Privacy Policy

IOModel Tech (“IOModel Tech”, “we”, “us”) operates the IOModel Architecture & Documentation as Code platform available at iomodel.tech and app.iomodel.tech (the “Service”). This Privacy Policy explains what personal data we process and why.

Questions or requests about this policy can be sent to privacy@iomodel.tech.

We only collect data that is necessary to provide and operate the Service:

• Account data. Email address, display name and avatar URL. These are provided directly by you on registration or, when you sign in with Google, supplied by Google (see “Sign-in with Google” below).
• Authentication data. Hashed password (only when you register with an email/password flow), session identifiers and email-verification status. Passwords are never stored in plain text.
• Content you create. Projects, models, diagrams, documentation and related metadata that you store in the Service.
• Operational logs. IP address, user-agent, request timestamps and error traces, retained for security, abuse prevention and debugging for up to 30 days.
• Cookies. Strictly necessary cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

If you choose “Continue with Google”, we receive from Google the following fields through the openid, email and profile scopes:

• your Google account email address and its verified status;
• your display name;
• your profile picture URL;
• your Google account identifier (sub claim).

We use this information solely to create or match your IOModel account and to display your identity within the Service. We do not access your Gmail, Drive, Calendar, Contacts or any other Google product data, and we do not request any restricted or sensitive scopes.

IOModel Tech's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• to create and authenticate your account;
• to operate, maintain and improve the Service;
• to send transactional messages (email verification, password reset, security alerts);
• to prevent abuse, fraud and security incidents;
• to comply with legal obligations.

We do not sell your personal data, and we do not use your content for advertising or for training third-party AI models.

To run the Service we rely on a small set of infrastructure providers:

• Yandex Cloud — hosting, managed PostgreSQL, managed Redis, container registry.
• Google LLC — only when you choose “Sign in with Google”, acting as identity provider.
• Email provider — for sending transactional emails from noreply@iomodel.tech.

All subprocessors are bound by contract to process data only on our instructions and to apply appropriate security measures.

• Account and content data: retained for as long as your account is active.
• Operational logs: up to 30 days.
• Backups: up to 7 days after creation.
• On account deletion, personal data is erased from active systems within 30 days and from backups during the normal backup rotation.

Data is transmitted over TLS 1.2+ and stored on managed infrastructure with encryption at rest. Passwords are hashed with industry-standard algorithms. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.

You can at any time:

• access or export the personal data we hold about you;
• correct inaccurate data through your account settings;
• delete your account and associated data;
• revoke Google's access to IOModel Tech at myaccount.google.com/permissions;
• lodge a complaint with your local data-protection authority.

To exercise these rights, contact privacy@iomodel.tech.

Service infrastructure is primarily hosted in Central Asia. When you sign in with Google, authentication requests are processed by Google LLC in the United States and other countries where Google operates. Appropriate safeguards are in place for such transfers.

The Service is not directed to children under the age of 16 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be announced by email or in-app notice at least 14 days before they take effect. The “Effective date” at the top reflects the latest revision.

IOModel Tech
Email: privacy@iomodel.tech