Privacy Policy

When you create a Cordy account, we collect your name, email address, organization name, and password. If you subscribe to a paid plan, our payment processor (Stripe) collects billing details on our behalf — we do not store credit card numbers directly.

We also collect usage data such as pages visited, features used, and browser or device information through standard server logs. This helps us understand how Cordy is used and where we can improve.

We use your information to operate the Cordy platform, including authenticating your identity, processing bookings, sending transactional emails (confirmations, scheduling links, team invitations), and providing customer support.

We may use aggregated, anonymized usage data to analyze trends and improve our product. We do not use your personal data for advertising.

Your data is stored on infrastructure provided by Supabase, which runs on Amazon Web Services (AWS). Data is encrypted in transit (TLS) and at rest. We use row-level security policies to ensure users can only access data belonging to their organization.

While no system is perfectly secure, we take reasonable administrative, technical, and physical measures to protect your information from unauthorized access, loss, or misuse.

Cordy uses session cookies to keep you logged in and maintain your preferences. These cookies are essential to the operation of the service and are not used for tracking or advertising purposes.

We do not use third-party advertising cookies or tracking pixels.

We use a limited number of third-party services to operate Cordy:

Supabase — authentication and database hosting. Stripe — payment processing for subscriptions. Resend — transactional email delivery (booking confirmations, scheduling links, team invitations).

These providers process data on our behalf and are contractually obligated to protect your information. We do not sell or share your data with any other third parties.

We do not sell, rent, or trade your personal information. We share data only with the third-party processors listed above, and only to the extent necessary to provide the service.

We may disclose information if required by law, such as in response to a valid subpoena or court order.

You have the right to access, correct, or delete your personal data at any time. You can update your profile information directly in Cordy’s settings, or contact us to request a full data export or account deletion.

If you delete your account, we will remove your personal data within 90 days, except where we are required to retain it for legal or compliance purposes.

We retain your data for as long as your account is active. If you cancel your subscription or close your account, we retain your data for up to 90 days to allow for reactivation, after which it is permanently deleted.

Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytical purposes.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice within the Cordy application. Your continued use of Cordy after a change constitutes acceptance of the updated policy.