Modelcore Privacy Policy
Last Updated: 2026-03-19
Modelcore is operated by True Level LLC, a Vermont limited liability company. In this Privacy Policy, “Modelcore,” “we,” “us,” and “our” refer to True Level LLC.
Modelcore (“Modelcore,” “we,” “us”) explains here how we collect, use, and share information when you use our products and services (the “Service”), including the Modelcore web app.
This document is intentionally concise. If something is unclear, contact us at support@modelcore.app.
1) What we collect
1.1 Account information (managed sign-in)
When you sign in (Microsoft OAuth, Google OAuth, or email/password via our managed identity provider), we receive and store:
- Email address
- Name (if provided by provider profile)
- Avatar URL (if provided by provider profile)
- Provider identity identifier (as needed to link your account)
For the managed-provider path, we do not collect or store raw account passwords in Modelcore.
1.2 User content (projects)
When you use Modelcore you may create or upload content, including:
- Projects and their metadata (e.g., project id, name)
- Project snapshots (saved project state)
- Thumbnails (derived images generated from your project for previews)
- Uploads/downloads of Modelcore project files (when used)
1.3 Collaboration / realtime metadata
If you use multiplayer/realtime features, we may process:
- Presence metadata (e.g., “online”, cursor position, selection counts)
- View/presence state (e.g., camera state, presentation invites, camera pins)
- Lock/coordination metadata (e.g., who holds an editing lock)
- Realtime synchronization messages (commands/snapshots)
We design these to be operational metadata (IDs/counts) rather than storing your geometry in analytics systems. If you collaborate in a shared project, other collaborators may see your display name, avatar, and presence indicators (such as cursor position, selection summary, and shared view state) while you’re active.
1.4 Feedback you submit
If you submit feedback through the app, we collect:
- The feedback title and body text you provide
- Context metadata (e.g., route/app area, project id if present, app version/build hash, basic client info)
For abuse prevention and rate limiting, we also store:
- A hashed representation of your IP address
- A hashed representation of your user agent
Feedback titles and descriptions may be visible on a public feedback board. If you are signed in, we may display your name (not your email) alongside your feedback.
1.5 Automatically collected information
Like most web services, we may collect:
- Basic log data (request time, endpoint, status code, etc.)
- Basic device/browser information (for compatibility and debugging)
1.6 Cookies and local storage
We use:
- Essential session cookies (e.g., a session cookie used by our API to keep you signed in)
- Local browser storage for durability and UX (e.g., local write-ahead logging to prevent data loss in crashes)
We may also use analytics cookies/storage if analytics is enabled (see Section 4).
1.7 AI Automation (optional feature)
If you use the AI Automation feature:
- Your prompts are sent from the Modelcore web app to Modelcore's API, which forwards the request to the configured AI provider
- We currently use a server-configured provider key for this feature; we do not currently ask you to enter your own OpenAI API key in the app
- Tool calls and tool results are sent to the AI provider as part of the conversation context. These may include modeling metadata needed for automation (e.g., object IDs, counts, geometry attributes, and boundary point positions).
- If you use snapshot import/export tools, a SceneSnapshot (which can include model geometry) may be sent to OpenAI.
OpenAI processes your prompts under their own Privacy Policy. We recommend reviewing OpenAI's data practices before using this feature.
2) How we use information
We use the information above to:
- Provide the Service (sign-in, save/load projects, collaboration features)
- Maintain reliability and security (prevent abuse, diagnose issues)
- Improve the product (understand feature adoption and performance)
- Communicate with you about Service issues (e.g., support responses)
3) How we share information
We do not sell your personal information.
We share information with service providers that help us run the Service, such as:
- Authentication (managed identity provider for Microsoft OAuth, Google OAuth, and email/password)
- Infrastructure/hosting (e.g., hosting providers)
- Database (Postgres)
- Object storage (for project snapshots and thumbnails; S3-compatible storage such as Cloudflare R2)
- Analytics (PostHog for the web app; Vercel Analytics for the marketing site)
- Error monitoring (Sentry)
- Advertising / conversion measurement (Google Ads / gtag, when enabled)
- Location search (Mapbox geocoding, when used)
These providers process data on our behalf to deliver the Service.
4) Product analytics (PostHog)
We use PostHog to understand product usage and improve Modelcore.
Our analytics implementation is designed to be privacy-safe:
- We primarily send event names + IDs/counts/enums (not your project geometry).
- We configure person profiles to be created only after you are identified (i.e., after sign-in).
- After sign-in, we may identify you to PostHog using your user ID and may include account fields like email and name. We may also include workspace and project context (e.g.,
org_id,project_id) when relevant.
- After sign-in, we may identify you to PostHog using your user ID and may include account fields like email and name. We may also include workspace and project context (e.g.,
You may block analytics with browser tools (e.g., ad blockers). In the future we may add a first-party proxy or explicit in-app opt-out controls.
5) Data retention
We retain data for as long as necessary to provide the Service and operate the business. Typical retention patterns:
- Account information: while your account is active
- Projects/snapshots: while your account is active (or until you delete them)
- Feedback: as long as it is useful for product improvement and support
- Operational logs: for a limited period (90 days)
- Analytics: retained according to our analytics settings (12 months)
Exact retention windows may evolve; we’ll update this policy if they change materially.
6) Your choices and rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal data.
For now, deletion/export requests are handled manually:
- Email us at support@modelcore.app with the subject “Data request”.
7) International transfers
Our providers may process data in the United States and other countries. We take reasonable steps to ensure appropriate safeguards for cross-border transfers.
8) Changes
We may update this policy. If changes are material, we’ll post an updated version and update the “Last Updated” date.
9) Contact
Questions or requests:
- Email: support@modelcore.app