← Back to OrgOS

Privacy Policy

Last updated: March 14, 2026

1. Who we are

OrgOS ("we", "our", "us") is a project management platform. This policy explains how we collect, use, and protect your personal data when you use our service at orgos.app.

2. Data we collect

  • Account data: your name, email address, and password hash when you register.
  • Organisation data: names, projects, activities, and other content you create inside OrgOS.
  • Usage data: IP address, user agent, and audit log entries generated by your actions in the app.
  • Billing data: subscription status and customer ID managed by Lemon Squeezy. We do not store payment card details.
  • AI data: messages sent to the AI assistant, stored encrypted (AES-256-GCM) at rest.

3. How we use your data

  • To provide and operate the OrgOS service.
  • To send transactional emails (invitations, password resets, billing receipts).
  • To detect and prevent fraud or security incidents.
  • To fulfil our legal obligations.

We do not sell your personal data. We do not use your data for advertising.

4. Data sharing

We share data only with the following sub-processors required to operate the service:

  • Supabase — PostgreSQL database hosting (EU region available).
  • Vercel — application hosting and edge network.
  • Lemon Squeezy — payment and subscription processing.
  • Anthropic / OpenAI / Google — AI features (when enabled). Only the content you submit to the AI assistant is sent.
  • Pusher — real-time notifications.

5. Data retention

We retain your data for as long as your account is active. When you delete your account, your personal data is deleted within 30 days. Anonymised aggregate data may be retained indefinitely.

6. Your rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at privacy@orgos.app. We will respond within 30 days.

7. Cookies

We use one first-party HTTP-only cookie (activeOrgId) to remember your active organisation. We do not use tracking or advertising cookies.

8. Security

All data is transmitted over HTTPS. Sensitive data (AI conversation history) is encrypted at rest. Passwords are stored as bcrypt hashes. We perform regular security audits.

9. Changes

We may update this policy. We will notify you by email or in-app banner for material changes. Continued use after notice constitutes acceptance.

10. Contact

Questions about this policy: privacy@orgos.app