Modash OU (“Modash”, “we” or “us”) is an Estonian company offering SaaS services at its influencer/creator marketing web platform found at marketer.modash.io and creator.modash.io (the “Platform”). The Platform provides services for brands, agencies and creators.
Modash respects your privacy. This Privacy Policy (this “Policy”) describes how we process Personal Data (as defined below) we gather through in the course of operating the Platform (including if you are a content creator, if you subscribe to use our Platform, or if you sign up for a free trial), when you interact with Modash, and when you apply for a job at Modash. It also tells you about your rights and choices with respect to your Personal Data, and how you can contact us if you have any queries or concerns.
In this Policy, “Personal Data” means any information relating to an identified or identifiable natural person. We may collect and process Personal Data about you in the ways outlined below. Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide Personal Data when requested, you may not be able to benefit from our Services if that information is necessary to provide you with them or if we are legally required to collect it.
Information provided by you
Information provided by Platform users when creating an account. If you use the Modash Platform to find, analyze and track content creators (“Creators”) for your campaigns, we will ask you to provide us with Personal Data including your name and contact details ( e.g., work email address), and the company you work for. We may also ask you to provide us with billing data, such as your bank account, payment card and billing address to facilitate your subscription plan. We will also ask you to create a username and password for access to the Platform.
Information provided by content creators who sign up to be paid via the Platform. If you are a Creator, or you are a representative of a Creator, and you are invited by a brand to be paid via the Platform, we will collect information including your name, handle, email, and payment information (e.g., your IBAN/BIC/SWIFT Code and VAT registration number).
When you contact us. If you contact us using a contact form, via email, or by other means, you may provide us with Personal Data, such as your name and contact details, the company you work for, and the content, date and time of our communications.
When you apply for a job. If you apply for a job, you may provide us with Personal Data, such as your educational and professional history, certifications, interests and accomplishments, job and salary preferences, professional resumes and CVs, assessments, and references.
Information collected via automated means
Publicly available information. We collect information about Creators and their audience from publicly available resources. This includes Personal Data that the Creator or their audience has posted, such as their name, contact details (e.g., email address), location, bio, interests, photos, video and other content.
Cookies and similar technologies. We use cookies and similar technologies (collectively “cookies”) to ensure that our website and Platform function properly, to understand how you use those services, to improve our products and to assist with marketing campaigns. Cookies are small text files containing a string of alphanumeric characters. We and third-party partners collect information using cookies, pixel tags, or similar technologies. For more information on our use of cookies, please refer to our Cookie Policy.
Information collected from other sources
Information from Google. We may obtain Personal Data about you from Google if you choose to sign in using their services. The information we receive from Google may include your name, email address, language preference and profile picture.
Information from business intelligence platforms. We may obtain Personal Data about you, such as your email address, from business intelligence platforms, including ZoomInfo and Clearbit.
We will only process your Personal Data based on a valid legal ground. The table below describes the legal ground by purpose.
We may share your Personal Data with third parties in the following circumstances:
Service providers, vendors and analytics partners. We work with third party service providers to operate our Platform, including for IT infrastructure, web performance and security, communications, payments, project management, customer support and management, marketing, workflow management, recruitment and job applications, and other services. These third parties may have access to or process your Personal Data as part of providing those services to us. In addition, we use analytics service providers such as Fullstory, Microsoft Clarity, Amplitude and Google Analytics to collect and process certain analytics data.
Legal. We may disclose your Personal Data to third parties if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose your Personal Data that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Platform and any facilities or equipment used to make our Platform available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.
Merger. We may disclose or otherwise transfer Personal Data to an acquirer, investor, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, financing or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
Consent. We may also disclose your Personal Data with your permission.
We take measures to delete your Personal Data or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we need to retain certain information as required by law, including to comply with tax requirements, or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse or enforce our terms and conditions. When determining the specific retention period, we take into account various criteria, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the relevant statute of limitations. For instance:
Account data. We will retain your user account data as long as you are an active user, and for three years after that.
Invoicing data. We are legally obliged to keep invoicing data and the documentation on which it is based for seven years.
Backups. We keep backups for as long as you are an active user, and for three years after that.
Depending on where you reside, you may also have the following legal rights:
Access and Portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have provided to us, and request information about its processing.
Rectification and Deletion. You may ask us to update and correct inaccuracies in your Personal Data, or to have the information anonymised or deleted, as appropriate.
Restriction and Objection. You may ask us to restrict the processing of your Personal Data, or object to such processing.
Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
Complaint. You may lodge a complaint with your local data protection authority, the details of which you can find here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en. If you are in the UK, you can contact the Information Commissioner’s Office, who you can contact using the details found at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority, so please contact us in the first instance.
You may exercise these rights by contacting us using the contact details at the end of this Policy. Please note that there are exceptions and limitations to each of these rights.
Our Platform may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.
We make reasonable efforts to protect your Personal Data by using physical and electronic safeguards designed to improve the security of the information we maintain. However, because no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information, to the extent permitted by applicable law.
We do not knowingly collect, maintain, or use Personal Data from children under 13 years of age, and no part of our Platform is directed to children. If you learn that a child has provided us with Personal Data in violation of this Policy, then you may alert us by contacting us using the contact details at the end of this Policy.
We may use outsourced services in countries outside Europe from time to time in order to support our business. If we need to transfer your Personal Data to a country outside of Europe where the level of protection of Personal Data may be different than in your country, we will comply with applicable data protection laws. In particular we will rely on (i) an EU Commission, UK or Swiss government adequacy decision, (ii) contractual protections for the transfer of your Personal Data, or (iii) another valid data transfer mechanism. If you are located in Europe, you may contact us as specified below for more information about the safeguards we use to transfer Personal Data outside of Europe.
We may update this Policy from time to time to reflect changes in our privacy practices. If we modify this Policy, we will indicate the date of the latest revision at the top of this Policy.
Should you have any queries regarding this Policy, about Modash's processing of your Personal Data or if you wish to exercise your rights with respect to your Personal Data, you can contact Modash by email: privacy@modash.io or by writing to us at: Telliskivi 60a, B-building, 10412 Tallinn, Estonia.