Privacy Policy

Welcome to Ordinote. This Privacy Policy explains how ArchiusComus ("we", "us", or "our") collects, uses, and protects your personal information when you use Ordinote (the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Password (encrypted)
• Authentication tokens

1.2 Content You Create

We store the content you create in Ordinote, including:

• Notes and cards
• File attachments and links
• Workspace settings and configurations
• Dimension configurations

1.3 Usage Information

We automatically collect certain information about how you use the Service:

• Device information (browser type, operating system)
• IP address
• Usage patterns and feature interactions
• Error logs and performance data

2. How We Use Your Information

We use your information solely to:

• Provide and maintain the Service
• Authenticate your account and ensure security
• Store and sync your content across devices
• Send service-related notifications (password resets, security alerts)
• Improve the Service and fix technical issues
• Respond to your support requests

We do not:

• Sell your data to third parties
• Use your content for advertising
• Share your information with anyone without your explicit consent
• Mine your data for any purpose other than providing the Service

3. Data Encryption and Security

3.1 Encryption Standards

Data security varies by subscription level:

• Personal (Free) Plan: Data transmitted over HTTPS but stored unencrypted in our database
• Plus, Team, and Enterprise Plans: Data encrypted at rest using AES-256-GCM encryption with AWS Key Management Service (KMS)

3.2 Security Measures

We implement industry-standard security measures:

• TLS 1.2+ for all data in transit
• JWT-based authentication
• AWS infrastructure with security best practices
• Regular security audits and updates
• Access controls and monitoring

4. GDPR Compliance

4.1 Your Rights Under GDPR

For Plus, Team, and Enterprise subscribers, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing your data
• Objection: Object to processing of your data

4.2 Data Location

Your data is stored in AWS data centers located in the European Union (Ireland region, eu-west-1), ensuring compliance with EU data residency requirements.

4.3 Data Retention

We retain your data for as long as your account is active. Upon account deletion, your data is permanently removed within 30 days.

5. Data Ownership

You own your content. All notes, files, and data you create in Ordinote remain your property. We claim no intellectual property rights over the content you upload or create.

You grant us only the limited rights necessary to:

• Store your content on our servers
• Display your content back to you
• Make backups for data protection

6. Third-Party Services

Ordinote uses the following third-party services:

• AWS (Amazon Web Services): Cloud infrastructure for hosting and storage
• AWS Cognito: User authentication and identity management
• Cloudflare/CloudFront: Content delivery network for faster loading

These services have their own privacy policies and are contractually obligated to protect your data. We do not share your content with these providers beyond what is necessary to operate the Service.

7. Cookies and Tracking

We use minimal cookies for:

• Authentication (JWT tokens)
• Session management
• User preferences

We do not use advertising cookies or third-party tracking scripts.

8. Children's Privacy

Ordinote is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

9. International Data Transfers

For users outside the European Union, your data may be transferred to and processed in the EU (Ireland). We ensure appropriate safeguards are in place for such transfers.

10. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you via email within 72 hours of discovering the breach
• Describe the nature of the breach and data affected
• Provide information about steps we're taking to address the breach
• Offer guidance on protecting yourself

11. Your Data Rights and Requests

To exercise your data rights or request information about your data:

We will respond to your request within 30 days. Please include:

• Your email address associated with your Ordinote account
• The specific request (access, deletion, correction, etc.)
• Any additional information to help us verify your identity

11.1 Data Deletion

To permanently delete your account and all associated data:

1. Send an email to privacy.ordinote@archiuscomus.com with the subject "Account Deletion Request"
2. We will verify your identity
3. Your account and all data will be permanently deleted within 30 days
4. You will receive confirmation once deletion is complete

11.2 Data Export

To export your data in a machine-readable format, contact us at privacy.ordinote@archiuscomus.com. We will provide your data in JSON format within 30 days.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top
• Sending you an email notification (for material changes)

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy.ordinote@archiuscomus.com
Company: ArchiusComus
Service: Ordinote

---

This Privacy Policy is effective as of January 10, 2026. By using Ordinote, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.