MODALITY.INK – PRIVACY POLICY
Last updated 16 June 2025
1 Who We Are
Controller: JB Jerzy Balcerzak, NIP 9471951277
Bluszczańska 30 D/12, 00-712 Warsaw, Poland
Contact (general & privacy): contact@modality.ink
Data-Protection Officer (DPO): Jerzy Balcerzak – contact@modality.ink
2 Scope
This Policy explains how we collect, use, share, and protect personal data when you use Modality.Ink (the “Service”). It applies to all users aged 18 or older. We do not knowingly provide the Service to children.
3 What Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account Data | Name, email, Google profile image | You / Google Sign-In |
| Usage Data | Generated Articles, upload history, feature interactions | Automatically |
| Payment Data | Last four digits of card, billing address, Stripe customer ID | Stripe |
| Support Data | Messages sent via Crisp chat or email | You |
| Analytics | Pseudonymous page views & events (no cookies) | Umami |
We do not collect special-category data (e.g., health or biometric data).
4 Why & On What Legal Basis We Process Data
| Purpose | Legal basis under GDPR |
|---|---|
| Provide and maintain the Service (create Articles, manage Credits, authenticate users) | Contract performance (Art. 6 (1)(b)) |
| Process payments and prevent fraud | Legitimate interests (Art. 6 (1)(f)) & legal obligation for accounting (Art. 6 (1)(c)) |
| Send operational emails (receipts, service updates) | Contract performance |
| Send optional marketing newsletters | Consent (Art. 6 (1)(a)) – you may withdraw at any time |
| Improve the Service (analytics, debugging) | Legitimate interests |
| Comply with legal requests and tax obligations | Legal obligation |
| Technical Cookies (chat session management) | Legitimate interests (Art. 6 (1)(f)) – session cookies (e.g., crisp-client/*) used to maintain chat state across pages or visits; do not track behavior. |
5 Marketing Communications
We may occasionally email product news or promotions if you have opted in (e.g., a checkbox at sign-up). You can unsubscribe at any time via the link at the bottom of each message or by emailing contact@modality.ink.
6 Retention Periods
| Data set | Retention rule |
|---|---|
| Account data | Stored while the account is active and deleted 30 days after you request account deletion or after 24 months of inactivity |
| Uploaded Materials & generated Articles | Stored until you delete them or delete your account |
| Payment & invoicing records | 7 years (tax law) |
| Back-ups | Encrypted, stored in GCP for 1 year, then securely purged |
| Server logs & Umami analytics | 30 days, then aggregated or deleted |
| Support tickets | 24 months after resolution |
7 Where We Store & Process Data
- Google Cloud Platform (GCP) – us-central (Iowa, USA)
- Stripe – USA & EEA
- OpenAI, Google Gemini, Anthropic APIs – USA
- Crisp – EU (France) datacentres
Because some providers are outside the European Economic Area (“EEA”), personal data may be transferred internationally. We rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- The provider's certification under an adequacy mechanism (e.g., EU-US Data Privacy Framework, where applicable).
Copies of SCCs are available on request.
8 Third-Party Recipients
| Recipient | Role |
|---|---|
| Stripe Payments Europe Ltd. | Payment processing & fraud prevention |
| Google Cloud Platform | Hosting, storage, back-ups |
| OpenAI LLC, Google LLC, Anthropic PBC | AI model inference (content generation) |
| Crisp IM SAS | Customer chat & support |
| Umami (self-hosted) | Cookieless analytics |
We share only the minimum data needed for each purpose.
9 Cookies & Similar Technologies
- Umami: runs cookieless; no personal cookies.
- Stripe & Crisp:set strictly necessary cookies to enable payment processing and chat functionality. These cookies are used solely for technical purposes (e.g., session continuity, fraud prevention) and are not used for behavioral tracking. You can block cookies via your browser settings, but chat and payments may not function properly.
You can block cookies via your browser settings, but payments or chat may not function.
10 Security Measures
- TLS 1.2+ encryption in transit
- AES-256 encryption at rest on GCP
- Least-privilege, role-based access and MFA for admin accounts
- Automated back-ups with integrity checks
- Regular dependency patching and infrastructure hardening
- Annual penetration testing and vulnerability scans
11 Automated Decision-Making
The Service generates Articles only when you request it. We do not perform automated decision-making that produces legal or similarly significant effects on you.
12 Your Rights (GDPR & UK GDPR)
You may exercise the following rights by emailing contact@modality.ink:
- Access – obtain a copy of your personal data.
- Rectification – correct inaccurate data.
- Erasure – request deletion (“right to be forgotten”).
- Restriction – limit processing under certain conditions.
- Portability – receive data in a structured, machine-readable format.
- Objection – object to processing based on legitimate interests or direct marketing.
- Withdraw consent – at any time, for marketing emails.
We will respond within 30 days. You also have the right to lodge a complaint with the relevant data protection authority in Poland or your local supervisory authority.
13 CCPA Notice (California Residents)
Modality.Ink is not currently a “business” under the California Consumer Privacy Act, but we voluntarily extend comparable rights of access and deletion. We do not sell or share personal data as defined by the CCPA.
14 Changes to This Policy
We may update this Policy from time to time. Material changes will be emailed to registered users at least 7 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
15 Contact Us
For questions about this Policy or your personal data, email us at contact@modality.ink
© 2025 Modality.Ink. All rights reserved.