At Modo Energy we take the privacy and security of your data seriously. This section explains how Ko handles your data: where it's stored, who can access it, which providers help run the service, and your choices around retention and deletion.
Ko's data handling operates within Modo Energy's Website Terms of Service and Privacy Policy, and we remain in compliance with these at all times. Where this section summarises our practices, the Privacy Policy is the authoritative source.
Where is my data stored?
Your Ko data is stored in the United Kingdom. Your conversations, message history, and account details live in our own secure store hosted in AWS London, encrypted at rest, with encrypted backups held in Ireland.
When Ko answers a question, it sends the necessary content to a small number of trusted providers (see Which third-party providers does Ko use?). Some of those providers are based in the US, so parts of your conversation may be processed outside the UK in order to generate answers and power search. These international transfers are limited to what is needed to operate the service and are safeguarded under Standard Contractual Clauses and other Article 46 UK GDPR mechanisms, as set out in our Privacy Policy.
Is my data used to train AI models?
No. The AI providers that process your conversation — Anthropic (which writes Ko's answers) and OpenAI (which helps Ko find relevant Modo data) — do not use your data to train their models.
Anthropic does not retain your prompts or Ko's answers after replying, and does not use them for training. Ko runs on Claude Sonnet 4.6, where prompts and responses are not retained by default. You can read Anthropic's commitment in their API and data retention policy.
You may have read about a "30-day retention" requirement for Anthropic models. That applies only to Anthropic's newest "Covered Models" (the Fable and Mythos class). Ko does not use those models, so it does not apply to Ko.
Which third-party providers does Ko use?
To run Ko, we send conversation content to a small number of trusted providers — to write answers, find relevant data, power search, and help our team fix problems. Some only process your data in the moment; others keep their own copy. We send each provider the least it needs, and wherever possible we use a pseudonymous user ID rather than your name or email.
Provider | What it does | Receives your message | Keeps a copy? | Based in |
Anthropic (Claude) | Writes Ko's answers | Yes | No | US |
OpenAI | Converts your query into searchable form to find relevant Modo data | Search query only | No | US |
Algolia | Powers conversation search | Yes | Yes (search index) | UK |
LangSmith | Debugging / observability, so our team can fix problems | Yes | Yes (traces) | US |
Sentry | Error monitoring | No conversation content | Yes (error reports) | US |
New Relic | Performance monitoring | No conversation content | Yes (metrics) | US |
Slack | Internal quality alerts | Short excerpt only | Yes (Slack history) | US |
AWS | Hosting and storage | Yes (our master copy) | Yes | UK / Ireland |
Sentry and New Relic receive error reports and performance metrics only — not conversation content. All sharing with these providers is governed by our Privacy Policy, with which we remain in compliance at all times.
Who can access my conversations?
You only ever see your own conversations, inside the product.
Approved Modo staff can access conversations through an internal admin panel — reachable only over the company VPN and behind an admin login — and only for support, debugging, and quality.
We do not sell your data or share it for advertising.
How we handle access to your personal data is set out in full in our Privacy Policy, which we comply with at all times.
How is my data kept secure?
Your data is encrypted in transit and at rest. Access by Modo staff is restricted to authorised personnel on a least-privilege basis, behind the company VPN and an admin login, and used only for support, debugging, and quality.
Modo is independently certified to recognised security and data-protection standards, including AICPA SOC and Cyber Essentials. Modo is also a certified B Corporation, and Modo Energy (Benchmarking) Ltd is authorised and regulated by the Financial Conduct Authority (Firm no. 1042606) under the UK Benchmarks Regulation. Our security measures are described further in our Privacy Policy.
How long do you keep my data, and how do I delete it?
We keep your conversations and account data only as long as necessary to provide the service, in line with our Privacy Policy, unless a longer or shorter period is required or permitted by law.
You can ask us to delete a conversation at any time by contacting legal@modoenergy.com — it's removed from your history and from search. Where any copy cannot be fully removed for technical reasons (for example, short-lived encrypted backups, which roll off within 30 days), we apply appropriate measures to prevent any further use of it.
You also have the right to access, correct, object to, or request erasure of your personal data, as set out in our Privacy Policy. UK and EEA users can lodge a complaint with a data protection supervisory authority. Ko does not make automated decisions about you.
How does data handling differ in the Terminal vs via MCP?
There are two ways to use Ko, and they handle your data differently.
In the Modo Energy Terminal (our web app): you chat with Ko inside Modo's product. Modo runs everything — we send your conversation to the AI, store your history in the UK, and the data flows are exactly as described above. Modo controls the whole path and acts as the data controller for your personal data.
Via MCP (you connect your own AI tool to Ko): your own AI tool does the chatting and writes the answers, using your chosen AI provider, and your tool stores the conversation. Ko's role is narrower — it confirms who you are (secure sign-in) and runs the specific Modo data look-ups your AI requests. We have no access to your conversation. Where it is stored and who else sees it is governed by your own AI tool and its provider.
One thing applies in both modes: some Ko look-up tools convert your question into a searchable form (via OpenAI) to find relevant Modo data, so a query passed into those tools can still reach OpenAI. For example, asking "show me all articles Modo has written about ancillary services" results in your agent calling our tool with a query like "ancillary services."
For full details of how Modo Energy collects, uses, and protects personal data — including your privacy rights and how to exercise them — see our Privacy Policy and Website Terms of Service. If you have any questions, contact legal@modoenergy.com.