This Privacy Policy applies to:

(a) Website Visitors: Individuals who visit our website, request product demos, sign up for newsletters, or submit inquiries.

(b) Administrative Users: Authorized representatives of our Customers who create and manage accounts on our Platform (e.g., HR managers, IT administrators).

(c) End Users (Employees): Individuals whose workplace activity is monitored through our Platform pursuant to their employer's use of our Services. For End Users, your employer (our Customer) is the Data Controller, and this Policy provides transparency about how Modge processes your data as a Processor on your employer's behalf.

Where Modge processes personal data as a Processor, our Customers are responsible for obtaining all necessary consents and authorizations from End Users, providing appropriate privacy notices to End Users, ensuring compliance with applicable data protection laws in their jurisdiction, responding to End User requests regarding their personal data (Modge will assist as required)

The categories and types of Personal Data we collect depend on how you interact with us:

The specific data collected depends on the Customer's configuration and settings, and is also limited to work devices and work-related activity during business hours (as configured by the Customer).

We do not intentionally collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation. Please note that some sensitive personal information (such as medical data, financial data, or authentication credentials for personal accounts) may be inadvertently captured in screenshots; we implement measures to minimize such collections where technically feasible.

We also do not intentionally collect content of personal communications unrelated to work activities.

We process personal data for:

Billing and account administration for customers (where applicable).

Sending service announcements, updates, and administrative communications, and with your consent, sending marketing communications (newsletters, product updates, promotional offers).

Improving and developing our Services, conducting analytics, and understanding usage patterns.

Ensuring security of our Services, preventing fraud, and detecting unauthorized access.

Establishing, exercising, or defending legal claims, and complying with legal obligations, including enforcing our Terms of Service and protecting our legal rights and interests.

We also process Personal Data in pseudonymized or aggregated form, where possible, for training and improving our algorithms and analytics models, developing new features and functionalities, conducting research and development and for creating anonymized or aggregated insights and benchmarks.

We may, in the future, sell, license, or otherwise commercialize aggregated, anonymized, or de-identified statistical insights derived from the data we process (e.g., industry benchmarks, productivity trends, workflow patterns). Such data will not identify you individually and will be processed in compliance with applicable data protection laws. If we decide to engage in such activities, we will ensure data is truly anonymized or de-identified according to applicable legal standards, obtain any required consents from Customers and/or End Users and update this Policy and provide appropriate notice.

We rely on one or more following legal grounds for the collection, processing, and use of your Personal Data, in accordance with the laws and regulations applicable in the relevant country:

Performance of a Contract: Processing is necessary to provide our Services as part as the contract between Modge and the Customer, as well as between the Customer and the End User (e.g., employment contract).

Legitimate Interests: In countries whereby permitted by law, processing is necessary for our legitimate interests, such as improving our Services, ensuring security, developing new features, - provided these interests are not overridden by your data protection rights. Where Modge acts as a Data Processor for customers as the Data Controllers, the Customer (as employer or organization) shall be responsible for determining the applicable lawful basis. If you have questions about the legal basis, please contact your employer or organization directly.

We regularly review and update our legitimate interests assessment as our processing activities evolve. You may object to processing based on legitimate interests as described in Section 10).

Legal Obligations: Processing is necessary for compliance with legal obligations to which we are subject.

Consent: In countries where explicit consent is required, we process Personal Data as Data Processors only, based on explicit consent for specific processing activities, relying on the consent individuals have provided to our customers, as Data Controllers.

In connection with our website, we may obtain specific consent, to the extent required under applicable law for certain non-essential cookies or marketing communications.

We share Personal Data with the following categories of recipients, as necessary to provide, maintain, and improve the Services:

Service providers/sub-processors: we may disclose your Personal Data to service providers and subcontractors who assist us in the operation of our Services, such as hosting, infrastructure, authentication, security, monitoring, analytics, support ticketing, content and email delivery. We require all such service providers to maintain the confidentiality, security, and integrity of personal information they access or process on our behalf.

Affiliates and group companies: we may share Personal Data with our business partners, affiliates and subsidiaries that support the provision, improvement, or support of the Services, subject to this Privacy Policy and applicable data protection agreements.

Your organization: When acting as a Processor, we share End User data with the Customer organization (your employer) that deployed the Platform and authorized users within the Customer organization (e.g., managers, HR personnel, IT administrators) as configured by the Customer.

Professional advisors: from time to time, we may disclose your information to our lawyers, auditors, and insurers under duties of confidentiality, for compliance and risk management.

Corporate transactions: we may disclose your personal data in connection with a proposed or actual corporate merger, acquisition, consolidation, sale of assets, bankruptcy, insolvency or other corporate changes.

Legal and regulatory disclosures: we may disclose your personal data to legal, governmental, or judicial authorities, as instructed or required by those authorities or applicable laws, or to other parties in relation to legal process, such as in response to a subpoena. We may also disclose such personal data if we believe disclosure is necessary to prevent physical, financial, or other harm, injury, or loss.

Law Enforcement: we may disclose your personal data to law enforcement agencies where we believe it is necessary to prevent or investigate illegal activity.

Other Disclosures with your Consent: we may disclose your personal data with your consent to other unaffiliated third parties who are not described elsewhere in this Privacy Policy.

Aggregated and de-identified information: we may share aggregated, anonymized, or de-identified information that does not reasonably identify you with third parties for research, analytics, or improving the Services.

Modge does not sell personal data. Disclosures are limited to the purposes identified above and governed by appropriate safeguards, including the DPA where Modge is a Data Processor.

Modge is headquartered in the United States. The Personal Data we collect may be stored and processed in the United States or any other country where Modge, its affiliates, or its service providers maintain facilities.

If you are located in the EEA, UK, or Switzerland, we implement appropriate safeguards for international transfers, including transfer to country that provides an adequate level of data protection (by European Commission adequacy decision) or use the European Commission's Standard Contractual Clauses (or UK equivalents) with recipients in countries that do not have an adequacy determination

We conduct transfer impact assessments where required and implement supplementary measures (such as encryption and access controls) to ensure that Personal Data transferred internationally receives a level of protection essentially equivalent to that guaranteed within the EEA.

By using our Services, you acknowledge and consent to the transfer of your Personal Data as described in this Policy.

We implement industry-standard technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including network and application security controls, access controls, encryption in transit (and at rest where applicable), security logging/monitoring, vulnerability management, and personnel training.

While we strive to protect your Personal Data, no security program is impenetrable, and no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You also play a role by keeping your login credentials confidential, using strong passwords, logging out after each session, and promptly reporting any suspected security incidents

We retain Personal Data for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law, including to meet legal, regulatory, tax, accounting, or reporting obligations, to enforce agreements, and to resolve disputes. Where feasible, we minimize, de-identify, or aggregate data and apply retention schedules consistent with the nature and sensitivity of the data, risk, and legal requirements.

Subject to applicable law, you may have the following rights regarding your Personal Data. The specific rights available to you depend on your location and the applicable legal framework.

Right to Access: You have the right to request confirmation as to whether we process your Personal Data and, if so, to obtain access to that data and information about how it is processed.

Right to Correction: You have the right to request that we correct inaccurate, incomplete, or outdated Personal Data about you.

Right to Deletion: In certain circumstances, you have the right to request deletion of your Personal Data (also known as the "right to be forgotten").

Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Opt-Out of Marketing: You have the right to opt out of receiving marketing communications from us at any time.

Right to Restriction of Processing: You may request that we restrict processing of your Personal Data in certain circumstances (e.g., while we verify the accuracy of disputed data).

Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object: You have the right to object to processing your Personal Data under certain conditions, and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed by us for such purposes. Such a right to object may not exist if the processing of your personal data is necessary to take steps prior to entering a contract or to fulfil a contract already concluded.

Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you, unless such processing is necessary for a contract, authorized by law, or based on your explicit consent.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

If we process your personal data on behalf of your organization (as Data Processor), please direct your request to your employer (our Customer), as they are the Data Controller. We will assist your employer in responding to your request as required by our agreement with them. In other cases, to exercise these rights, please contact us at privacy@modge.com. We will respond to your request in accordance with applicable data protection laws.

To protect your privacy and security, we will verify your identity before processing your request. We may ask you to provide information that matches records we have on file, or respond from the email address associated with your account.

You may designate an authorized agent to make a request on your behalf. We will require verification that the agent is authorized to act on your behalf (e.g., a power of attorney or signed permission).

For California residents: If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your Personal Information.

Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" of your Personal Information or "sharing" of your Personal Information for cross-context behavioral advertising.

Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of Sensitive Personal Information to only purposes necessary to provide the Services. However, we do not use Sensitive Personal Information for purposes beyond those permitted without the ability to limit such use.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

We will not discriminate against you for exercising your privacy rights, including by denying goods or services, charging different prices or rates or providing a different level or quality of goods or services. However, we may offer financial incentives or different prices/services if reasonably related to the value of your data and permitted by law.

Our Services are intended for use in business and enterprise contexts and are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from children under 18 without appropriate consent from a parent or legal guardian. If you believe that a child under 18 has provided us with Personal Data without parental consent, please contact us immediately, and we will take steps to delete such information.

What Are Cookies? Cookies are small text files placed on your device when you visit a website. They help websites recognize your device and remember information about your visit. We also may use similar technologies such as web beacons (pixels), local storage in your browser or software code embedded in applications

Why We Use Cookies? We use cookies and similar technologies to:

We may use third-party services that may place cookies on your device, including Google Analytics, to analyze website traffic and usage. These third parties have their own privacy policies. We encourage you to review them.

You can control cookies via your browser settings; note that disabling certain cookies may impact core functionality.

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Modge (e.g., social media platforms, partner sites, payment processors). We are not responsible for the privacy practices or content of third parties. Such third-party services have their own privacy policies and terms and any data you provide to third parties is governed by their policies, not this Policy. Your use of third-party services is at your own risk, and we encourage you to review the privacy policies of any third-party services you interact with. We do not endorse or assume any responsibility for third-party practices.

We may use artificial intelligence (AI) technologies as part of our Services. The use of AI may involve the processing of Personal Data, and we are committed to ensuring that such processing is carried out in accordance with applicable laws.

We take appropriate measures to protect your privacy, including transparency regarding the use of AI, implementing suitable technical and organizational safeguards, and ensuring that any processing of Personal Data by AI is lawful, fair, and limited to what is necessary for the purposes described in this Privacy Policy.

We do not use AI for automated decision-making that may directly impact fundamental rights of individuals, without human intervention, and unless such processing is permitted by applicable laws and appropriate safeguards are in place. If you have any questions about our use of AI, you are welcome to contact us by email provided below.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will post the revised Policy on our website and provide notice of material changes through the Services, by email, or by other reasonable means. If we make material changes that significantly affect your rights or how we process your Personal Data, we will provide prominent notice and, here required by law, obtain your renewed consent.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Policy. If you do not agree with the changes, you should stop using the Services and, where applicable, request deletion of your Personal Data.

We encourage you to review this Policy periodically to stay informed about how we protect your privacy.

If you have questions, comments, concerns, or requests regarding this Privacy Policy or our data practices, please contact us be email: privacy@modge.com