Privacy Policy

1. Information We Collect

When you use Ordo, we collect and store:

• Account information — your name and email address, managed through Clerk authentication.
• Tasks and events — tasks, subtasks, courses, and calendar events you create in the app.
• Focus sessions — timer data recording the duration and type of focus sessions you complete.
• Journal entries — daily reflection entries including mood, energy, and written responses. Journal entries are encrypted at rest using AES-256.
• Planning preferences — your working hours, daily capacity, and AI decomposition settings.
• Google Calendar data — if you connect Google Calendar, we import your calendar events. We store your Google OAuth tokens encrypted at rest. We only request read-only calendar access.
• AI usage — we log the number of AI feature calls you make per day for rate-limiting purposes. We do not store AI prompt or response content beyond what is displayed to you.

2. How We Use Your Information

• To provide core functionality: scheduling, task management, focus tracking, and journaling.
• To generate AI-powered features like task decomposition and daily briefings. Your task and context data is sent to the Anthropic API to produce these results.
• To sync your Google Calendar events into Ordo when you connect it.
• To enforce daily AI usage limits and prevent abuse.

We do not sell your personal data. We do not use your data to train AI models.

3. Data Storage and Security

Your data is stored in Supabase (PostgreSQL), hosted on AWS. All tables use row-level security so your data is accessible only to your account. Journal entries and Google OAuth tokens are encrypted at rest. All data in transit is encrypted via HTTPS/TLS.

We use Clerk for authentication. Your password is never stored by Ordo directly.

4. Third-Party Services

• Clerk — authentication and user management. Clerk Privacy Policy
• Supabase — database and storage. Supabase Privacy Policy
• Anthropic — AI features. Task titles, descriptions, and context are sent to Anthropic to generate responses. Anthropic Privacy Policy
• Google — optional Google Calendar integration. Google Privacy Policy

5. Your Rights

You may request deletion of your account and all associated data at any time by using Settings → Account → Clear all account data, or by contacting us at the email below. Upon deletion, your data is removed from our active database. Supabase may retain backups for up to 30 days.

If you are located in the EU/EEA, you have rights under GDPR including the right to access, rectify, erase, and port your data. Contact us to exercise these rights.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we delete your data from active systems within 7 days. Backups are purged within 30 days.

7. Children

Ordo is not directed at children under 13. We do not knowingly collect data from children under 13.

8. Changes to This Policy

We may update this policy periodically. We will notify you of material changes by updating the effective date above. Continued use of the app after changes constitutes acceptance.

9. Contact

For privacy-related questions or requests, contact us at ordoforstudents@gmail.com.