Privacy Policy

Last updated: 3 November 2025

Short summary (not a substitute for the full policy): Orrdo lets you scan or import documents, turns them into PDFs, generates searchable metadata, stores them in Google Firebase (Frankfurt, EU), and lets you set local reminders. We also use Google Crashlytics (for crash/error diagnostics) and may use Google Analytics for Firebase (for usage metrics) — analytics runs with your consent where required. You control your content. We process your data only to provide and improve the Service and comply with law.

1. Who we are

Orrdo is operated by Amin Seraji (“we,” “us,” “our”), based in Bremen, Germany. This Privacy Policy explains how we process personal data when you use the Orrdo mobile application and related services (“Service”).

2. Scope

This Policy applies to the Service provided via our mobile app. It does not cover any third‑party websites or services that may be linked from the app.

3. Data we process

Document content you provide: images, scans, PDFs, titles, and any text contained in documents you upload or create.
Generated metadata: automatically created keywords and short snippets to help you search within your documents.
Reminder data: reminder title, note, scheduled time, and delivery status for local notifications on your device.
Account & authentication data (if sign‑in is available): basic identifiers from the sign‑in method you choose (e.g., Apple or Google), such as a user ID, display name or email.
Device & diagnostics data: device model, OS version, app version, language/locale, and technical logs required to operate and secure the Service.
Crash reporting data (Google Crashlytics): crash stack traces, device and OS information, app instance identifiers, timestamps, and minimal state needed to diagnose crashes. We do not intentionally include document content or PII in crash logs.
Analytics data (Google Analytics for Firebase, if enabled): aggregated usage events (e.g., screens, sessions, device/OS/app versions, coarse region, engagement metrics). No precise GPS location or contact lists are collected.
Payments & subscriptions: subscription status and purchase tokens received from the App Store or Google Play. We do not collect or store your full payment card details; billing is handled by the respective app store.

We do not intentionally collect precise geolocation, contact lists, or motion/health data. Content you choose to scan may incidentally include special categories of data. We do not infer such categories and process the content only under your control.

4. Purposes of processing & legal bases (EEA/UK)

Purposes of processing & legal bases (EEA/UK)

Provide the Service (create/host PDFs, generate metadata, deliver reminders, maintain accounts): performance of a contract (Art. 6(1)(b) GDPR).
Safety, security & integrity (fraud prevention, troubleshooting, backups, crash diagnostics via Crashlytics): legitimate interests (Art. 6(1)(f)).
Communications (service emails, support): performance of a contract or legitimate interests.
Compliance (tax, accounting, legal requests): legal obligation (Art. 6(1)(c)).
Optional analytics (Google Analytics for Firebase): consent where required; analytics is disabled until consent is granted and can be withdrawn at any time (Art. 6(1)(a)).

5. Where we store and process data

Primary storage: Google Firebase Storage and Cloud Firestore hosted in Frankfurt, Germany (EU region).
Diagnostics & analytics: Google Crashlytics and Google Analytics for Firebase may process data on infrastructure operated by Google globally. When data leaves the EEA/UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

6. Sharing your data

Sharing your data

Service providers / processors: Google (Firebase Storage, Cloud Firestore, Crashlytics, Analytics for Firebase) for hosting, diagnostics and analytics.
App stores: Apple App Store and/or Google Play process purchases and may receive identifiers/purchase tokens as independent controllers.
Legal and safety: We may disclose information if required by law or to protect rights, safety, and the Service.
No selling: We do not sell your personal data.

7. Your choices & controls

Access & export: You can view and export your PDFs and related metadata from within the app (where available) or by contacting us.
Edit & delete: You can rename or delete documents and reminders in the app. We will also honor deletion requests sent to us.
Notifications: Manage local notifications in your device OS settings and within the app.
Analytics consent: Where required, analytics is off by default. You can grant or withdraw consent at any time in the app settings; withdrawal does not affect prior lawful processing. You may also reset your device advertising ID.
Crash reporting: You may disable crash reporting in the app settings where provided; doing so may limit our ability to diagnose issues.
Backups: Deletions propagate to active systems without undue delay; residual copies may remain in encrypted backups for a limited period (see Retention).

8. Data retention

We retain document content and metadata for as long as your account is active or as needed to provide the Service. When you delete items or close your account, we delete active copies and remove associated metadata. Backup copies maintained by our providers are overwritten on a rolling basis after limited periods. Diagnostics (crash) and analytics data are retained for limited periods consistent with provider defaults and our needs to troubleshoot and improve the Service.

9. Security

Security

Encryption in transit (TLS) and at rest provided by Firebase.
Access controls, least‑privilege principles, and audit logging for administrative access.
Rate limiting and abuse prevention to protect service integrity.

No method of transmission or storage is 100% secure. If we learn of a security incident that affects your data, we will notify you and/or regulators as required by law.

10. Children

Our Service can be used by younger users with the consent and supervision of a parent or legal guardian where required by local law. In the EEA/UK, if you are under 16, parental consent may be necessary.

11. Your rights (EEA/UK and similar jurisdictions)

Subject to applicable law, you may have the right to request access, rectification, erasure, restriction, objection to processing, and data portability. You may also withdraw consent at any time where processing is based on consent. To exercise rights, contact us at info@orrdo.com. You also have the right to lodge a complaint with your local supervisory authority.

12. Cookies & tracking

The mobile app does not use browser cookies. We use SDKs such as Google Crashlytics and (with consent where required) Google Analytics for Firebase. These technologies collect device and usage information to help us keep the app reliable and improve it. If we materially expand tracking, we will update this Policy and, where required, request your consent.

13. Changes to this Policy

Changes to this Policy

We may update this Policy from time to time. If changes are material, we will provide notice (e.g., in‑app notice). Your continued use of the Service after the effective date means you accept the updated Policy.

14. Contact

Operator: Amin Seraji
Address: Bremen, Germany
Email: info@orrdo.com

This Policy is provided for transparency and does not create contractual obligations beyond those in the Terms of Service. Consider consulting a qualified lawyer to tailor this document to your specific operations.