Privacy Policy
Last updated: July 3, 2026
1. What Data We Collect
When you use Modulat, we collect the following information:
- Account information: Your email address, display name, and avatar, provided through OAuth when you sign in
- Link data: The destination URLs you shorten, custom slugs, and associated metadata such as expiry dates and password protection settings
- Portal and uploaded content: The content you add to client portals — links, notes, embedded video URLs, images, and files you upload — together with portal settings such as branding and password protection
- Click and view analytics: When someone opens a shortened link or a client portal, we collect the referring URL, user agent, and approximate country derived from the IP address. We do not store raw IP addresses
- Account and portal data: Your account and client portal names, team member lists, and billing information
2. How We Use Your Data
We use the data we collect to:
- Provide, maintain, and improve the Service
- Display link analytics and usage statistics in your dashboard
- Process payments and manage billing for paid accounts
- Send transactional emails related to your account (e.g., team invitations, billing receipts)
- Detect and prevent abuse of the Service
We do not sell your personal data to third parties. We do not use your data for advertising.
3. Third-Party Services
We rely on the following third-party services to operate Modulat:
- Supabase — Authentication, database, and storage of profile and branding images
- Cloudflare — DNS, CDN, DDoS protection, and object storage (Cloudflare R2) for files and images uploaded to client portals
- Polar — Payment processing and subscription billing
- Resend — Transactional email delivery
Each of these services has its own privacy policy. We encourage you to review them. We only share the minimum data necessary for each service to function.
4. Data Retention
- Account data is retained until you delete your account
- Click and portal-view analytics data is retained for 90 days, after which it is aggregated and individual records are deleted
- Server logs are retained for 30 days for debugging and abuse prevention
When you delete your account, we remove your personal data, associated links, and uploaded portal content within 30 days. Some data may persist in encrypted backups for a limited period but will not be actively used.
5. Cookies
Modulat uses cookies sparingly. We set authentication cookies when you access a password-protected link or portal, so you are not prompted to re-enter the password on subsequent visits. We do not use tracking cookies, advertising cookies, or any third-party cookie-based analytics.
6. Your Rights
You have the right to:
- Access your personal data through your dashboard
- Delete your account and associated data at any time
- Export your link data from the dashboard
- Correct inaccurate information in your profile
To exercise any of these rights, use the settings in your dashboard or contact us at [email protected].
7. Children
Modulat is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
9. Contact
If you have questions about this Privacy Policy, contact us at [email protected].