UseModra
Privacy Policy
Last updated: April 26, 2026
1. Introduction
UseModra ("we", "us", "our") operates the AI customer service platform at app.usemodra.com. This Privacy Policy explains how we collect, use, store, and protect your data and your customers' data when you use our Service.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Controller
UseModra acts as a data processor on behalf of our clients (you), who are the data controllers for your customers' data. For data we collect directly from you (account information, payment), we act as the data controller.
3. Data We Collect
From You (Client)
| Data | Purpose | Legal Basis |
|---|
| Name, email, business name | Account management | Contract |
| Shopify domain & access token | Order lookup & tracking | Contract |
| Gmail OAuth tokens | Email processing & replies | Contract |
| Payment info (via Stripe) | Subscription billing | Contract |
From Your Customers (End Users)
| Data | Purpose | Legal Basis |
|---|
| Email address | Identify sender, send reply | Legitimate interest |
| Email content (subject, body) | Classify inquiry, generate reply | Legitimate interest |
| Order information | Look up order status & tracking | Legitimate interest |
4. How We Use Data
- Email processing: We read incoming emails to classify the type of inquiry and generate appropriate responses.
- Order lookup: We query your Shopify store to find order details, tracking information, and fulfillment status.
- Response generation: We use AI (Claude by Anthropic) to generate professional customer service replies.
- Dashboard: We display processed emails, statistics, and response history in your dashboard.
- Billing: Payment data is processed by Stripe. We do not store credit card information.
5. AI Processing
Email content is sent to Anthropic's Claude API for classification and response generation. Anthropic's data usage policy states that API data is not used to train their models. We use the minimum data necessary for processing.
6. Data Storage & Retention
- Data is stored on Supabase (PostgreSQL) servers in the EU.
- Email content snippets (first 500 characters) and AI responses are stored for your dashboard.
- Full email content is not permanently stored — only processed in memory.
- Data is retained for the duration of your subscription plus 30 days.
- After account deletion, all data is permanently removed within 30 days.
- Gmail OAuth tokens are encrypted at rest.
7. Data Sharing
We do not sell or share your data. We only share data with:
- Anthropic (Claude API): Email content for AI processing.
- Google (Gmail API): To read and send emails on your behalf.
- Shopify: To look up orders via your store's API.
- Stripe: To process payments.
- Supabase: Database hosting.
- Vercel: Application hosting.
All third-party providers have their own privacy policies and data protection measures.
8. Your Rights (GDPR)
You have the right to:
- Access: Request a copy of all data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Portability: Request your data in a machine-readable format.
- Restriction: Request we limit processing of your data.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Disconnect your Gmail or Shopify at any time.
To exercise any of these rights, contact us at stormwebdesignzakelijk@gmail.com. We will respond within 30 days.
9. Your Responsibilities
As the data controller for your customers' data, you are responsible for:
- Having a legal basis to process your customers' emails through our Service.
- Informing your customers that automated systems may process their inquiries.
- Including appropriate privacy disclosures in your own privacy policy.
- Responding to data subject requests from your customers.
10. Security
- All data is transmitted over HTTPS/TLS encryption.
- OAuth tokens are stored securely and never exposed in client-side code.
- Access to production systems is restricted to authorized personnel only.
- We conduct regular security reviews of our infrastructure.
11. Cookies
We use minimal cookies and local storage for:
- Session management (login state).
- Onboarding progress.
We do not use tracking cookies or third-party analytics.
12. Children
The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors.
13. International Transfers
Some of our third-party providers (Anthropic, Vercel) may process data outside the EU. These providers maintain appropriate safeguards including Standard Contractual Clauses (SCCs) where required.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates the latest revision.
15. Contact
For privacy-related questions or requests:
Email: stormwebdesignzakelijk@gmail.com