Back to site

Privacy Policy

Modolab Ltd 66 Paul Street, London, EC2A 4NA Last updated: July 2026

Modolab Ltd (“Modolab”, “we”, “us”) is committed to protecting your personal data. This Privacy Policy explains who we are, what personal data we collect, why we collect it, how we use it, and what rights you have.

1. Who We Are

Modolab Ltd is a private limited company registered in England and Wales (Company No. 17262003). Our registered office is 66 Paul Street, London, EC2A 4NA. We are the data controller for the personal data described in this policy.

Controller vs processor: where personal data is entered into the Modolab platform by or on behalf of our customers (for example, responses provided by a customer's stakeholders during an engagement), we process that data as a processor on the customer's behalf, under the Data Processing Agreement that forms part of our contract with that customer. This policy covers the personal data for which we are the controller — such as data about website visitors, prospective customers, account contacts and billing contacts. For data processed within the platform, please refer to the privacy notice of the organisation that engaged you.

If you have any questions about this policy or how we handle your data, please contact us at: privacy@modolab.ai.

2. What Personal Data We Collect

We may collect the following categories of personal data:

2.1 Data you provide to us

2.2 Data we collect automatically

Our website does not use cookies — see Section 8.

2.3 Data we receive from third parties

3. How and Why We Use Your Data

PurposeLegal Basis (UK GDPR)
Providing and managing your access to the Modolab platformPerformance of a contract (Art. 6(1)(b))
Processing payments and managing billingPerformance of a contract (Art. 6(1)(b))
Responding to your enquiries and support requestsPerformance of a contract / Legitimate interests (Art. 6(1)(b)/(f))
Sending product updates, security notices and service communicationsPerformance of a contract (Art. 6(1)(b))
Sending marketing communications to individuals (where you have opted in)Consent (Art. 6(1)(a))
Sending business-to-business marketing to corporate contacts relevant to our services (with an opt-out in every message)Legitimate interests (Art. 6(1)(f))
Improving and developing our product and websiteLegitimate interests (Art. 6(1)(f))
Analytics and measuring website performanceLegitimate interests (Art. 6(1)(f)) — aggregated, cookie-free analytics only
Complying with legal obligations (e.g. tax, accounting)Legal obligation (Art. 6(1)(c))
Preventing fraud and ensuring platform securityLegitimate interests (Art. 6(1)(f))

Automated decision-making: we do not make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you.

4. Data Retention

We retain personal data for no longer than necessary for the purpose for which it was collected. Our standard retention periods are:

CategoryRetention Period
Customer account dataDuration of contract + 6 years
Financial / billing records6 years from the end of the relevant financial year (Companies Act / HMRC requirements)
Support and communication records3 years from last contact
Marketing consent recordsUntil consent is withdrawn + 1 year
Website analytics data26 months
Job applicant data (unsuccessful)6 months from decision

5. Who We Share Your Data With

We do not sell your personal data. We may share it with:

6. International Transfers

Some of our sub-processors are based outside the UK or EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

7. Your Rights

Under UK GDPR, you have the following rights:

RightWhat it means
AccessRequest a copy of the personal data we hold about you
RectificationAsk us to correct inaccurate or incomplete data
ErasureAsk us to delete your data in certain circumstances
RestrictionAsk us to restrict processing while a dispute is resolved
PortabilityReceive your data in a structured, machine-readable format
ObjectObject to processing based on legitimate interests or for direct marketing
Withdraw consentWithdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at privacy@modolab.ai. We will respond within one month.

Complaints: you also have the right to raise a data protection complaint directly with us. Please email privacy@modolab.ai with the subject line “Data protection complaint”; we will acknowledge your complaint within 30 days and respond without undue delay, in accordance with the Data (Use and Access) Act 2025. You are also entitled to lodge a complaint with the ICO at any time at ico.org.uk or by calling 0303 123 1113.

8. Cookies

This website does not set cookies or use similar tracking technologies. There are no analytics cookies, no advertising trackers and no third-party cookies, which is why you will not see a cookie consent banner on this site. If we introduce cookies in the future, we will update this policy and, where required, ask for your consent before setting any.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These include encryption in transit and at rest, access controls, and regular security assessments. No transmission over the internet is completely secure; if you have reason to believe your interaction with us is no longer secure, please contact us immediately.

10. Children

Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on our website. The date at the top of this page indicates when the policy was last updated.