's profile picture

Privacy Policy

Last Updated: Jan 09, 2026

Note: Ordy is currently in beta testing. While we strive to provide a seamless experience, there may be occasional issues. We appreciate your patience and encourage you to contact us if you encounter any problems. Our team is always ready to assist you!

Welcome to Ordy

We respect your privacy and aim to be transparent about how we handle data. This Policy explains what we collect, why, how long we keep it, and how you can exercise your rights. By using Ordy you agree to these terms.

1. Who we are and contacts

Data controller: Ordy team (beta). Privacy contact: [email protected]. Email is our primary and only contact channel for privacy matters.

2. What data we collect

  • Account: username, email, password hash, avatar, timezone, subscription tier.
  • Productivity apps: reminders (names, dates, times, TZ), timers (names, statuses, notes), parcels (tracking numbers, carrier/status), work tables/jobs (schedules, hours, exports).
  • AI chat: messages and responses for Silver/Gold tiers.
  • Integrations: optional Telegram ID/username/status if you connect it.
  • Security: 2FA TOTP secrets and backup codes (if enabled), auth logs, CSRF/session data.
  • Payments: transaction metadata (amount, currency, status, transaction ID, timestamp). We do not store card/PayPal credentials; payments are processed by PayPal.
  • Usage/technical: browser/OS, IP address, feature usage, error logs, and performance data to keep the service stable.

3. Purposes and legal bases

  • Contract (Art. 6(1)(b) GDPR): registration, app access, storing your tasks/reminders/timers/parcels/work tables, AI chat, Telegram notifications.
  • Legitimate interest (Art. 6(1)(f) GDPR): service protection, abuse prevention, security logging, improving stability and UX, performance analytics in aggregated/minimized form.
  • Consent (Art. 6(1)(a) GDPR): marketing/analytics cookies and tags (e.g., Google tag AW-17862253326) — loaded only after consent where required.
  • Legal obligation (Art. 6(1)(c) GDPR): compliance with accounting/security duties and legal requests.

4. Cookies and tracking

We use cookies and similar technologies for site operation and analytics. Marketing and analytics tags (including Google tag AW-17862253326) load only after consent where required in your jurisdiction. You can manage consent via the banner or your browser settings.

5. How long we keep data

  • Account and content (reminders, timers, jobs, AI chat) — as long as your account exists or until you delete data/account.
  • 2FA secrets/backup codes — while 2FA is enabled; removed when you disable 2FA or delete the account.
  • Security/technical logs — kept for the minimum period needed for security and diagnostics.
  • Transactions — only metadata (id, amount, status) for accounting and disputes; payment credentials are not stored.
  • Cookies/identifiers — per each cookie’s lifetime and your consent choices.

6. Third parties and disclosures

  • PayPal (payments; we do not see or store your payment credentials).
  • Google (Analytics/Ads tag AW-17862253326 — analytics/conversions after consent).
  • Hosting/DB (infrastructure and backups, including security logging).
  • Telegram (optional, if you enable notifications).
  • AI provider (processes AI chat messages to generate responses).
  • Legal requests — when required by law or to protect rights and safety.

7. International transfers

Some providers may process data outside your country (including the US). We use contractual safeguards (e.g., EU/UK Standard Contractual Clauses) where required.

8. Security

We use HTTPS/TLS, password hashing, optional 2FA, access controls, security event monitoring, and regular component updates. No system is perfectly secure, so please avoid sending unnecessary personal or sensitive data (including in AI chat).

9. Payments

Payments are processed via PayPal. We do not receive or store card or PayPal account details. After payment, we keep only transaction metadata (id, amount, status, time). Sensitive payment data never persists on our side.

10. Your rights

  • Access and rectification of your data.
  • Erasure of your account and related data (subject to legal allowances).
  • Restriction and objection to processing (where the legal basis is legitimate interest).
  • Portability (where applicable).
  • Withdraw consent for operations that rely on it (e.g., analytics/marketing).
  • Complain to a data protection authority.

To exercise your rights, email [email protected]. We will respond within a reasonable time.

11. Children

The service is not intended for users under 16. If we learn a child under 16 has registered, we will delete the account and data.

12. Changes to this Policy

We update this Policy when services or requirements change. The new version is posted with an updated date. If changes are significant, we will try to notify you via email or in-product.

Contact

Privacy questions: [email protected].