Last updated: April 2026
Ordo AI ("Ordo", "we", "us") is an AI-powered task management and execution product. We are committed to protecting your personal data and complying with the UK GDPR and the Data Protection Act 2018. If you have questions about this policy, contact us at privacy@ordo.ai.
We collect the following categories of personal data: • Account data: your name, email address, and password (stored as a secure hash) • Profile data: company name, contact details, logo, and tagline you provide • Task and project data: tasks, projects, notes, and documents you create • Uploaded files: documents you upload to tasks and projects, stored securely on AWS S3 • Usage data: how you use the product, including AI call frequency • Communications: emails sent to your Ordo inbound address
We use your data to: • Provide and improve the Ordo service • Generate AI outputs using your task context and uploaded documents • Send you weekly digest emails (where enabled) • Create tasks from emails you forward to your Ordo address • Monitor usage for billing and fair use purposes • Comply with legal obligations
Ordo's AI features are powered by Anthropic's Claude API. When you use AI features (Complete Task, Delegate Task, Ask Ava), the content you submit — including task details, uploaded document text, and context you provide — is sent to Anthropic's API for processing. Anthropic processes this data in accordance with their privacy policy. We do not share your data with Anthropic beyond what is necessary to provide the AI features.
Files you upload are stored securely on Amazon Web Services (AWS) S3 in the eu-west-2 (London) region. Files are associated with your account and are accessible only to you. When you delete a file or delete your account, the file is permanently removed from our servers.
We retain your data for as long as your account is active. When you delete your account, all associated data is permanently deleted including tasks, projects, documents, uploaded files (from AWS S3), and profile information. We do not retain backups of deleted account data beyond 30 days.
Under UK GDPR you have the right to: • Access your data — request a copy of all data we hold about you • Rectification — correct inaccurate data • Erasure — delete your account and all associated data (available in Settings) • Portability — receive your data in a machine-readable format • Object — object to processing of your data To exercise any of these rights, contact privacy@ordo.ai.
Ordo uses a single authentication cookie (httpOnly, Secure) to maintain your session. This cookie is strictly necessary for the service to function. No third-party tracking or advertising cookies are used.
We do not sell your data. We share data only with: • Anthropic — for AI processing (see section 4) • Amazon Web Services — for file storage and hosting • Vercel — for frontend hosting All processors are bound by data processing agreements.
We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), secure password hashing (bcrypt), httpOnly authentication cookies, and role-based data access controls. All data is stored in AWS eu-west-2 (London).
For privacy-related enquiries: privacy@ordo.ai You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been processed unlawfully.