Get started

Privacy Policy

Last updated: May 18, 2026

This Privacy Policy describes how Chia Lab Srl (“Chialab”, “we”, “us”) collects, uses, and protects personal data when you use Modula. It applies to all users of the Modula platform available at https://modula.dev.

Chialab is the data controller within the meaning of the EU General Data Protection Regulation (GDPR), Regulation (EU) 2016/679.

1. Data We Collect

1.1 Account data

When you create an account, we collect:

  • Email address — used for authentication and service communications.
  • Name — used to personalise your account.
  • Password hash — stored as a one-way hash; we never store plaintext passwords.

If you sign in with Google, we receive your Google profile name and email via OAuth 2.0 (see Section 4).

1.2 Subscription and billing data

We store the subscription plan associated with your account (Playground, Pro, or Business) and, for paid plans, records of invoices and payment events. Full payment card details are handled by our payment processor and are not stored by Chialab.

1.3 Usage data

We collect technical logs and, with your consent, anonymised usage telemetry to understand which components and SKILLs are most useful. Telemetry events do not contain the content of Artifacts you create.

1.4 Technical data

When you access Modula, our servers automatically record your IP address, browser type, pages visited, and timestamps. These logs are used for security monitoring and are retained for no longer than 90 days.

2. How We Use Your Data

PurposeLegal basis
Providing and operating the servicePerformance of a contract (Art. 6(1)(b) GDPR)
Authentication and account securityLegitimate interest (Art. 6(1)(f) GDPR)
Billing and subscription managementPerformance of a contract (Art. 6(1)(b) GDPR)
Service communications (updates, security notices)Legitimate interest (Art. 6(1)(f) GDPR)
Usage analytics and product improvementConsent (Art. 6(1)(a) GDPR)
Compliance with legal obligationsLegal obligation (Art. 6(1)(c) GDPR)

3. Cookies and Session Storage

Modula uses session cookies to keep you signed in. These are strictly necessary for the service to function and do not require your consent. We do not use third-party advertising or tracking cookies.

Session data is stored in an encrypted Redis cache. Sessions expire after a period of inactivity.

4. Third-Party Services

Google OAuth

If you choose to sign in with Google, your authentication is handled by Google LLC under its own Privacy Policy. We receive only your email address and display name from Google; we do not receive or store your Google password.

Email delivery

Transactional emails (magic-link sign-in, subscription confirmations) are sent via an email delivery provider. Your email address is shared with this provider solely for the purpose of delivering those messages.

5. AI Connectors

When you connect Modula to an AI assistant (ChatGPT, Claude, Gemini) via MCP, Modula receives requests from the AI on your behalf. These requests contain only the information needed to serve components or bundle code (e.g., package names, format parameters). Modula does not receive or store the content of your conversations with your AI assistant.

6. Data Retention

  • Account data: retained for the duration of your account plus 12 months after deletion, to allow re-activation and comply with legal obligations.
  • Technical logs: retained for 90 days.
  • Billing records: retained for 10 years in accordance with Italian accounting law.
  • Usage telemetry: retained in anonymised, aggregated form indefinitely; raw event data retained for 12 months.

7. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate data;
  • Erase your data (“right to be forgotten”), subject to legal retention obligations;
  • Restrict processing in certain circumstances;
  • Object to processing based on legitimate interest;
  • Data portability — receive your data in a machine-readable format;
  • Withdraw consent at any time (for processing based on consent, such as telemetry);
  • Lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, www.garanteprivacy.it).

To exercise any of these rights, contact us at privacy@chialab.it.

8. International Transfers

Chialab is based in Italy (EU). If any service provider processes data outside the EEA, we ensure adequate safeguards are in place (e.g., EU Standard Contractual Clauses).

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

10. Data Controller Contact Information

Chia Lab Srl
via Arrigo Lucchini 9, 40134 Bologna, Italy
vat: IT04224030371
info@chialab.it

Modula is an experimental SaaS platform for distributing Web Components. If what you found on this site sounds interesting, please reach out to us at info@chialab.it while we are setting up the platform.