Modelcore Privacy Policy

Last Updated: 2026-01-01

Modelcore is operated by True Level LLC, a Vermont limited liability company. In this Privacy Policy, “Modelcore,” “we,” “us,” and “our” refer to True Level LLC.

Modelcore (“Modelcore,” “we,” “us”) explains here how we collect, use, and share information when you use our products and services (the “Service”), including the Modelcore web app.

This document is intentionally concise. If something is unclear, contact us at support@modelcore.app.

1) What we collect

When you sign in with Google OAuth, we receive and store:

Email address
Name (if provided by Google)
Avatar URL (if provided by Google)
Google identifier (as needed to link your account)

We do not collect or store passwords for Google OAuth sign-in.

1.2 User content (projects)

When you use Modelcore you may create or upload content, including:

Projects and their metadata (e.g., project id, name)
Project snapshots (saved project state)
Thumbnails (derived images generated from your project for previews)
Uploads/downloads of Modelcore project files (when used)

1.3 Collaboration / realtime metadata

If you use multiplayer/realtime features, we may process:

Presence metadata (e.g., “online”, cursor position, selection counts)
Lock/coordination metadata (e.g., who holds an editing lock)
Realtime synchronization messages (commands/snapshots)

We design these to be operational metadata (IDs/counts) rather than storing your geometry in analytics systems. If you collaborate in a shared project, other collaborators may see your display name, avatar, and presence indicators (such as cursor position) while you’re active.

1.4 Feedback you submit

If you submit feedback through the app, we collect:

The feedback title and body text you provide
Context metadata (e.g., route/app area, project id if present, app version/build hash, basic client info)

For abuse prevention and rate limiting, we also store:

A hashed representation of your IP address
A hashed representation of your user agent

Feedback titles and descriptions may be visible on a public feedback board. If you are signed in, we may display your name (not your email) alongside your feedback.

1.5 Automatically collected information

Like most web services, we may collect:

Basic log data (request time, endpoint, status code, etc.)
Basic device/browser information (for compatibility and debugging)

1.6 Cookies and local storage

We use:

Essential session cookies (e.g., a session cookie used by our API to keep you signed in)
Local browser storage for durability and UX (e.g., local write-ahead logging to prevent data loss in crashes)

We may also use analytics cookies/storage if analytics is enabled (see Section 4).

1.7 AI Automation (optional feature)

If you use the AI Automation feature:

Your prompts are sent directly from your browser to OpenAI's API (not through Modelcore servers)
Your OpenAI API key is stored locally in your browser (localStorage) and is never sent to Modelcore servers
Tool results (e.g., command success/failure, object IDs, counts) are sent to OpenAI as part of the conversation context
Your 3D model geometry is NOT sent to OpenAI

OpenAI processes your prompts under their own Privacy Policy. We recommend reviewing OpenAI's data practices before using this feature.

2) How we use information

We use the information above to:

Provide the Service (sign-in, save/load projects, collaboration features)
Maintain reliability and security (prevent abuse, diagnose issues)
Improve the product (understand feature adoption and performance)
Communicate with you about Service issues (e.g., support responses)

We do not sell your personal information.

We share information with service providers that help us run the Service, such as:

Authentication (Google OAuth)
Infrastructure/hosting (e.g., hosting providers)
Database (Postgres)
Object storage (for project snapshots and thumbnails; S3-compatible storage such as Cloudflare R2)
Analytics (PostHog for the web app; Vercel Analytics for the marketing site)

These providers process data on our behalf to deliver the Service.

4) Product analytics (PostHog)

We use PostHog to understand product usage and improve Modelcore.

Our analytics implementation is designed to be privacy-safe:

We primarily send event names + IDs/counts/enums (not your project geometry).
We configure person profiles to be created only after you are identified (i.e., after sign-in).
- After sign-in, we may identify you to PostHog using your user ID and may include account fields like email and name. We may also include workspace and project context (e.g., org_id, project_id) when relevant.

You may block analytics with browser tools (e.g., ad blockers). In the future we may add a first-party proxy or explicit in-app opt-out controls.

5) Data retention

We retain data for as long as necessary to provide the Service and operate the business. Typical retention patterns:

Account information: while your account is active
Projects/snapshots: while your account is active (or until you delete them)
Feedback: as long as it is useful for product improvement and support
Operational logs: for a limited period (90 days)
Analytics: retained according to our analytics settings (12 months)

Exact retention windows may evolve; we’ll update this policy if they change materially.

6) Your choices and rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data.

For now, deletion/export requests are handled manually:

Email us at support@modelcore.app with the subject “Data request”.

7) International transfers

Our providers may process data in the United States and other countries. We take reasonable steps to ensure appropriate safeguards for cross-border transfers.

8) Changes

We may update this policy. If changes are material, we’ll post an updated version and update the “Last Updated” date.

9) Contact

Questions or requests:

Email: support@modelcore.app