Ordu Labs Ordu Labs Ordu Labs

Privacy Policy

Last updated: February 11, 2026

1. Scope and role

This Privacy Policy explains how Ordu Labs LLC ("Ordu Labs", "we", "our", "us") collects and processes information when you use our website, request access, install our apps, or contact support.

2. Information we collect

Depending on the product and integration you use, we may collect:

  • Account and contact data: name, work email, company name, and website details.
  • Integration and OAuth data: connected account identifiers, granted scopes, tokens, and metadata needed to maintain app connections.
  • Operational app data: subscription invoice, customer, product, inventory, notification, and order-related records needed for app features.
  • Usage and diagnostics data: event logs, feature interactions, webhook events, error diagnostics, and delivery status records.
  • Support and access-request data: messages, attachments, and troubleshooting context.

3. How we use information

  • Provide, secure, and improve our services.
  • Operate workflows you request (for example, payment-recovery and restock alert operations).
  • Prevent abuse, detect incidents, and maintain auditability.
  • Respond to support inquiries and service communications.
  • Comply with legal obligations and enforce our terms.

4. Integrations, scopes, and access patterns

Our apps use OAuth and webhook-based integrations with platforms such as Stripe, Shopify, and Xero. We aim to request least-privilege access needed for product functionality. Exact scope names vary by app and platform version.

5. How we share information

We do not sell personal information. We share information with service providers only as needed to operate the service, including infrastructure, analytics, support, payment, and messaging providers.

6. Data retention

We retain data for as long as needed to deliver service, maintain required records, and resolve disputes. Typical retention windows are:

  • Access requests and support records: up to 24 months after last activity.
  • Operational logs and diagnostics: typically 12 months, unless a longer period is needed for security.
  • Account-level records: through the active relationship and a reasonable wind-down period.

We may anonymize or aggregate data for service improvement.

7. Security practices

  • Encryption in transit and provider-managed encryption at rest where available.
  • Role-based access controls and limited production access.
  • Logging, monitoring, and incident response procedures.
  • Credential and token handling controls designed for least privilege.

8. International data transfers

Our providers may process data in multiple countries. We use contractual and technical safeguards appropriate to cross-border transfers.

9. Your choices and rights

Subject to applicable law, you may request access, correction, export, or deletion of your personal information. You may also request disconnection of app integrations.

Send privacy requests to support@ordulabs.com. We may verify your request before processing.

10. Policy updates

We may update this policy over time. Material updates will be posted here with a revised "Last updated" date.

11. Contact

Privacy questions and requests: support@ordulabs.com