Privacy Policy

Last updated: February 22, 2025

1. Introduction

MMOD, Inc. ("Company", "we", "us") operates id.bot ("Service"). This Privacy Policy explains how we collect, use, and protect your information when you use the Service.

2. Information We Collect

Account information:

  • Name, email address, and phone number
  • Identity verification data (for KYC/KYB processes)
  • Billing and payment method information

Bot information:

  • Bot names and configuration
  • API key hashes (we never store plaintext keys)
  • Spending limits and grant configurations

Usage data:

  • Messages between you and your bots
  • Transaction records and payment history
  • Approval request and response history
  • Login timestamps and session data

3. How We Use Your Information

  • To operate and maintain the Service
  • To process payments and issue virtual cards
  • To deliver messages between you and your bots
  • To verify your identity for trust tier upgrades
  • To detect and prevent fraud or abuse
  • To send transactional notifications (approval requests, OTP codes)
  • To respond to support requests

4. Encrypted Vault

Credentials stored in the vault are encrypted using AES-256-GCM before being written to our database. Encryption keys are managed separately from the encrypted data. We cannot view the plaintext contents of your vault items. Vault access grants to bots are logged and auditable by you.

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Payment processors (Stripe) to issue cards and process transactions
  • Identity verification providers for KYC/KYB checks
  • Infrastructure providers for hosting and delivering the Service
  • Law enforcement when required by valid legal process

6. Data Retention

We retain your data for as long as your account is active. Transaction records are retained as required by financial regulations. You may request deletion of your account and associated data by contacting [email protected]. Some data may be retained in anonymized form for analytics.

7. Security

We implement industry-standard security measures including encrypted connections (TLS), hashed credentials (bcrypt), encrypted vault storage (AES-256-GCM), and secure session management. Secret keys are never stored in plaintext.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing

To exercise these rights, email [email protected].

10. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or through the Service. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related inquiries, contact us at [email protected].

MMOD, Inc.
2261 Market Street STE 17805
San Francisco, CA 94114