Privacy Policy

Effective May 30, 2026Last updated May 30, 2026

1. Who we are

Modulus Ops is a brand operated by Paleo Prime LLC, a limited liability company organized under the laws of the State of Illinois. References in this policy to "Modulus Ops", "we", "us", or "our" refer to Paleo Prime LLC.

We build and operate software tools and consulting services for consumer-goods brands. Our work includes demand and supply planning, replenishment forecasting, inventory analytics, integrations with marketplace and fulfillment platforms, and related back-office automation. This policy describes what information we collect, how we use it, and the rights you have over it.

Our principal contact for privacy inquiries is privacy@modulusops.com.

If you have any questions about this policy, please contact us using the email above. We aim to respond to all inquiries within ten (10) business days.

2. Scope of this policy

This policy applies to:

  • Our website at https://modulusops.com (the "Site").
  • Any software-as-a-service product we offer, including but not limited to our inventory and demand-planning platform (each, a "Service").
  • Any consulting or professional services we provide directly to clients.
  • Data we process on behalf of our clients (each client is a "Customer") from third-party platforms our Services connect to, including but not limited to Amazon Selling Partner API (SP-API), Shopify, Fulfillment.com, Cin7, and similar systems.

The policy does not apply to the practices of third parties whose websites or services we link to but do not operate. We encourage you to review the privacy policies of any third-party services you use.

3. The two roles we play

The data we handle falls into two categories, and our responsibilities differ between them:

(a) Data we collect directly from you. When you visit the Site, contact us, or use a Service as a direct user, you may give us your name, email, employer, phone number, payment information, and similar contact and account details. For this data, Paleo Prime LLC acts as the data controller.

(b) Data our Customers entrust to us about their own business and customers. When a Customer connects our Services to Amazon SP-API, Shopify, Fulfillment.com, or other systems, we receive and process data about that Customer's products, inventory, orders, and end-buyers on the Customer's behalf. For this data, Paleo Prime LLC acts as a data processor (or sub-processor); the Customer is the controller and remains accountable to their end-buyers under applicable law and platform-specific data-use policies. See Section 7 (Amazon Information) below for the specific commitments that apply to data we receive from Amazon SP-API.

4. Information we collect

4.1 Information you provide directly

  • Contact information: name, email, employer, role, phone number.
  • Account information: authentication credentials (managed via Supabase Auth), profile preferences, role/permission settings.
  • Billing information: for paid Services, billing contact and payment method (collected and processed by our payment processor; Modulus Ops does not store full card numbers).
  • Communications: the content of any message you send us through the Site, by email, or through any Service.
  • Marketing preferences: any consent or unsubscribe choices you record with us.

4.2 Information we collect automatically when you use the Site or a Service

  • Log data: IP address, browser type and version, operating system, referring URL, pages visited, time of access, and similar technical metadata.
  • Device identifiers and cookies: session identifiers, authentication tokens, and a minimal set of strictly-necessary cookies required to operate the Service.
  • Usage data: which features you use within a Service, query patterns, and aggregate performance metrics (used to debug and improve the Service).

4.3 Information we receive from third-party platforms on behalf of Customers

When a Customer authorizes us to connect a Service to a third-party platform on their behalf, we receive data from that platform strictly for the purpose of providing the Service back to that same Customer. Examples include:

  • Amazon Selling Partner API (SP-API): Customer's orders, FBA inventory levels, product listings, settlements, and related operational data. See Section 7 for specifics.
  • Fulfillment platforms (e.g., Fulfillment.com): Customer's outbound shipments, on-hand inventory at third-party warehouses.
  • E-commerce platforms (e.g., Shopify): Customer's direct-channel orders, customers, products, and inventory.
  • Other operational systems (3PL, ERP, accounting) the Customer chooses to connect.

We process this data only as the Customer instructs and only for the purpose of providing the Service. We do not use it for marketing, advertising, model training, or any other purpose, and we do not sell it.

4.4 Information we do not collect

We do not knowingly collect personal information from children under the age of 13 (or the applicable minimum age under local law). If you believe we have inadvertently collected such information, please contact us and we will delete it.

5. How we use information

We use the categories of information described above for the following purposes:

  • To provide and operate the Service — including authenticating users, executing forecasts and analyses, syncing data with connected third-party platforms, generating reports, and rendering the user interface.
  • To support and communicate with you — responding to inquiries, sending Service-related notifications (e.g., sync failures, security alerts), and providing customer support.
  • To improve and secure the Service — debugging, monitoring performance and uptime, detecting and mitigating abuse, and developing new features. When we use data for improvement, we use aggregated and de-identified information wherever possible.
  • To comply with legal obligations — responding to lawful requests, enforcing our agreements, and protecting our rights and the rights of others.
  • For billing and accounting — invoicing, payment processing, and tax compliance.

We do not use information collected from a Customer's third-party platform data (Section 4.3) for any purpose other than delivering the Service to that same Customer.

6. How we share information

We share information only as described below.

6.1 Sub-processors

We use a limited set of carefully selected third-party service providers ("sub-processors") to operate the Service. Each sub-processor is contractually bound to handle data only as instructed by us and only to deliver the service for which we engaged them. We do not authorize any sub-processor to use the data we share with them for their own purposes (including but not limited to marketing, advertising, or training artificial-intelligence models).

Sub-processor Purpose Categories of data shared Location
Supabase, Inc. (using AWS) Hosted PostgreSQL database, authentication, and storage. Account information; Customer's connected-platform data; usage data. United States (AWS)
Vercel, Inc. Frontend application hosting and content delivery. UI rendering only; no persistent storage of Customer or third-party platform data on Vercel. United States
Fly.io, Inc. Backend compute that runs sync workers and APIs. All data described in this policy may transit this layer; no long-term storage. United States
OpenAI, Inc. AI-assisted natural-language analytics feature ("Ask Data"). Aggregated, non-PII operational data only (SKU codes, weekly unit totals, on-hand inventory counts, product/supplier attributes, ASINs). Server-side allow-list prevents the model from accessing buyer information, raw order line items, customer addresses, or any other personally identifying data. Operated under OpenAI's API tier, which contractually does not retain inputs for training. United States
Anthropic, PBC AI-assisted natural-language analytics feature ("Ask Data") — alternate provider. Same data category and same allow-list enforcement as OpenAI. Operated under Anthropic's API tier, which contractually does not retain inputs for training. United States

We maintain a current list of sub-processors and will provide it on request. We notify Customers in advance of any new sub-processor that will process their data.

6.2 Sharing with Customers

When a Customer authorizes us to connect a Service to a third-party platform on their behalf, all data we receive from that platform is shared only with that Customer and the Customer's authenticated users. Tenant isolation is enforced at the database row level — no Customer can access another Customer's data.

6.3 Sharing required by law

We may disclose information if required by law, regulation, legal process, governmental request, or to protect the rights, property, or safety of Modulus Ops, our Customers, or others. We will resist overly broad requests and will notify affected parties whenever lawful to do so.

6.4 Business transfers

If Paleo Prime LLC is involved in a merger, acquisition, asset sale, or insolvency proceeding, information may be transferred as part of that transaction. We will notify affected parties and require the successor to honor the commitments in this policy.

6.5 What we do not do with your information

We do not:

  • Sell personal information.
  • Share personal information with advertising networks, data brokers, or analytics platforms.
  • Use information received from a Customer's connected third-party platform for any purpose other than delivering the Service to that same Customer.
  • Use data we receive from Amazon SP-API, Shopify, or similar platforms to train artificial-intelligence or machine-learning models.
  • Disclose data from one Customer to another Customer.

7. Amazon Information

This section sets out our commitments under the Amazon Services API Solution Provider Agreement, the Acceptable Use Policy, and the Data Protection Policy with respect to data we receive from Amazon Selling Partner API (collectively, "Amazon Information"). A focused, Amazon-reviewer-facing summary of these commitments is also published as our Amazon Data Use Notice.

We collect Amazon Information solely on behalf of, and at the direction of, the Amazon seller (the "Customer") who authorizes us to connect the Service to their Amazon Seller Central account. Specifically, we may receive:

  • Order data (order identifiers, line items, quantities, statuses, purchase and shipment dates, ship-to state/postal/country, prices, taxes).
  • FBA inventory data (fulfillable, inbound, reserved, unfulfillable quantities; ASIN; fulfillment-network metadata).
  • Catalog and product data (ASINs, seller SKUs, product attributes).
  • Settlement and reporting data, where applicable to the requested SP-API roles.

Our commitments specifically with respect to Amazon Information:

  1. Encryption in transit. All transmission of Amazon Information across the public Internet uses TLS 1.2 or higher. SP-API calls use HTTPS with certificate verification; database connections to Supabase use the AWS-hosted pooler over sslmode=require; the application UI is served only over HTTPS.

  2. Encryption at rest. Amazon Information stored in our database is hosted on Supabase (AWS-managed PostgreSQL), which encrypts data at rest using AES-256.

  3. Access restriction. Access to Amazon Information within Modulus Ops is restricted to personnel whose job duties require it. All such access requires multi-factor authentication and is subject to our password and credential-management policy. Amazon Information is tenant-isolated; one Customer cannot view another Customer's Amazon Information.

  4. Use limitation. Amazon Information is used exclusively to provide the Service to the Customer from whom it was collected. We do not use Amazon Information for marketing, advertising, analytics for third parties, model training, or any other purpose. We do not sell Amazon Information.

  5. Sub-processor restriction. Amazon Information is shared only with the sub-processors listed in Section 6.1, each of whom is contractually bound to handle it only to deliver service to us. Optional AI features in the Service ("Ask Data") operate under a server-side allow-list that prevents the LLM from accessing raw order data, customer shipping fields, or any other personally identifying information.

  6. Retention and deletion. We retain Amazon Information only as long as necessary to provide the Service. Upon a Customer's request, or upon termination of the Customer's use of the Service, we will delete the Customer's Amazon Information within thirty (30) days, except where retention is required by law.

  7. Incident reporting. We maintain a written incident-response plan. In the event of a security incident affecting Amazon Information, we will notify Amazon at security@amazon.com within twenty-four (24) hours of detection, in addition to notifying the affected Customer.

  8. Compliance with Amazon's policies. We comply with the Amazon Services API Solution Provider Agreement, the Acceptable Use Policy, and the Data Protection Policy as they may be updated from time to time. To the extent any provision of this Section 7 conflicts with those policies, the more protective provision controls.

8. Security

We take reasonable and appropriate technical, organizational, and administrative measures to protect information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These include:

  • Network controls: firewalls, intrusion detection and prevention systems, anti-virus / anti-malware tools, and network segmentation at the infrastructure layer (provided through our hosting providers).
  • Encryption: TLS 1.2+ for data in transit and AES-256 for data at rest.
  • Access controls: least-privilege access, multi-factor authentication, role-based access control, tenant isolation enforced at the database row level.
  • Credential management: credentials and secret keys are stored in encrypted environment variables or secret managers, never in source code or shared repositories. We rotate credentials annually or sooner if circumstances require.
  • Incident response: a written incident-response plan that defines roles, communication procedures, and notification timelines. The plan is reviewed at least every six (6) months.
  • Logging and monitoring: application and access logs are retained for a reasonable period to support audits and incident investigation.

No system is perfectly secure. While we work hard to protect your information, we cannot guarantee absolute security.

9. Retention

We retain information only as long as necessary for the purposes described in this policy:

  • Account information: for the life of your account, plus a reasonable period thereafter for legal and accounting purposes.
  • Customer's third-party-platform data (including Amazon Information): for the duration of the Service engagement; deleted within thirty (30) days of a deletion request or termination of the engagement.
  • Logs and operational telemetry: typically thirty (30) to ninety (90) days.
  • Billing records: for the period required by applicable tax and accounting law.

When data is no longer needed, we delete or de-identify it.

10. Your rights

Depending on where you live and the laws that apply to you, you may have rights with respect to your personal information, including:

  • Access: the right to ask us what information we hold about you.
  • Correction: the right to ask us to correct inaccurate information.
  • Deletion: the right to ask us to delete your information (subject to legal exceptions).
  • Portability: the right to receive a copy of your information in a portable format.
  • Objection or restriction: the right to object to certain processing or to ask us to restrict it.
  • Withdrawal of consent: where we rely on consent to process your information, the right to withdraw that consent at any time.
  • Complaint: the right to lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, contact us using the information in Section 1. We will respond within thirty (30) days. We do not charge a fee for reasonable requests and we do not discriminate against you for exercising your rights.

If you are a Customer's end-user (for example, an Amazon buyer whose order data we process on behalf of a Customer), your primary point of contact is the Customer who controls that data. We will support the Customer's response to your request as required by applicable law and our agreement with the Customer.

11. International transfers

Modulus Ops is based in the United States, and our sub-processors are primarily located in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States. Where required by law, we will rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.

12. Third-party links and integrations

The Site and Service may contain links to third-party websites or integrations with third-party platforms (including Amazon, Shopify, Fulfillment.com, and others). This policy does not apply to those third parties' practices. We encourage you to review their privacy policies before providing them with information.

13. Children's privacy

The Site and Service are not directed at children under the age of 13 (or the equivalent minimum age in the applicable jurisdiction), and we do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it.

14. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through the Service. Your continued use of the Site or Service after the effective date of the updated policy constitutes acceptance of the change.

15. Contact

If you have any questions, concerns, or requests regarding this policy or our handling of your information, please contact:

Paleo Prime LLC (d/b/a Modulus Ops) Privacy inquiries: privacy@modulusops.com

For security-related concerns or to report a suspected vulnerability, please email security@modulusops.com.