Cordinova Logo
    |
    About UsContact
    Sign In

    Privacy Policy

    At Cordinova, we take your privacy seriously. This policy explains how we collect, use, and protect your information.

    Last Updated: December 16, 2025

    1. Introduction and Acceptance

    Cordinova, Inc. ("we," "our," "us," or "Company") is committed to protecting the privacy and security of our users. This Privacy Policy explains our practices regarding the information stored and processed through our employee scheduling and workforce management platform (the "Service" or "Platform").

    IMPORTANT DISTINCTION: WE STORE DATA, WE DO NOT "COLLECT" IT. Cordinova is a data storage and processing platform. We store your data on your behalf to provide scheduling, time tracking, and workforce management functionality. We do not "collect" your data for our own purposes, marketing, advertising, or any use beyond providing the Service to you. Your data remains your property.

    BY USING OUR SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. If you do not agree with our policies and practices, you must not access or use our Service. Your continued use of the Service constitutes your acceptance of any changes to this Privacy Policy.

    2. Data Storage vs. Data Collection - Critical Distinction

    2.1 We Store Your Data, We Do Not Collect It. This is a fundamental distinction. Cordinova operates as a data storage platform for your business operations. When you input employee information, create schedules, track time, or enter any other data into our Platform, you are storing that data in our system for your own use and benefit—not providing it to us for our own purposes.

    2.2 Your Data Remains Yours. All information you enter into the Platform ("User Data") remains your exclusive property. We do not claim any ownership over your User Data. We simply provide the infrastructure and tools for you to store, organize, and utilize your own business data.

    2.3 Types of Data You Store in Our Platform:

    • Account Information: Business name, contact name, email address, phone number, billing information, and account credentials that you provide when registering for an account.
    • Employee Data: Employee names, contact information, job titles, departments, wage rates, employment status, and any other employee information you choose to store in the Platform.
    • Scheduling Data: Work schedules, shift assignments, availability preferences, time-off requests, and other scheduling information you create and manage.
    • Time Tracking Data: Clock-in/clock-out times, hours worked, break times, and other time-tracking information recorded through the Platform.
    • Operational Data: Company policies, position descriptions, department structures, operating hours, and other business information you configure in the Platform.
    • Communications Data: Messages, notifications, and communications sent through the Platform between you and your employees.
    • Technical Data: Device information, IP addresses, browser type, and access logs automatically recorded for security and platform functionality purposes only.

    2.4 What We Do NOT Do With Your Data:

    • We do NOT sell, rent, lease, or trade your User Data to third parties for any purpose.
    • We do NOT share your User Data with third-party marketing, advertising, or analytics services.
    • We do NOT analyze your User Data to create profiles, target advertisements, or derive insights for our own business purposes.
    • We do NOT share your User Data with third parties except as required to provide the Service or as required by law.
    • We do NOT access or view your User Data except when necessary to provide technical support, maintain platform security, or comply with legal obligations.

    2.5 Limited Data Usage for Platform Operation. We only use your stored data for the following strictly limited purposes: (a) to provide the scheduling and workforce management functionality you requested; (b) to maintain platform security and prevent fraud; (c) to provide customer support when you request assistance; (d) to improve platform performance and fix technical issues; (e) to send you service-related communications, account updates, and support follow-ups directly from Cordinova (not through third-party marketing services); and (f) to comply with applicable laws and regulations.

    2.6 Direct Communications from Cordinova. We may send you emails directly from Cordinova using the email address you provided during account registration. These communications include: account notifications, service updates, billing information, customer support follow-ups, security alerts, and important platform announcements. We do not use third-party marketing automation or advertising platforms for these communications. You may opt out of non-essential communications through your account settings, though you will continue to receive critical service-related and security notifications.

    3. Our Core Privacy Commitments

    Cordinova is committed to maintaining the highest standards of data privacy and protection. Our core privacy commitments to you include:

    • Zero Third-Party Marketing: We do not and will not share your personal information or business data with third-party marketing, advertising, or analytics services. Any communications you receive come directly from Cordinova.
    • Absolute No-Selling Policy: We do not and will not sell, rent, lease, license, or otherwise transfer your personal information, employee data, or business data to third parties for monetary consideration or any other value exchange. Your data will never be monetized.
    • Minimal Analytics Only: Any usage analytics we collect are strictly limited to: (a) identifying and fixing technical bugs; (b) measuring platform performance and uptime; (c) improving core functionality based on how features are used; and (d) ensuring platform security. We do not use analytics for third-party business intelligence, competitive analysis, or any purpose beyond platform improvement.
    • Strict Data Minimization: We store only the minimum data absolutely necessary to provide the core scheduling, time tracking, and workforce management functionality. We do not request or encourage storing extraneous data.
    • Controlled Third-Party Access: We do not integrate with third-party advertising networks or data brokers. Any third-party services we use (such as infrastructure providers and payment processors) are carefully vetted and contractually bound to protect your data.

    Our Commitment to Transparency: We believe in clear, honest communication about our data practices. If we ever plan to make material changes that would expand data usage beyond storage for platform functionality, we will provide at least 60 days' advance notice and require your explicit opt-in consent. We will never retroactively change how we use your existing data without your express permission.

    4. Data Storage, Security, and Infrastructure

    4.1 Infrastructure and Storage. Cordinova utilizes Supabase, an open-source database platform built on PostgreSQL, to store and process your data. Supabase infrastructure is hosted on Amazon Web Services (AWS) data centers in the United States. Your data is stored in secure data centers with backup systems.

    4.2 Data Isolation and Access Control. Your data remains under your exclusive control and ownership at all times. We implement data isolation through:

    • Row-Level Security (RLS): Database-level security policies ensure that users can only access their own organization's data. Each user's access is restricted to data belonging to their organization.
    • Multi-Tenant Design: Each customer's data is logically separated in our multi-tenant database, with users unable to access other organizations' data.
    • Data Residency: Your data is stored on Supabase infrastructure, which is hosted on AWS in the United States.

    4.3 Password Security. We take basic security measures to protect your account:

    • Password Hashing: All passwords are hashed using industry-standard algorithms in our database and are never stored in plain text.
    • Your Responsibility: You are responsible for creating a strong, unique password and keeping it confidential. Do not share your password with anyone, and change it regularly if you suspect it has been compromised.

    4.4 Security Limitations and Disclaimers. While we implement industry-standard security measures, NO METHOD OF TRANSMISSION OVER THE INTERNET OR ELECTRONIC STORAGE IS 100% SECURE. We cannot guarantee absolute security. You acknowledge and accept the inherent security risks of transmitting and storing data electronically. Cordinova shall not be liable for any unauthorized access, security breaches, or data loss except in cases of gross negligence or willful misconduct on our part.

    4.5 Your Security Responsibilities. You are responsible for: (a) maintaining the confidentiality of your account credentials; (b) using strong, unique passwords; (c) enabling available security features like multi-factor authentication; (d) monitoring your account for unauthorized access; (e) immediately notifying us of any suspected security breach; and (f) maintaining your own backup copies of critical data.

    5. Data Retention and Deletion

    5.1 Retention Periods. We retain your data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

    • Active Account Data: Retained for the duration of your active subscription and use of the Service.
    • Employee Time and Scheduling Records: Retained for a minimum of 3 years from the date of creation to comply with federal and state labor record-keeping requirements (Fair Labor Standards Act, state wage and hour laws).
    • Payroll-Adjacent Data: Time tracking and hours worked data retained for 3-7 years depending on applicable regulations.
    • Financial and Billing Records: Retained for 7 years to comply with tax and accounting regulations.
    • Technical Logs and Security Data: Retained for 90 days to 1 year for security monitoring and troubleshooting purposes.

    5.2 Account Deletion. Upon termination of your account or subscription, we will delete or anonymize your User Data in accordance with the following timeline:

    • Immediate Access Removal: Your access to the Platform and your data is immediately disabled upon account termination.
    • 30-Day Deletion Period: We will use commercially reasonable efforts to delete your User Data from active systems within 30 days of account termination.
    • Backup Retention: Deleted data may persist in backup systems for up to 90 days before being permanently purged.
    • Legal Hold Exception: Data subject to legal holds, pending litigation, regulatory requirements, or ongoing investigations will be retained until the hold is lifted.

    5.3 Retention for Legal Compliance. Notwithstanding the above, we may retain certain data when required by law, including but not limited to: (a) employment records required by labor laws; (b) financial records required by tax authorities; (c) data necessary to defend legal claims; (d) data required for regulatory compliance; or (e) data subject to legal preservation obligations.

    5.4 Your Backup Responsibility. IMPORTANT: Before requesting account deletion, YOU ARE RESPONSIBLE FOR DOWNLOADING AND MAINTAINING YOUR OWN BACKUP COPIES OF ALL DATA YOU WISH TO RETAIN. Once data is deleted from our systems, it cannot be recovered. We are not responsible for any data loss resulting from account termination or deletion requests.

    6. Your Privacy Rights and Choices

    Depending on your location and applicable laws (including GDPR, CCPA, and other privacy regulations), you may have certain rights regarding your personal information:

    • Right to Access: You have the right to request access to the personal information we store about you. You can access most of your data directly through your account dashboard.
    • Right to Correction: You have the right to request correction of inaccurate personal information. You can update most information directly in your account settings.
    • Right to Deletion: You have the right to request deletion of your personal information, subject to certain legal exceptions (such as record retention requirements).
    • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another service provider.
    • Right to Object: You have the right to object to certain processing of your personal information, particularly for marketing purposes (though we don't use your data for marketing).
    • Right to Restriction: You have the right to request restriction of processing of your personal information under certain circumstances.
    • Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw that consent at any time.

    How to Exercise Your Rights: To exercise any of these rights, please contact us at contact@cordinova.com or through your account settings. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

    Limitations: Please note that some rights may be limited where we have compelling legitimate grounds to continue processing, where processing is necessary for legal compliance, or where data retention is required by law (such as employment record retention requirements).

    7. Third-Party Sharing and Disclosures

    7.1 No Selling or Marketing Sharing. We do not and will not sell, rent, lease, or trade your User Data or personal information to third parties for marketing, advertising, or any other commercial purpose.

    7.2 Service Providers. We may share limited data with trusted third-party service providers who perform services on our behalf, including:

    • Infrastructure Providers: Supabase and AWS for database hosting and cloud infrastructure.
    • Payment Processors: Stripe for processing subscription payments. Stripe receives only billing information necessary to process payments (payment method details, billing address, transaction amounts) and does not receive employee scheduling data, time tracking information, or other operational data.
    • Email Services: To send transactional emails and notifications you've requested directly from Cordinova.
    • Security Services: To monitor for security threats and prevent fraud.

    These service providers are contractually obligated to: (a) use your data only for the specific services they provide to us; (b) maintain the confidentiality and security of your data; and (c) not use your data for their own purposes.

    7.3 Legal Compliance and Protection. We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

    • Comply with legal obligations, court orders, subpoenas, or other legal processes;
    • Enforce our Terms of Service or other agreements;
    • Protect the rights, property, or safety of Cordinova, our users, or the public;
    • Detect, prevent, or address fraud, security, or technical issues;
    • Respond to claims that content violates third-party rights.

    7.4 Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

    7.5 With Your Consent. We may share your information with third parties when you explicitly consent to such sharing.

    7.6 Aggregate and Anonymized Data. We may share aggregate, anonymized, or de-identified data that cannot reasonably be used to identify you or your business for analytical or statistical purposes.

    8. International Data Transfers and Compliance

    8.1 Data Location. Your information is stored on servers located in the United States. If you are located outside the United States and choose to use our Service, you acknowledge that your data will be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your jurisdiction.

    8.2 Infrastructure Providers. We use Supabase and AWS as our infrastructure providers. These providers maintain their own security standards and compliance programs. Cordinova does not hold independent security certifications as we are an early-stage startup.

    8.3 European Economic Area (EEA) Users. For users in the EEA, UK, or Switzerland, your data may be transferred to and stored in the United States. Our infrastructure providers (Supabase and AWS) implement appropriate safeguards for international data transfers. By using our Service, you acknowledge and consent to this data transfer.

    8.4 Your Acknowledgment. By using the Service, you expressly consent to the transfer of your data to the United States and processing in accordance with this Privacy Policy.

    9. Cookies and Tracking Technologies

    9.1 What Are Cookies. Cookies are small text files placed on your device by websites you visit. We use cookies and similar tracking technologies (web beacons, pixels, local storage) to enable platform functionality and enhance your experience.

    9.2 Types of Cookies We Use:

    • Essential Cookies: Required for platform functionality, including authentication, session management, and security features. These cannot be disabled without breaking core functionality.
    • Functional Cookies: Remember your preferences and settings to enhance your user experience.
    • Performance Cookies: Help us understand how you use the Platform so we can identify and fix technical issues and improve performance.

    9.3 What We Do NOT Use:

    • We do NOT use advertising or marketing cookies.
    • We do NOT use third-party tracking cookies for behavioral advertising.
    • We do NOT share cookie data with advertisers or data brokers.

    9.4 Your Cookie Choices. Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies. However, disabling essential cookies will prevent you from using the Service. To manage cookies:

    • Adjust your browser settings to refuse all cookies or indicate when a cookie is being sent.
    • Delete cookies already stored on your device through your browser settings.
    • Use privacy-focused browser extensions to manage cookies.

    10. Data Breach Notification

    10.1 Our Commitment. In the event of a data breach that compromises the security, confidentiality, or integrity of your User Data, we will:

    • Investigate the breach promptly and determine the scope and impact.
    • Notify affected users without undue delay and within timeframes required by applicable law (typically within 72 hours of discovery).
    • Provide information about the nature of the breach, types of data affected, and steps we are taking to address it.
    • Recommend actions you can take to protect yourself.
    • Notify relevant regulatory authorities as required by law.

    10.2 Limitations of Liability. While we will make commercially reasonable efforts to prevent and respond to data breaches, you acknowledge that no security system is impenetrable. Cordinova shall not be liable for data breaches except in cases of gross negligence or willful misconduct. You are responsible for maintaining your own backup copies of critical data.

    11. Children's Privacy

    Our Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@cordinova.com. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information.

    12. California Privacy Rights (CCPA)

    If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

    • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have stored about you in the past 12 months.
    • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
    • Right to Opt-Out: You have the right to opt out of the "sale" of your personal information. Note: We do not sell personal information.
    • Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

    To exercise these rights, contact us at contact@cordinova.com. We will verify your identity before processing your request.

    13. Changes to This Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

    • Posting the updated Privacy Policy on this page with a new "Last Updated" date;
    • Sending email notification to the primary email address associated with your account;
    • Displaying a prominent notice on the Platform;
    • For significant changes that expand data usage, requiring your affirmative consent before the changes take effect.

    Material Changes. For material changes that significantly affect your privacy rights or how we use your data, we will provide at least 60 days' advance notice and may require your explicit opt-in consent before implementing the changes.

    We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy, except where affirmative consent is required.

    14. Contact Us and Data Protection Officer

    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

    Email: contact@cordinova.com

    We will respond to all inquiries within 30 days (or as required by applicable law).

    Resources

    • Schedule a Demo
    • Updates

    Company

    • About Us
    • Contact

    Legal

    • Privacy Policy
    • Terms of Service

    Social Media

    • Instagram

    © 2026 Cordinova. All rights reserved.

    Cordinova Beta 1.1