GDPR and Data Protection
Last Updated: July 7, 2026
1. What this page covers
This page provides a practical GDPR overview for ModuPage. It explains how ModuPage approaches personal data protection across website usage, account management, support conversations, billing events, and customer-created project content.
It supplements, but does not replace, the Privacy Policy, Terms of Service, Refund Policy, and Contact page.
2. GDPR roles
- For website operations, authentication, support records, billing interactions, and security logs, ModuPage generally acts as a controller for its own business purposes.
- For customer-created project content, templates, word banks, and generated files that may contain personal data, ModuPage may act as a processor or service provider where applicable, while the customer remains responsible for what content is entered and how it is used or published.
3. Personal data categories
- Account data: email address, authentication identifiers, and related account records.
- Project content: templates, project settings, word banks, generated files, and customer content entered into the product.
- Billing data: billing contact details, receipts, taxes, and transaction metadata handled through our merchant-of-record provider.
- Technical and usage data: service logs, analytics, performance signals, and security events.
4. Your rights
Depending on your location and the applicable law, you may have the right to request access, correction, deletion, restriction, objection, or export of your personal data.
To make a privacy or GDPR request, contact support@modupage.com. ModuPage may ask for enough information to verify the request before taking action.
5. Retention and deletion
- Account, support, and billing records may be retained for legal, fraud-prevention, tax, and operational reasons.
- Customer project content may remain available until deleted by the customer or removed following a verified request, subject to backups and compliance obligations.
- Backup and security systems may retain limited data for a reasonable period after deletion requests are processed.
6. Third-party services and transfers
- Supabase: database and authentication infrastructure.
- Lemon Squeezy: merchant-of-record handling checkout, payment collection, receipts, and taxes.
- PostHog: product analytics and related usage insights.
- Vercel: hosting and deployment infrastructure.
ModuPage and its providers may process personal data in multiple countries. Where applicable, ModuPage aims to use lawful transfer mechanisms and reasonable safeguards for cross-border processing.
7. Public legal documents
- Privacy Policy explains what personal data ModuPage collects and how it is used.
- Terms of Service explains the platform terms and billing framework.
- Refund Policy explains refunds, billing exceptions, and support process.
- Contact provides current support and operator contact details.
8. Operator details
- Operator: Ksenoria OÜ
- Entity: Private limited company registered in Estonia
- Registration code: 17546111
- Registered address: Narva mnt 5, Tallinn, Harju maakond, Estonia 10117
- Privacy contact: support@modupage.com