modblo, modular sections, better stores
Browse
Legal

Privacy Policy

Last updated: May 10, 2026

In short

modblo collects the minimum data needed to run an account and deliver the product. We don’t sell data to advertisers, we don’t track you across the web, and we don’t load third-party tracking scripts on the marketing site beyond what you explicitly consent to in the cookie banner.

Sections you install run entirely inside your Shopify theme and don’t phone home to modblo.

1. What we collect

On the modblo website (modblo.com):

  • Account info — email, name, password (hashed), the Shopify store domain you register, and your tier (Free, Creator, Agency).
  • Payment info — handled by Stripe. We store the last 4 digits of your card and a Stripe customer ID. We never see or store your full card number.
  • Purchase history — which sections, blocks, and packs you’ve bought, and the date.
  • Server logs — IP address, user agent, and request timestamps. Retained 30 days for security and debugging, then deleted.
  • Analytics (with consent) — only if you accept analytics cookies, we collect aggregate page-view and click data via a privacy-respecting analytics provider. No cross-site tracking. Decline anytime.

Sections and blocks you install on your own Shopify theme do not send data to modblo. They run entirely in your store.

2. How we use your data

  • To create and maintain your account.
  • To process payments and issue refunds.
  • To send transactional emails (receipts, password resets, update notifications).
  • To send product updates and news, only if you opted in. Unsubscribe anytime via the footer of any email.
  • To improve modblo by understanding which sections are most useful (only with analytics consent).

We do not sell your data. We do not share it with advertisers. We do not allow third parties to use your data for their own purposes.

3. Third-party services

We rely on a small number of vendors to operate. Each has its own privacy policy and is bound by contract to handle your data only on our behalf:

  • Stripe — payment processing.
  • Supabase — account database and authentication.
  • Vercel — site hosting and request routing.
  • Email provider — for transactional and (opted-in) marketing emails.

4. Cookies

On the marketing site we use only the cookies needed to keep you logged in and remember your theme preference (light/dark). Analytics and marketing cookies require your explicit consent via the cookie banner that appears on your first visit.

You can change your cookie preferences anytime by clicking “Cookie preferences” in the footer.

5. Data retention

  • Account data — kept while your account is active. Deleted within 30 days of account deletion.
  • Purchase records — retained for 7 years for tax and accounting compliance.
  • Server logs — 30 days, then deleted.
  • Analytics — aggregate only, no individual user data retained beyond 13 months.

6. Your rights

Regardless of where you live, you can:

  • Request a copy of the data we hold about you.
  • Correct inaccurate or outdated information.
  • Request deletion of your account and personal data (subject to legal retention requirements for purchase records).
  • Opt out of marketing emails.
  • Withdraw cookie consent at any time.

Email hello@modblo.com to exercise any of these. We respond within 30 days.

If you’re in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA respectively. Email us and reference the regulation in your request.

7. International transfers

Some of our vendors (Stripe, Vercel, Supabase) are based in the United States. By using modblo, you consent to your data being processed in the US under appropriate safeguards (standard contractual clauses where applicable).

8. Children

modblo is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has created an account, email us and we’ll delete it.

9. Security

Passwords are hashed (never stored in plaintext). Payment processing is delegated to Stripe (PCI-DSS Level 1). Our infrastructure is hosted on Vercel and Supabase, both SOC 2 Type II audited. We don’t share account credentials with anyone — modblo staff cannot read your password.

10. Changes to this policy

Material changes will be announced by email to active members and posted here with an updated date. Continued use of modblo after a change constitutes acceptance.

11. Contact

Privacy questions, data requests, or complaints — email hello@modblo.com. See our Terms of Service for the legal terms covering your use of modblo.