Privacy Policy

MOLOS LABS ("we," "us," or "our") operates the MOLOS LABS platform, a software-as-a-service ("SaaS") solution providing customer relationship management (CRM), loyalty programs, referral tracking, email marketing, QR code generation, OCR document scanning, and project management tools.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. By accessing or using our services, you agree to the practices described in this policy.

2.1 Account Information

When you create an account, we collect your name, email address, username, and password. If you associate with a company, we also collect company details such as company name, industry, and address.

2.2 Customer & Lead Data

Data you input about your customers and leads — including names, email addresses, phone numbers, addresses, and any custom fields you define — is stored securely on our platform. You are the data controller for this information; we act as the data processor.

2.3 Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, timestamps, IP addresses, browser type, and device information.

2.4 Payment Information

If you subscribe to a paid plan, payment processing is handled by our third-party payment processor. We do not store full credit card numbers on our servers.

2.5 Uploaded Content

Files you upload for OCR scanning, QR codes, email campaigns, or other features are processed and stored in accordance with this policy.

• Provide, operate, and maintain our platform and services
• Process transactions and manage your subscription
• Send transactional emails (account verification, password resets, billing notifications)
• Deliver email marketing campaigns you create through our platform
• Generate analytics and dashboard insights for your account
• Improve and personalize the user experience
• Detect, prevent, and address security issues and fraud
• Comply with legal obligations

We take the security of your data seriously. All personally identifiable information (PII) — including names, email addresses, and phone numbers — is encrypted at rest using advanced cryptographic standards, ensuring your data is protected against both current and future threats.

Additional security measures include:

• TLS encryption for all data in transit
• CSRF protection and HMAC request signing
• Rate limiting on all API endpoints
• Secure session management with automatic expiration
• Password hashing
• API key authentication with timing-safe comparison

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

• Service providers: We use trusted third-party services (e.g., email delivery, payment processing, cloud hosting) that process data on our behalf under strict contractual obligations.
• Legal requirements: We may disclose information if required by law, court order, or governmental authority.
• Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction.

We use cookies and similar technologies for authentication, session management, CSRF protection, and to remember your preferences. These are essential cookies required for the platform to function.

We do not use third-party advertising cookies or tracking pixels. Analytics data is collected internally and is not shared with external analytics providers.

We retain your account data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

Customer and lead data you store on the platform is retained until you delete it or close your account.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to specific processing of your personal data
• Withdrawal of consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at the address provided below.

Our platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us immediately so we can delete it.

Your data may be processed and stored in locations outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including encryption and contractual protections, to maintain the level of protection described in this policy.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: