedIn on our website to track activities for analytics and marketing purposes.

The responsible entity for LinkedIn is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Data processed:
- Contact Data
- Professional Data
- Communications Data
- Cookie Data
- Activity Data

If you are logged into a LinkedIn account (even if it is not your own account) at the same time that you access the Modash website, LinkedIn will additionally receive a notification that you visited our website. LinkedIn collects this information, so the theoretical possibility exists that it could associate it with the LinkedIn account. To prevent this, you can log out of any LinkedIn accounts prior to visiting our website. To do this, you must visit the LinkedIn website.The legal basis is our legitimate interest in recruitment Art. 6 1(f) of the GDPR. We have concluded an agreement with LinkedIn with regard to the processing of your data in accordance with Art. 28 GDPR. You can find further information about LinkedIn’s data processing and data protection at: https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/l/dpa

Changes to this Privacy Policy

Modash reserves the right to update this policy from time to time without notice. Any changes are effective when we post the updated policy on our website. We recommend that you regularly check back. We may provide you with notices about changes to this policy if you are a registered user of the Modash application.

Contact

Should you have further questions, or wish to contact us, you can do so through our website at www.modash.io

When you do so, the data required to answer your query will be automatically saved and processed. Your data will not be transferred to third parties unless Modash has a lawful ground to do so.

Updated: November 05, 2023