Skip to content
Ordinus
Sign up free
LEGAL

Privacy Policy

Overview

At Ordinus, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our scheduling service.

Information We Collect

Account Information

  • Name and email address
  • Password (encrypted and hashed)
  • Profile information you choose to provide
  • Billing and payment information (processed by Stripe)

Appointment Data

  • Client names and email addresses
  • Appointment dates, times, and durations
  • Appointment types and settings
  • Calendar availability preferences
  • Payment transaction details

Usage Information

  • Device information (browser type, OS, IP address)
  • Log data (access times, pages viewed, errors)
  • Analytics data (pageviews, feature usage)

How We Use Your Information

We use your information to:

  • Provide and maintain our scheduling service
  • Process appointments and payments
  • Send appointment confirmations and reminders
  • Communicate with you about your account
  • Improve our service and develop new features
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

Data Sharing and Processors

We do not sell your personal information. We share data only with trusted service providers who help us operate our service:

Third-Party Processors

  • Stripe - Payment processing (PCI compliant)
  • Cloud hosting providers - Data storage and infrastructure
  • Email service providers - Transactional emails and notifications
  • Umami Analytics (self-hosted by us) - Cookieless usage statistics, processed only after consent; no data is shared with a third-party analytics provider

All processors are contractually required to protect your data and use it only for the purposes we specify.

How we use Google user data

When you connect your Google Calendar to Ordinus, we request three narrowly-scoped permissions: create a separate "Ordinus" calendar and manage only the events on that calendar (calendar.app.created), read busy/free intervals - start and end times only (calendar.freebusy), and read the list of your calendars so we can check all of them for conflicts (calendar.calendarlist.readonly). We deliberately do not request the broader calendar.events or calendar.readonly scopes, which would let us read or change the events on your own calendars - we never need that and never want it. We use the access we do have solely to provide Ordinus's scheduling features, never for advertising and never to build a profile of you.

What we access, and why

  • Availability: to prevent double-booking, we read only the start and end times of events across all of your Google calendars via Google's freebusy API. That API only returns busy/free intervals - by design, it never returns titles, descriptions, attendees, locations, attachments, or notes. The "we only see start and end" promise is enforced at the API layer by Google itself, not just by us discarding fields.
  • Calendar list: we read the names and identifiers of your calendars so Ordinus can check all of them for scheduling conflicts. We do not read the events on those calendars through this permission.
  • Bookings: when an appointment is booked through Ordinus, we create a corresponding event on a separate "Ordinus" calendar that we create in your account - never on your existing personal or work calendars.
  • Reschedules and cancellations: if an Ordinus booking is rescheduled we update that same Ordinus-created event on the Ordinus calendar; if it is cancelled we delete that event. We only ever delete events Ordinus created.

What we never do

  • We never modify or delete calendar events that Ordinus did not create. Ordinus only ever writes to events it created itself; events you or others created are out of reach for any modification.
  • We never read or use the contents of calendar events Ordinus did not create - titles, descriptions, attendees, locations, attachments, and notes from your other events are never looked at, stored, logged, shared, or used to train any model.
  • External events are queried in real time only to extract start and end times, and discarded immediately after conflict-checking. We keep no persistent copy, summary, or index of your other calendar data.
  • We do not use Google user data for advertising purposes, and we do not sell it or transfer it to data brokers.
  • We do not allow humans to read your Google data, except with your explicit consent (for example, to resolve a support request), where necessary for security or to comply with applicable law, or where the data has been aggregated and anonymized.

Ordinus's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data Security

We implement industry-standard security measures:

  • TLS/HTTPS encryption for data in transit
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt)
  • Regular security audits and updates
  • Access controls and authentication
  • Daily automated backups

Your Rights (GDPR)

If you are in the European Union, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Export your data (JSON/CSV)
  • Restriction: Limit how we process your data
  • Objection: Object to data processing

To exercise these rights, contact us at privacy@ordinus.io

Data Retention

We retain your data for as long as your account is active or as needed to provide our services. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Cookies

We use essential cookies to maintain your session and authentication. We do not use advertising or tracking cookies without your consent.

Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our service.

QUESTIONS?

Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: privacy@ordinus.io