Privacy Policy

1. Introduction

Ordo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered property management platform, website, and related services (collectively, the "Service").

We take privacy seriously because your data is yours. Ordo uses enterprise-grade encryption, secure authentication, and strict access controls to protect your information. We do not sell your personal data to third parties.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: Name, email address, phone number, company name, job title, and billing information
• Property Data: Property details, tenant information, lease agreements, maintenance records, and financial data
• Communication Data: Messages, emails, voice recordings, and other communications processed through our AI Co-pilot
• Payment Information: Credit card details, billing addresses, and payment history (processed through secure third-party payment processors)
• Support Data: Information provided when contacting our support team, including support tickets and feedback

2.2 Information Automatically Collected

• Usage Data: Pages visited, features used, time spent on pages, click paths, and interaction patterns
• Device Information: IP address, browser type and version, operating system, device identifiers, and mobile network information
• Log Data: Server logs, access times, error logs, and performance metrics
• Cookies and Tracking Technologies: See our Cookie Policy for detailed information
• Location Data: Approximate geographic location based on IP address (with your permission when using location-based features)

2.3 Information from Third Parties

• Property Management Systems: Data synced from integrated platforms (Yardi, Entrata, AppFolio, etc.)
• Authentication Providers: Information from single sign-on (SSO) providers if you choose to authenticate through them
• Service Providers: Data from vendors and partners that integrate with our platform

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI-powered property management services, including automated invoice processing, MOR reports, tenant communications, and vendor management
• AI Functionality: To train and operate our AI Co-pilot, enabling natural language processing, automation, and intelligent insights
• Account Management: To create and manage your account, process transactions, and communicate about your account
• Customer Support: To respond to inquiries, provide technical support, and resolve issues
• Security: To detect, prevent, and address security threats, fraud, and unauthorized access
• Analytics: To analyze usage patterns, improve our services, and develop new features
• Communications: To send service-related notifications, updates, marketing communications (with your consent), and respond to your requests
• Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and the rights of our users
• Business Operations: To conduct business analytics, measure service performance, and make informed business decisions

4. Information Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service, including cloud hosting providers, payment processors, email service providers, and analytics services. These providers are contractually obligated to protect your information and use it only for specified purposes.

4.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or security issues.

4.4 With Your Consent

We may share your information with your explicit consent or at your direction, including when you choose to integrate with third-party services.

4.5 Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, or business purposes.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls, multi-factor authentication, and regular access reviews
• Infrastructure Security: Secure cloud hosting with regular security audits and compliance certifications (SOC 2, ISO 27001)
• Monitoring: Continuous monitoring for security threats, unauthorized access, and suspicious activity
• Employee Training: Regular security training and strict confidentiality agreements for all employees
• Incident Response: Established procedures for detecting, responding to, and reporting security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

6.1 General Rights (GDPR, CCPA, and Other Jurisdictions)

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal and contractual obligations)
• Portability: Request transfer of your data in a structured, machine-readable format
• Restriction: Request restriction of processing of your information in certain circumstances
• Objection: Object to processing of your information for certain purposes, such as direct marketing
• Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
• Non-Discrimination: Exercise your rights without discrimination

6.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@Ordospaces.com or through your account settings. We will respond to your request within 30 days (or as required by applicable law) and may require verification of your identity.

7. Data Retention

We retain your personal information for as long as necessary to provide our services, fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. When we no longer need your information, we will securely delete or anonymize it, except where we are required to retain it by law.

Account information is retained while your account is active and for a reasonable period afterward. Financial records may be retained for up to 7 years to comply with tax and accounting requirements.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your country. We ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions, to protect your information in accordance with this Privacy Policy.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information. If you believe we have collected information from a child under 18, please contact us immediately.

10. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@Ordospaces.com.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR). We process your personal information based on legitimate interests, contract performance, consent, or legal obligations. You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and, if the changes are significant, we may provide additional notice (such as an email notification or banner on our website).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: