Legal · Privacy

Privacy Policy

This policy explains how Moda collects, uses, shares, retains, and deletes personal information, and how you can exercise your privacy rights — including your right to request deletion of your data.

Last updated: June 25, 2026

Overview

Moda provides an AI agent observability platform that helps teams understand and improve their production AI agents. This Privacy Policy describes how Moda (“Moda,” “we,” “us,” or “our”) handles personal information when you visit our websites, create an account, or use our products and services (collectively, the “Services”).

It also explains how we handle the conversation telemetry and related data that our customers send to Moda about their own end users (“Customer Data”). For Customer Data, our customer is the controller and Moda acts as a processor; that relationship is governed by the agreement and Data Processing Addendum (“DPA”) between us and the customer. See Customer data we process for you.

Personal information we collect

We collect personal information that you provide to us directly, information collected automatically when you use the Services, and information we receive from third parties.

Information you provide may include your name, work email address, company, role, account credentials, billing and payment details, and the contents of messages you send us (for example, support requests, demo requests, or survey responses).

Information collected automatically may include device and browser information, IP address, pages viewed, referring URLs, and similar usage data gathered through cookies and comparable technologies, including via product analytics.

Information from third parties may include data from our analytics, infrastructure, identity, and payment providers, and from publicly available sources.

How we use personal information

We use personal information to:

  • Provide, operate, secure, and maintain the Services.
  • Authenticate users, manage accounts, and process transactions.
  • Communicate with you about the Services, including service, security, and support messages.
  • Improve, troubleshoot, and develop new features and products.
  • Send marketing communications where permitted, which you can opt out of at any time.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our terms.

Customer data we process for you

When a customer integrates Moda, their applications send us conversation telemetry from their AI agents. This Customer Data may include message content and metadata that the customer chooses to transmit. Moda processes Customer Data solely to provide the Services to that customer — for example, to ingest, store, analyze, segment, cluster, and surface insights from the conversations.

Customer Data is logically isolated per tenant and is processed under the instructions of the customer. Customers decide what data they send to Moda and are responsible for ensuring they have the necessary rights and notices to do so. We do not sell Customer Data, and we do not use Customer Data to build or train models for other customers except as permitted by the customer agreement.

If you are an end user of a Moda customer and want to exercise privacy rights over your data, please contact that customer directly, as they control how their data is collected and used. We will support our customers in responding to such requests as required by our DPA.

How we share personal information

We may share personal information with:

  • Service providers who process data on our behalf — such as cloud hosting, infrastructure, analytics, payment, and communications vendors — under contractual confidentiality and security obligations.
  • Professional advisors such as auditors, lawyers, and accountants.
  • Authorities and others where required to comply with law, legal process, or a lawful government request, or to protect the rights, safety, and security of Moda, our users, or the public.
  • In a business transaction such as a merger, financing, acquisition, or sale of assets, subject to this policy.

We do not sell personal information and do not share it for cross-context behavioral advertising.

Data retention and deletion

We retain personal information and Customer Data only for as long as necessary to fulfill the purposes for which it was collected, to provide the Services, and to comply with our legal, accounting, and reporting obligations. When determining retention periods we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and applicable legal requirements.

When data is no longer needed, or when you or a customer make a valid deletion request, we delete or de-identify it. For Customer Data, when a customer submits a valid deletion request, or upon termination of their agreement, we delete the customer’s ingested conversation telemetry and the analytics derived from it (such as embeddings, segments, summaries, and clusters) from our production systems within 30 days, unless we are required to retain it to comply with a legal obligation. Residual copies in encrypted, rolling backups are purged on their normal expiration cycle.

See How to request data deletion for the procedure.

Your privacy rights and choices

Depending on where you live, you may have rights under laws such as the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA), including the right to:

  • Access the personal information we hold about you and obtain a copy in a portable, machine-readable format.
  • Correct inaccurate or incomplete personal information.
  • Delete personal information we no longer need to provide the Services or for other lawful purposes (“Right to Erasure” / “Right to Delete”).
  • Object to or restrict certain processing, and withdraw consent where processing is based on consent.
  • Opt out of marketing communications at any time.

We do not discriminate against you for exercising these rights. Your choices may be limited where fulfilling a request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with a legal obligation. We may ask for information to verify your identity before acting on a request.

How to request data deletion

You can request deletion of your personal information, and customers can request deletion of their tenant’s Customer Data, at any time:

  • Email privacy@modaflows.com with the subject line “Data Deletion Request.”
  • Tell us whether you are requesting deletion of (a) your personal/account information, or (b) a customer tenant’s ingested Customer Data, and include the account or organization name so we can locate the data.

We will acknowledge your request, verify your identity and authority to make it, and confirm in writing once the data has been deleted. We complete verified Customer Data deletion requests within 30 days, in line with the SLA in the applicable customer agreement and DPA. If we cannot fully delete certain data because we are legally required to retain it, we will explain why and for how long.

Security

We use reasonable organizational, technical, and administrative measures designed to protect personal information and Customer Data, including encryption in transit and at rest, per-tenant isolation, and least-privilege access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

International data transfers

We may process and store personal information in countries other than the one in which you reside. Where we transfer personal information across borders, we rely on appropriate safeguards — such as Standard Contractual Clauses — to protect that information in accordance with applicable data protection laws.

Children

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If we learn that we have collected such information without the required consent, we will delete it.

Other sites and services

The Services may link to third-party websites and services that we do not operate. This policy does not apply to those services, and we are not responsible for their privacy practices. We encourage you to review their privacy policies.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

How to contact us

If you have questions about this policy or want to exercise your privacy rights, contact us at privacy@modaflows.com. You can also reach us through our contact page.