Annex B — Modal Ingest Processing
1. Scope
This annex applies only where Customer affirmatively enables
modal_ingest and Senex uses Modal Labs to process Customer
Data for optional ingest, document-conversion, extraction, or transient
processing workflows.
This feature is not enabled by default and is not part of the Cloudflare-only default configuration.
2. Processing purpose
Customer instructs Senex to use Modal Labs for optional ingest processing, including where applicable:
- document conversion;
- parsing;
- text extraction;
- table or layout extraction;
- file normalisation;
- temporary execution of ingest jobs;
- quality checks or retry handling;
- generation of extracted text or processing artefacts returned to Senex; and
- related debugging, security, monitoring, and operational processing necessary to provide the feature.
Persistent storage of Customer's corpus remains in Senex-controlled storage unless an Order Form states otherwise. Modal Ingest Processing is intended as transient processing, not persistent corpus hosting in Modal.
3. Customer Data that may be processed
For this feature, Senex may transmit to Modal Labs the following categories of Customer Data, limited to what is reasonably necessary for the authorised ingest workflow:
- uploaded documents and files selected for ingest;
- filenames, file types, sizes, content hashes, tenant identifiers, document identifiers, job identifiers, and processing metadata;
- extracted text, tables, layout data, thumbnails, conversion outputs, parse errors, and retry metadata;
- temporary processing artefacts needed to complete the ingest job; and
- operational logs and security metadata, which should be minimised and should not intentionally include raw Customer Content unless required to troubleshoot a specific job.
Customer should not use this feature for protected health information, special-category personal data, criminal-offence data, children's data, legally privileged material, regulated client data, or similarly sensitive information unless the applicable Order Form, DPA, Modal contractual posture, and Customer's own compliance assessment expressly permit that use.
4. Modal legal and transfer posture
Customer authorises Senex to appoint Modal Labs as a conditional Sub-processor for this feature.
Modal Labs may process Customer Data in the United States or other Modal service locations, subject to any region-selection configuration that Senex implements and any limitations in Modal's applicable terms. To the extent this involves a Restricted Transfer of Customer Personal Data, the transfer is governed by the DPA, Modal's applicable data-processing terms, Standard Contractual Clauses, United Kingdom transfer terms, Swiss transfer terms, adequacy mechanisms, and supplementary measures where applicable.
Senex will not represent this feature as Cloudflare-only processing. Senex will not represent this feature as European-Union-only, Swiss-only, or region-locked unless the relevant Order Form expressly says so and engineering has verified the configured region for the relevant Modal deployment.
5. Retention and deletion posture
Senex will configure and use Modal Ingest Processing as a transient processing feature. Modal is not intended to be the system of record for Customer's corpus.
Disabling or revoking this feature stops future egress to Modal Labs but does not automatically delete outputs, extracted text, audit records, logs, backups, or Customer corpus records already created in Senex, or records retained by Modal as permitted under the applicable Modal terms, law, security, abuse-prevention, operational, or audit requirements.
6. Security and operational controls
Senex will implement reasonable controls designed to:
-
keep
modal_ingestdisabled unless a valid Feature Consent and DPA Reference exist; - enforce the current DPA version and matching disclosure hash server-side;
- minimise Customer Data transmitted to Modal to what is reasonably necessary for the authorised ingest job;
- avoid placing raw Customer Content in Modal logs, job names, environment variables, routes, error messages, or support tickets except where necessary and authorised for troubleshooting;
- prevent transmission through this feature for tenants or workspaces classified as Cloudflare-only, protected-health-information, or otherwise restricted unless separately approved;
- log non-content audit metadata for feature enablement and use;
- use region-selection configuration where committed in the applicable Order Form; and
- disable future egress after revocation, stale terms, or operator disablement.
7. Customer responsibilities
Customer is responsible for:
- deciding whether Customer files are suitable for Modal processing;
- ensuring that Customer has the lawful basis, notices, permissions, and regulatory authority to instruct this processing;
- assessing whether additional confidentiality, sector-specific, or international-transfer safeguards are required;
- validating extracted text and conversion outputs before reliance, publication, disclosure, or regulated use; and
- managing authorised users and internal policies governing which content may be submitted to the feature.
8. Activation acknowledgement text
Customer-facing activation must include substantially the following acknowledgement:
Senex may send Customer Data to Modal Labs for optional ingest processing, including document conversion, parsing, text extraction, and transient job execution. Modal Labs is a Senex-appointed conditional Sub-processor for this feature and may process data in the United States or other Modal service locations, subject to configured region settings where available, Modal's data-processing terms, and applicable transfer safeguards. This feature is not Cloudflare-only processing, is not enabled by default, and is intended for transient ingest processing rather than persistent corpus storage in Modal.
Customer must affirmatively accept the current version of this annex before enablement.