Modolab Ltd (“Modolab”, “we”, “us”) is committed to protecting your personal data. This Privacy Policy explains who we are, what personal data we collect, why we collect it, how we use it, and what rights you have.
Modolab Ltd is a private limited company registered in England and Wales (Company No. 17262003). Our registered office is 66 Paul Street, London, EC2A 4NA. We are the data controller for the personal data described in this policy.
Controller vs processor: where personal data is entered into the Modolab platform by or on behalf of our customers (for example, responses provided by a customer's stakeholders during an engagement), we process that data as a processor on the customer's behalf, under the Data Processing Agreement that forms part of our contract with that customer. This policy covers the personal data for which we are the controller — such as data about website visitors, prospective customers, account contacts and billing contacts. For data processed within the platform, please refer to the privacy notice of the organisation that engaged you.
If you have any questions about this policy or how we handle your data, please contact us at: privacy@modolab.ai.
We may collect the following categories of personal data:
Our website does not use cookies — see Section 8.
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Providing and managing your access to the Modolab platform | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and managing billing | Performance of a contract (Art. 6(1)(b)) |
| Responding to your enquiries and support requests | Performance of a contract / Legitimate interests (Art. 6(1)(b)/(f)) |
| Sending product updates, security notices and service communications | Performance of a contract (Art. 6(1)(b)) |
| Sending marketing communications to individuals (where you have opted in) | Consent (Art. 6(1)(a)) |
| Sending business-to-business marketing to corporate contacts relevant to our services (with an opt-out in every message) | Legitimate interests (Art. 6(1)(f)) |
| Improving and developing our product and website | Legitimate interests (Art. 6(1)(f)) |
| Analytics and measuring website performance | Legitimate interests (Art. 6(1)(f)) — aggregated, cookie-free analytics only |
| Complying with legal obligations (e.g. tax, accounting) | Legal obligation (Art. 6(1)(c)) |
| Preventing fraud and ensuring platform security | Legitimate interests (Art. 6(1)(f)) |
Automated decision-making: we do not make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you.
We retain personal data for no longer than necessary for the purpose for which it was collected. Our standard retention periods are:
| Category | Retention Period |
|---|---|
| Customer account data | Duration of contract + 6 years |
| Financial / billing records | 6 years from the end of the relevant financial year (Companies Act / HMRC requirements) |
| Support and communication records | 3 years from last contact |
| Marketing consent records | Until consent is withdrawn + 1 year |
| Website analytics data | 26 months |
| Job applicant data (unsuccessful) | 6 months from decision |
We do not sell your personal data. We may share it with:
Some of our sub-processors are based outside the UK or EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
Under UK GDPR, you have the following rights:
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Ask us to correct inaccurate or incomplete data |
| Erasure | Ask us to delete your data in certain circumstances |
| Restriction | Ask us to restrict processing while a dispute is resolved |
| Portability | Receive your data in a structured, machine-readable format |
| Object | Object to processing based on legitimate interests or for direct marketing |
| Withdraw consent | Withdraw consent at any time where processing is consent-based |
To exercise any of these rights, contact us at privacy@modolab.ai. We will respond within one month.
Complaints: you also have the right to raise a data protection complaint directly with us. Please email privacy@modolab.ai with the subject line “Data protection complaint”; we will acknowledge your complaint within 30 days and respond without undue delay, in accordance with the Data (Use and Access) Act 2025. You are also entitled to lodge a complaint with the ICO at any time at ico.org.uk or by calling 0303 123 1113.
This website does not set cookies or use similar tracking technologies. There are no analytics cookies, no advertising trackers and no third-party cookies, which is why you will not see a cookie consent banner on this site. If we introduce cookies in the future, we will update this policy and, where required, ask for your consent before setting any.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These include encryption in transit and at rest, access controls, and regular security assessments. No transmission over the internet is completely secure; if you have reason to believe your interaction with us is no longer secure, please contact us immediately.
Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on our website. The date at the top of this page indicates when the policy was last updated.