1. Introduction
Cordinova ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our employee scheduling and workforce management platform (the "Service").
Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
Please refer to the banner at the top of the page regarding information we collect during our beta.
3. Beta Data Collection Policy
IMPORTANT BETA NOTICE: Cordinova is currently operating in beta mode. During this beta period, we have implemented enhanced privacy protections:
- No Data Collection for Marketing: We do not collect, analyze, or use your personal information for marketing, advertising, or promotional purposes during the beta period.
- No Data Sales: We do not sell, rent, lease, or otherwise transfer your personal information to third parties for monetary or other valuable consideration.
- Limited Analytics: Any usage analytics collected during beta are strictly limited to improving core functionality and identifying technical issues.
- Data Minimization: We collect only the minimum data necessary to provide the core scheduling and workforce management functionality.
Upon completion of the beta period, we will provide advance notice of any changes to these data collection practices and will require your explicit consent for any expanded data usage.
4. Data Storage and Security
Cordinova utilizes Supabase, a secure and compliant database platform built on PostgreSQL, to store and process your data. Supabase provides enterprise-grade security measures and is hosted on Amazon Web Services (AWS) infrastructure. We implement appropriate technical and organizational measures to maintain the security of your personal information and protect it against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Data Sovereignty Commitment: Your data remains under your control. We do not access, analyze, or process your data for any purposes other than providing the Service to you. Supabase's architecture ensures that your data is isolated and protected through row-level security policies and encrypted connections.
Some specific security measures we implement include:
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication requirements
- Regular backups to prevent data loss
- Employee training on data protection and security practices
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Employee scheduling and time clock data is typically retained for a period of 3 years to comply with various labor laws and regulations.
When we no longer need to process your personal information, we will delete or anonymize it. If this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.
6. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information, including:
- The right to access the personal information we have about you
- The right to request correction of inaccurate personal information
- The right to request deletion of your personal information
- The right to object to or restrict certain processing of your personal information
- The right to data portability
To exercise these rights, please contact us using the information provided in the "Contact Us" section below. Please note that some of these rights may be limited where we have compelling legitimate grounds or legal obligations to process your personal information.
7. International Data Transfers
Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data to the United States and process it there. Supabase and AWS data centers used for storing your information comply with regional data protection requirements including SOC 2 Type II, ISO 27001, and other industry standards.
For users in the European Economic Area (EEA), we ensure that your personal information is protected when transferred outside the EEA by using appropriate safeguards, such as standard contractual clauses approved by the European Commission.
8. Cookies and Similar Technologies
We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
We use cookies for the following purposes:
- To maintain your authenticated session and secure access to your account
- To remember your preferences and settings
- To analyze how you use our Service so we can improve functionality
- To help diagnose and troubleshoot technical issues
9. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
For significant changes, we will provide a more prominent notice, which may include email notification to the primary email address specified in your account.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: contact@cordinova.com
Cordinova, Inc.