Privacy Policy

This Privacy Policy describes how Modfin Inc. ("we," "us," or "our") collects, uses, discloses, and protects Personal Data in connection with the Underboss product and related services (collectively, the "Services").

Effective Date: February 6, 2026

1. Scope and Relationship to the Terms of Use

This Privacy Policy applies to Personal Data processed in connection with the Services. It supplements, and is incorporated by reference into, the Underboss Terms of Use. In the event of any conflict between this Privacy Policy and the Terms of Use with respect to Personal Data, this Privacy Policy controls.

2. Definitions

  • "Personal Data" means information that identifies or could reasonably identify an individual person.
  • "User" or "you" means an individual or business that uses the Services.
  • "User Data" means data, content, and information submitted to the Services by or on behalf of Users.

3. Personal Data We Collect

We collect Personal Data in the following categories:

3.1 Information You Provide

  • Account information (such as name, email address, and business details)
  • Communications with us (such as support requests or feedback)
  • Billing and subscription-related information (handled through third-party payment providers)

3.2 Information Collected Automatically

When you use the Services, we may automatically collect:

  • Device and usage information (such as IP address, browser type, operating system, and usage logs)
  • Diagnostic and performance data

3.3 Information from Third Parties

We may receive information from third-party services you choose to integrate with the Services (such as payment providers or accounting platforms), subject to your settings and the terms governing those services.

3.4 Customer Data Processed on Behalf of Users

The Services enable Users to store, manage, and communicate with information about their own customers, clients, students, or other individuals ("Customer Data"), which may include names, contact information, family relationships, attendance records, and billing or invoice information.

At the direction of Users, the Services may send notifications, invoices, receipts, or other communications to such individuals on behalf of the User. We process Customer Data solely as a service provider and data processor acting on the User’s instructions.

We do not have a direct relationship with Users’ customers and do not independently determine the purposes or means of processing Customer Data. Users typically collect and manage Customer Data in the ordinary course of providing services to their customers, and we process such Customer Data on the User’s behalf without independently assessing or determining the legal basis on which Users collect or use Customer Data.

Requests from individuals regarding Customer Data (including access, correction, or deletion requests) should be directed to the applicable User, not to us.

3.5 Cookies and Similar Technologies

We use cookies and similar technologies (such as browser storage and session identifiers) to operate and support the Services. These technologies are used for purposes such as maintaining login sessions, enabling secure authentication, supporting single sign-on across our platforms, and remembering user preferences.

We may also use cookies or similar technologies to collect aggregated usage and performance information to help us understand how the Services are used and to improve functionality.

We do not use cookies for cross-site tracking or targeted advertising. You can control the use of cookies through your browser settings, though disabling certain cookies may affect the functionality of the Services.

4. How We Use Personal Data

We use Personal Data for the following purposes:

  • To provide, operate, and maintain the Services
  • To manage accounts, authentication, and access control
  • To communicate with you about the Services, including support and service-related notices
  • To improve, develop, and enhance the Services
  • To comply with legal obligations and enforce our agreements

We do not sell Personal Data.

5. Aggregated and De-Identified Data

We may create aggregated, anonymized, or de-identified data derived from Personal Data or User Data. Such data does not identify you or your customers and may be used for analytics, benchmarking, service improvement, pricing insights, and development of artificial intelligence and machine learning features, as described in our Terms of Use.

We will not attempt to re-identify de-identified data.

6. Artificial Intelligence and Machine Learning

Certain features of the Services use artificial intelligence and machine learning technologies to generate automated suggestions, classifications, or insights.

  • We may use aggregated and de-identified data to train and improve our AI/ML models.
  • We do not use identifiable Personal Data to train models that serve other users unless you explicitly opt in.
  • AI-generated outputs are probabilistic and may be inaccurate. You remain responsible for decisions made based on such outputs.

7. Data Retention

We retain Personal Data for as long as necessary to provide the Services and for legitimate business purposes, including:

  • Operating and improving the Services
  • Backup and disaster recovery
  • Fraud prevention and security
  • Legal, tax, audit, and compliance obligations
  • Resolving disputes and enforcing agreements

Deleted data may persist in backup systems for a limited period.

8. Your Rights and Choices

8.1 Access, Deletion, and Portability

You may request access to, deletion of, or portability of your Personal Data by contacting us at help@underboss.app. We will respond to verified requests in accordance with applicable law.

8.2 California Privacy Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of the sale of Personal Data. We do not sell Personal Data.

8.3 EEA and UK Users

If you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR). When we process Personal Data on your behalf in connection with the Services, we act as a data processor and you act as the data controller. You are responsible for ensuring you have a lawful basis for providing Personal Data to the Services.

9. International Data Transfers

If you are located outside the United States, your Personal Data may be transferred to and processed in the United States or other jurisdictions where we or our service providers operate. We use appropriate safeguards, such as Standard Contractual Clauses, where required by law.

10. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect Personal Data from unauthorized access, use, disclosure, alteration, and destruction. However, no system is completely secure, and we cannot guarantee absolute security.

In the event of a data breach or security incident affecting your Personal Data, we will notify you as required by applicable law.

11. Children’s Privacy

The Services are not directed to individuals under the age of 18, and we do not knowingly collect Personal Data directly from individuals under 18.

The Services may process information about minors as part of Customer Data submitted by Users (for example, information about students, children, or family members of a User’s clients). In these cases, we process such information solely on behalf of the User and in accordance with the User’s instructions, as described in Section 3.4. We do not have a direct relationship with such individuals and do not independently determine the purposes or means of processing this information.

If we become aware that Personal Data has been submitted to the Services in a manner that is inconsistent with this Privacy Policy, we will take appropriate steps consistent with applicable law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions or requests regarding this Privacy Policy, please contact us at help@underboss.app

Let's get started
Download Underboss
© 2026 Modfin Inc.
Terms of usePrivacy policy