Create an account
Sign in

Privacy Policy

Introduction

Ordo respects your privacy and is committed to protecting users' personal data. This Privacy Policy describes how we collect, use, store, and protect personal data when you visit the website ordo.now, create an account, or use the platform to write and publish books.

Processing is carried out in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Italian data protection laws.

Data Controller

The Data Controller is Ordo, based in Italy.

For any privacy-related requests: privacy@ordo.now

Personal Data Processed

We process only the personal data strictly necessary to provide the service:

Account data: email address, password (stored in encrypted form), and profile metadata.

User-generated content: titles, texts, chapters, images, and metadata of books you upload or write on the platform.

Purchase data: information necessary to process the one-time (lifetime) payment. Payment data is handled exclusively by Stripe; Ordo does not store full payment details.

Technical and usage data: IP address, browser and device type, access logs, and platform usage events.

Analytics and marketing data: aggregated data and, with your consent, data used to measure advertising campaigns via Google Analytics and Facebook Pixel.

Purposes and Legal Bases

Personal data is processed for the following purposes:

Service provision (contract performance): account registration and management, access to the writing platform, saving and exporting content.

Support (legitimate interest): responding to support requests and reports.

Purchase management (contract performance / legal obligation): processing lifetime payments, tax and accounting compliance.

Security (legitimate interest): protecting infrastructure, detecting anomalies, preventing fraud.

Analysis and improvement (legitimate interest or consent): use of aggregated data to improve platform features and UX.

Service communications (contract performance): transactional emails such as registration confirmation, email verification, and account notifications.

Marketing (consent): measuring the effectiveness of advertising campaigns via Facebook Pixel, only with explicit consent.

Data Recipients

Data may be processed by the following third-party providers (Data Processors), strictly limited to what is necessary:

Supabase: authentication, session management, and database. Google Cloud Storage: storage of user-uploaded files.

Transactional email providers: sending system emails (account verification, notifications).

Stripe: secure payment processing.

Google (Analytics / Tag Manager) and Meta Platforms (Facebook Pixel): traffic analysis and campaign measurement, subject to user consent.

Ordo does not sell personal data to third parties. Data is shared exclusively for the purposes described and only when necessary.

Transfers Outside the EEA

Some providers (Supabase, Google, Meta, Stripe) may process data outside the European Economic Area. In such cases, we adopt the safeguards required by the GDPR, including Standard Contractual Clauses approved by the European Commission.

Data Retention

Data is retained only for as long as necessary:

Account data and content: for the duration of the account. In case of deletion, data is removed within 30 days unless legal obligations apply.

Billing data: retained for 10 years in accordance with Italian tax laws.

Technical logs: retained for short periods (generally 90 days).

You may request deletion of your account and associated data by contacting privacy@ordo.now.

Data Security

We implement appropriate technical and organizational measures: encrypted transmission via HTTPS, access controls, hashed passwords, and signed URLs for file access. We strive to operate according to industry standards.

Data Subject Rights

Under the GDPR (Articles 15–22), you may exercise the following rights by contacting privacy@ordo.now:

Access: obtain confirmation of processing and a copy of your personal data.

Rectification: correct inaccurate or incomplete data.

Erasure: request deletion of data ("right to be forgotten"), within legal limits.

Restriction: obtain restriction of processing in certain cases.

Objection: object to processing based on legitimate interest.

Data portability: receive data in a structured, machine-readable format.

Withdraw consent: at any time, without affecting the lawfulness of prior processing.

You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

Cookies

We use cookies and similar technologies to ensure proper website functionality, improve user experience, and measure platform usage.

You can manage cookie preferences via the consent banner shown on first access or from the website footer. For more details, see our Cookie Policy.

Minors

The Ordo platform is intended for adult users. We do not knowingly collect personal data from individuals under 18 years of age.

Changes to this Privacy Policy

Ordo reserves the right to update this Privacy Policy. Significant changes will be communicated to registered users via email or in-platform notice.

Contact

For any questions regarding personal data processing: privacy@ordo.now

© 2026 Ordo
Made with care, shared with love.