Terms of Service

Last updated: December 28, 2025

Table of Contents

1. Agreement to Terms

By accessing or using the Modus web application or any services offered at https://www.getmodus.com (collectively, the "Services"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree, you may not use the Services.

2. Eligibility and Accounts

You must be at least 16 years old and capable of forming a binding contract to create an account. Account registration can be completed using email or OAuth authentication (including Google and other supported providers). You are responsible for keeping your login credentials secure and for all activities that occur under your account.

3. The Services

Modus is an agentic workforce for data teams, allowing you to create automations of any data work. Features include:

  • Automated data processing and analysis workflows
  • AI-powered data agents that perform complex data tasks
  • Collaboration with teammates through shared links
  • Leverage AI models from OpenAI, Anthropic, and other providers for natural-language query generation, summarization, and recommendations

4. License

Subject to these Terms, Modus grants you a limited, non-exclusive, non-transferable, revocable license to access and use the web application solely for your internal business or personal purposes.

5. Use Restrictions

You may not:

  • Reverse engineer, decompile, or disassemble the software except as permitted by law
  • Circumvent technical limitations or security features
  • Use the Services to develop or train competing AI or analytics products
  • Upload or publish unlawful or infringing content
  • Violate applicable export, privacy, or data-protection laws

6. AI Processing

Modus automatically submits relevant portions of your data to third-party AI providers to power core features. Paid, no-data-retention endpoints are used. You acknowledge and agree that:

  • AI outputs may contain errors. You must validate results before relying on them.
  • You cannot disable core AI processing or AI metadata reporting.
  • You will not input content that you are prohibited from sharing with third parties.
Important: AI outputs may contain errors and should be validated before use in production environments.

7. User Content

"User Content" means data, files, prompts, and any output you create with the Services. Except for the limited rights granted to Modus to operate the Services, you retain all ownership in User Content. You represent that you have all rights necessary to submit the User Content and to grant Modus the rights described in these Terms.

8. Cloud Storage

By using the Services, you acknowledge that your data is hosted on AWS servers, primarily located in the United States, though the specific region may vary. You are solely responsible for ensuring that your content does not contain confidential or regulated information beyond what you're authorized to share. Deletion from cloud storage is a manual process requiring tenant deletion, which will be completed within 90 days of your deletion request.

Data Responsibility: You are responsible for ensuring your content complies with applicable regulations and does not contain unauthorized confidential information.

9. Payment and Subscriptions

Modus does not currently offer automatic payment processing. Pricing and payment arrangements are handled separately. Any fees agreed upon are non-refundable except where required by law.

10. Updates and Beta Features

Modus may provide automatic updates or new features. Beta or preview features are offered "as is" and may be changed or discontinued at any time without notice.

11. Proprietary Rights

Modus and its licensors own all intellectual property rights in the Services. All trademarks, logos, and product names are the property of their respective owners.

12. Feedback

If you provide ideas, suggestions, or feedback, you grant Modus a perpetual, irrevocable, royalty-free license to use that feedback for any purpose without compensation.

13. Privacy

Our Privacy Policy explains how we collect, use, and safeguard personal data and is incorporated by reference. By using the Services, you consent to our data practices.

14. Termination

You may stop using the Services at any time. Modus may suspend or terminate your access if you breach these Terms or if required by law. Sections 6, 7, 9, 11, 12, 15-19 survive termination.

Surviving Sections After Termination:

  • AI Processing (Section 6)
  • User Content (Section 7)
  • Payment and Subscriptions (Section 9)
  • Proprietary Rights (Section 11)
  • Feedback (Section 12)
  • Disclaimers (Section 15)
  • Limitation of Liability (Section 16)
  • Indemnification (Section 17)
  • Export Compliance (Section 18)
  • Governing Law and Dispute Resolution (Section 19)

15. Disclaimers

The Services are provided "as is" and "as available." Modus disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. Modus does not warrant that the Services will be error-free, uninterrupted, or secure, or that AI outputs will be accurate.

No Warranty: The Services are provided "as is" without any warranties, express or implied.

16. Limitation of Liability

To the maximum extent permitted by law, Modus will not be liable for indirect, incidental, special, consequential, or punitive damages, or for loss of profits, data, or goodwill, even if advised of the possibility. Modus's total liability arising out of or relating to the Services is limited to the amount you paid to Modus in the 12 months preceding the claim.

17. Indemnification

You agree to indemnify and hold harmless Modus and its officers, directors, employees, and agents from any claims, damages, or expenses arising from your use of the Services or violation of these Terms.

18. Export Compliance

You may not use or export the Services in violation of applicable export laws and regulations.

19. Governing Law and Dispute Resolution

These Terms are governed by the laws of the State of Delaware without regard to conflict-of-law rules. Any dispute that cannot be resolved informally will be submitted to the exclusive jurisdiction of the competent courts in Delaware. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Legal Aspect Details
Governing Law Laws of the State of Delaware
Jurisdiction Courts in Delaware
Conflict of Laws Rules do not apply
UN Convention Does not apply to these Terms

20. Changes to Terms

We may modify these Terms. Material changes will be posted in-app or on https://www.getmodus.com and will become effective 14 days after notice. Your continued use of the Services after the effective date constitutes acceptance of the revised Terms.

21. Contact

Modus Legal Team

Email: contact@getmodus.com

If you have questions about these Terms, please contact us at the address above.

Privacy Policy

Last updated: December 28, 2025

Table of Contents

1. Who We Are

Modus ("Modus," "we," "our," or "us") is an agentic workforce for data teams, allowing you to create automations of any data work. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our website (https://www.getmodus.com) and the Modus web application (together, the "Services").

2. Scope

This Policy applies to any person who visits our website or uses the Modus web application. This includes users accessing the Services from any location, including California residents who have specific rights under the CCPA (see Section 10A below).

3. Information We Collect

Category What We Collect Purpose Legal Basis (EU/UK)
Account Data Name, email address, authentication identifier (OAuth or email-based) Account creation, authentication Contract performance
Usage Metrics Pages visited, feature interactions, error events, volumes of usage (via Datadog) Product analytics, debugging, service improvement Legitimate interests; consent where required
AI Interaction Metadata Structural metadata about prompts and responses (never raw content) Model quality improvement, troubleshooting Legitimate interests
User-Uploaded Content Datasets, notebooks, dashboards, reports you choose to import or publish Core functionality Contract performance
Integration Data Data imported through database integrations (e.g., BigQuery, Snowflake, PostgreSQL, MySQL, Clickhouse, Oracle, Databricks, SQLite, CSV files), including table schemas, query results, and metadata Core functionality, data analysis Contract performance
Technical Data Device type, OS version, app version, IP-derived region Security, fraud prevention, analytics Legitimate interests

Cookies: Modus uses essential cookies for authentication and session management. Website analytics use Google Analytics cookies on getmodus.com. You can control cookie preferences through your browser settings.

4. How We Use Information

  • Provide, operate, and maintain the Services
  • Authenticate users and secure accounts
  • Diagnose and fix bugs or performance issues
  • Improve and develop new features, including AI models
  • Send service-related notices (e.g., critical updates)
  • Comply with legal obligations
We do not sell or rent your personal information.

5. AI Processing Details

Question Answer
Third-party providers OpenRouter (AI model routing platform providing access to various AI models); all via paid, no-data-retention endpoints
Data sent Text you explicitly run through AI features, project structure, and relevant code or schema snippets
PII transmission Possible if your data contains it; no automatic removal
Vendor training Vendors are contractually opted-out of training on your content
Our own training We may train models on aggregated, de-identified statistics (never raw user content)
Opt-out Core AI processing and AI metadata reporting cannot be disabled because they underpin Modus's functionality

6. How We Share Information

We share information only with the subprocessors necessary to run Modus:

Mandatory Subprocessors

Subprocessor Purpose
AWS Cloud hosting and storage infrastructure
Google Cloud Platform (GCP) Cloud infrastructure and services
ClickHouse Database and analytics processing
Clerk Authentication and user management
Datadog Product analytics and monitoring
OpenRouter AI model routing and inference platform

Optional Subprocessors (Add-ons)

The following subprocessors are only used if you enable specific add-on features:

Subprocessor Purpose
Pipedream Workflow automation and integrations
E2B Code execution and sandboxing environment
Mem0 Memory and context management for AI
Tavily AI-powered web search and research

Each subprocessor is bound by a Data Processing Agreement (DPA) and Standard Contractual Clauses (SCCs) or Data Privacy Framework participation where applicable. See the Data Processing Agreement for complete details.

7. Data Location & International Transfers

Your data is hosted in the cloud on servers primarily located in the United States (AWS), though the specific region may vary. Data may be transferred internationally for AI processing and analytics. We rely on Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework, or other recognized safeguards for such transfers. California residents should note that their data may be transferred outside of California and the United States for processing.

8. Security

  • TLS encryption for all in-transit data leaving your device
  • Encryption-at-rest for any cloud-stored secrets and published content
  • Secrets (e.g., API keys, passwords) stored in OS-level secure keychains
  • Access to production systems limited to a small, vetted Modus team on a least-privilege basis
  • Continuous monitoring and automated alerts via Datadog

9. Retention

  • Cloud-hosted data: retained until you request deletion
  • Tenant deletion: manual process completed within 90 days of your deletion request
  • Account records and logs: retained until you request deletion, then erased as part of tenant deletion process
  • Backup copies: may persist in encrypted backups for up to 90 days before permanent deletion

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Delete your data ("right to be forgotten")
  • Export data in a portable format
  • Object to or restrict certain processing

How to exercise:

  • Account data: email contact@getmodus.com from your registered address
  • In-app data: use the data management tools within the application settings

We will respond to requests within 30 days (45 days for California residents under CCPA). Deletion from cloud storage requires a manual tenant deletion process, which will be completed within 90 days.

10A. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

Categories of Personal Information We Collect

We collect the following categories of personal information, as described in Section 3 above:

  • Identifiers (name, email address, OAuth identifier)
  • Internet or network activity (usage metrics, browsing history on our site)
  • Professional or employment-related information (if included in datasets you upload)
  • Inferences drawn from the above to create user profiles

Your CCPA Rights

California residents have the right to:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share personal information.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions under the CCPA.
  • Right to Opt-Out of Sale: We do not sell personal information to third parties. If our practices change, we will update this Policy and provide an opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights, including by denying goods or services, charging different prices, or providing a different level of quality.
  • Right to Correct: Request correction of inaccurate personal information we maintain about you.
  • Right to Limit Use of Sensitive Personal Information: While we do not intentionally collect sensitive personal information, if you believe we have such information, you may request that we limit its use.

How We Use Personal Information

We use personal information for the business and commercial purposes described in Section 4 of this Privacy Policy. We do not sell personal information. We may share personal information with service providers (subprocessors listed in Section 6) who perform services on our behalf.

Data Retention

We retain personal information as described in Section 9 of this Privacy Policy. California residents can request deletion at any time, subject to legal exceptions.

How to Exercise Your CCPA Rights

To exercise your CCPA rights, you may:

  • Email us at: contact@getmodus.com
  • Use the data management tools in your account settings

You will need to verify your identity before we can fulfill your request. We will respond within 45 days of receipt of your request. If we require more time, we will inform you of the reason and extension period in writing.

Authorized Agents

You may designate an authorized agent to make a request on your behalf. The authorized agent must provide proof of authorization, and we may require you to verify your identity directly with us.

Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request certain information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

California Privacy Contact

Email: contact@getmodus.com

Subject Line: "California Privacy Rights Request"

11. Children

Modus is not directed to children under 16, and we do not knowingly collect data from minors. If you believe a minor has provided personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in-app or via email at least 14 days before they take effect. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.

13. Contact Us

Modus Privacy Team

Email: contact@getmodus.com

For any questions about this Policy or our privacy practices, please contact us using the information above.

Data Processing Agreement

Effective date: December 28, 2025

Agreement Context: This Data Processing Agreement ("Agreement") forms part of the Terms of Service or other written or electronic agreement between Modus Ltd. ("Processor" or "Modus") and the customer entity that accepts or otherwise agrees to those terms ("Controller" or "Customer").

Table of Contents

1. Definitions

Term Definition
Applicable Data Protection Law All laws and regulations regarding the protection of Personal Data that apply to the Processing under this Agreement, including the EU and UK GDPR.
Personal Data Any information relating to an identified or identifiable natural person that is Processed by Modus on behalf of Customer.
Processing, Processor, and Controller Have the meanings set out in Applicable Data Protection Law.
Standard Contractual Clauses The clauses adopted by the European Commission Implementing Decision 2021/914 and, where relevant, the UK Addendum.
Services The Modus desktop application, website, and any related cloud features provided to Customer.

2. Subject Matter and Duration

  • 2.1 This Agreement governs Modus's Processing of Personal Data on behalf of Customer in the course of providing the Services.
  • 2.2 This Agreement remains in force for the term of the underlying Services agreement and until all Personal Data has been deleted or returned to Customer.

3. Purpose and Nature of Processing

Modus Processes Personal Data solely to provide, secure, and improve the Services, including:

  • Web-based analytics platform functions
  • Cloud storage and publication of notebooks, dashboards, and reports
  • Error monitoring, usage analytics, and product development
  • Automated AI-powered analysis using third-party model providers (see Annex III)

4. Categories of Data and Data Subjects

Item Description
Data Subjects Customer's employees, contractors, end users, and any individuals whose data appears in datasets Customer imports
Categories of Personal Data Names, email addresses, authentication identifiers (OAuth or email-based), usage metrics (pseudonymous), technical device data, any Personal Data included by Customer in uploaded datasets or published reports
Special Categories Not intended – Customer must not intentionally submit special-category data without a lawful basis

Full details appear in Annex I.

5. Obligations of Controller

Customer will:

  • a. ensure it has a valid legal basis for all Processing carried out under this Agreement,
  • b. provide any required notices to data subjects,
  • c. not instruct Modus to Process Personal Data in violation of Applicable Data Protection Law.

6. Obligations of Processor

Modus shall:

  • 6.1 Process only on documented instructions – including those set out in the Agreement, unless otherwise required by EU or Member State law.
  • 6.2 Confidentiality – ensure all personnel authorised to Process Personal Data are subject to confidentiality obligations.
  • 6.3 Security – implement the technical and organisational measures in Annex II and maintain them throughout the term.
  • 6.4 Sub-processors – engage only the sub-processors listed in Annex III and notify Customer of any intended additions or replacements, giving Customer an opportunity to object on reasonable grounds.
  • 6.5 Data Subject Rights – taking into account the nature of the Processing, assist Customer by appropriate technical and organisational measures to respond to requests for exercising data-subject rights.
  • 6.6 Data Protection Impact Assessments – provide reasonable assistance to Customer with DPIAs and prior consultations with supervisory authorities where required.
  • 6.7 Breach Notification – notify Customer without undue delay after becoming aware of a Personal Data Breach and provide information necessary for Customer to comply with its legal obligations.
  • 6.8 Return or Deletion – at termination, delete or return Personal Data at Customer's choice, except to the extent EU or Member State law requires retention.

7. International Transfers

  • 7.1 Where Modus or its sub-processors transfer Personal Data outside the EEA or UK to a country that has not received an adequacy decision, such transfer shall be governed by the Standard Contractual Clauses incorporated by reference.
  • 7.2 For transfers to the United States, Modus or the relevant sub-processor will rely on either the Data Privacy Framework certification or the SCCs.

8. Audits

Modus will make available all information necessary to demonstrate compliance with this Agreement and allow, at Customer's reasonable request and expense, audits by an independent third party bound to confidentiality. Audits may occur once per year and after any material Personal Data Breach.

9. Liability and Indemnity

Each party is liable for the damages it causes by any Processing that infringes Applicable Data Protection Law. Liability limitations in the main Services agreement apply to this Agreement to the maximum extent permitted by law.

10. Precedence

In the event of conflict, the provisions of the Standard Contractual Clauses prevail, followed by this Agreement, followed by the main Services agreement.

11. Governing Law

This Agreement is governed by the same law and jurisdiction as the main Services agreement, unless the SCCs require otherwise.

Annex I – Details of Processing

Element Description
Processor Modus, Inc., Delaware
Controller The Customer entity that accepted the Modus Terms of Service
Purpose Provide and improve the Modus Services, including AI-powered analytics, publishing features, account management, security, and support
Data Subjects See Section 4
Personal Data See Section 4
Duration For the term of the Services plus deletion period
Frequency Continuous and ad-hoc, depending on user interactions
Location of Processing Cloud-based operations primarily in the United States (AWS, region may vary) and AI processing as listed in Annex III

Annex II – Technical and Organisational Security Measures

Encryption

  • TLS 1.2+ for all data in transit leaving the user's device
  • AES-256 or stronger encryption for secrets stored in the cloud

Access Control

  • Role based access with least-privilege principle
  • Multi-factor authentication for privileged accounts

Physical Security

  • Cloud infrastructure hosted in ISO 27001 certified data centres (AWS)

System Security

  • Separation of production and development environments
  • Automated dependency vulnerability scanning
  • Regular penetration testing

Monitoring and Logging

  • Centralised logging with tamper protection
  • Real-time alerting via Datadog for anomalous events

Business Continuity

  • Encrypted backups of published content
  • Disaster recovery plan tested at least annually

Personnel Security

  • Background checks for employees with production access
  • Mandatory security awareness training

Incident Response

  • Documented procedure defining roles, escalation paths, and customer communication timelines

Annex III – Approved Sub-processors

Mandatory Sub-processors

Sub-processor Description
Amazon Web Services (AWS) Cloud hosting and storage infrastructure
Google Cloud Platform (GCP) Cloud infrastructure and services
ClickHouse Database and analytics processing
Clerk Authentication and user management
Datadog Product analytics and monitoring
OpenRouter AI model routing and inference platform

Optional Sub-processors (Add-ons)

The following sub-processors are only utilized if you enable specific add-on features:

Sub-processor Description
Pipedream Workflow automation and integrations
E2B Code execution and sandboxing environment
Mem0 Memory and context management for AI
Tavily AI-powered web search and research
Updates: Updates to sub-processors will be updated in here at least 14 days before activation.