← Back to Home

Privacy Policy

Last updated: January 2025

1. Introduction

Sophina Inc. ("Company", "we", "us") operates Ordia ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

2. Information We Collect

2.1 Account Information

  • Name and email address
  • Organization name
  • Billing information (processed by our payment provider)
  • Authentication credentials

2.2 Connected Service Data

When you connect third-party services, we access:

  • Slack: Messages, channels, user information, and activity data from connected workspaces
  • GitHub: Repositories, pull requests, issues, commits, and user activity
  • Jira: Projects, issues, comments, and workflow data

2.3 Usage Data

  • Log data (IP address, browser type, access times)
  • Feature usage and interaction patterns
  • Device information

3. How We Use Your Information

  • Service Delivery: To analyze your connected data and provide insights, notifications, and recommendations
  • AI Processing: To process your data through AI systems (including OpenAI) for analysis and insight generation
  • Service Improvement: To improve and optimize the Service using anonymized, aggregated data
  • Communication: To send service updates, security alerts, and support messages
  • Security: To detect, prevent, and respond to security incidents
  • Legal Compliance: To comply with applicable laws and regulations

4. AI Data Processing

Your data may be processed by artificial intelligence systems to provide the Service's core functionality:

  • Data is sent to OpenAI's API for analysis and insight generation
  • We have agreements with AI providers prohibiting the use of your data for model training
  • AI-processed data is subject to the same security measures as all other data
  • You can request deletion of AI-processed data at any time

5. Data Sharing and Subprocessors

We share data with the following categories of third parties:

  • Infrastructure Providers: AWS, Supabase, Cloudflare for hosting and data storage
  • AI Providers: OpenAI for data analysis and insight generation
  • Payment Processors: For subscription billing
  • Analytics: For service improvement (anonymized data only)

See our Subprocessors page for a complete list.

6. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. We use appropriate safeguards such as Standard Contractual Clauses where required. By using the Service, you consent to the transfer of your data to these countries.

7. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and authentication
  • Regular security assessments
  • Audit logging and monitoring
  • Incident response procedures

See our Security page for more details.

8. Data Retention

  • Account data is retained while your account is active
  • Connected service data is retained for the duration necessary to provide insights
  • Upon account deletion, we delete your data within 30 days, except as required by law
  • Anonymized, aggregated data may be retained indefinitely

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing

To exercise these rights, contact us at privacy@ordia.dev.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt out of sale or sharing of personal information
  • Non-Discrimination: We will not discriminate against you for exercising your rights

Do Not Sell or Share My Personal Information: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. If you wish to opt out of any sharing, contact us at privacy@ordia.dev.

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it promptly. If you believe we have collected information from a child under 13, please contact us immediately.

12. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Email: privacy@ordia.dev

Data Protection Inquiries: dpo@ordia.dev