Privacy Policy
This Privacy Policy explains how modeum, operated by Stageleader Ltd (company number 16376742, registered office 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE), registered in England and Wales ("we", "us"), handles personal data. It is written to align with the UK GDPR and the Data Protection Act 2018.
1. Controller and processor — the important distinction
modeum is a multi-tenant tool: each consultancy works in its own private workspace.
- For account and identity data — the details of the people who sign in (name, email, password, workspace role) — we are the data controller.
- For the business data a consultancy puts into its workspace — its leads, clients, resources, engagements, timesheets, invoices and uploaded documents, which may include personal data about that consultancy's own clients and associates — we act as a data processor and the consultancy is the controller. We process that data only to provide the Service and on the consultancy's instructions. A data processing agreement (DPA) is available on request.
2. What we collect
- Account/identity: your name, email address, a securely hashed password, and your role and membership in each workspace.
- Technical/usage: limited security and operational records — for example IP address and timestamps of sign-in attempts (to prevent abuse) and a log of transactional emails we send.
- Workspace content: whatever a consultancy enters into its workspace (see section 1).
3. Lawful bases
We rely on: performance of a contract (to provide the Service to you); legitimate interests (to secure, operate and improve the platform, and to prevent abuse), balanced against your rights; and legal obligation (for example accounting records where fees apply).
4. How we use personal data
To provide and secure the Service; to send transactional emails (such as invitations, password resets and notifications); to respond to you; and to meet our legal obligations. We do not sell your personal data, and we do not use it for advertising.
5. Cookies
modeum uses a single strictly necessary cookie to keep you signed in during a session. We do not use advertising, analytics or tracking cookies, so no cookie-consent banner is required.
6. Sub-processors
We use a small number of trusted providers to run the Service:
- OVHcloud — hosting and database (data centres in the EU/UK).
- Resend — sending transactional email.
An up-to-date list is available on request. We put appropriate agreements in place with each.
7. International transfers
Hosting is in the EU/UK. Some providers (for example our email provider) may process limited data outside the UK/EEA; where they do, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.
8. Retention
We keep account data while your account is active and for a short period afterwards. Workspace content is deleted within a reasonable period after a workspace is closed; an export can be requested first. Minimal security and accounting records are kept only as long as necessary or as the law requires.
9. Security
We use measures including encryption in transit (HTTPS/TLS), hashed passwords, strict row-level separation between workspaces, and least-privilege access controls. No system can be guaranteed perfectly secure, but we work to protect your data and to respond promptly to any issue.
10. Your rights
Under UK GDPR you have rights to access, rectification, erasure, restriction, objection and portability of your personal data. To exercise them for data where we are the controller, email hello@modeum.co.uk. Where the data is your consultancy's workspace content (we are the processor), please contact that consultancy — the controller — and we will assist them.
11. Complaints
You can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk. We'd appreciate the chance to help first.
12. Changes and contact
We may update this policy and will change the date below when we do. Questions? Email hello@modeum.co.uk.
modeum← Home