Ordesa
TermsPrivacySign in →

Legal

Privacy Policy

Effective date: March 18, 2026

1. Who We Are

Ordesa is a family management application. This Privacy Policy explains what data we collect, why we collect it, and how you can control it.

2. Data We Collect

We collect only what is necessary to provide the Service:

DataWhy
Email addressAccount login and identity
Display name & avatar colorPersonalization within your family
App content (budget, pantry, tasks, etc.)Core service functionality
Theme & language preferencesSaved in cookies for a consistent experience
Telegram chat ID (optional)Only if you connect Telegram integration

We do not collect device identifiers, location data, browsing history, or any data for advertising purposes.

3. How We Use Your Data

  • To provide and operate the Ordesa service.
  • To authenticate you and keep your session secure.
  • To sync your data across your family members in real time.
  • To send transactional emails (e.g. password reset). We send no marketing emails.

We never sell your data. We never share it with third parties for advertising.

4. Data Storage & Security

Your data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure in the EU region. All data is encrypted in transit (TLS) and at rest. Authentication is handled by Supabase Auth with industry-standard security practices.

Cookies we set are httpOnly, SameSite=Lax, and scoped to this domain only. They contain no personal information — only session tokens and preference flags.

5. Data Sharing

We use the following sub-processors to operate the Service:

  • Supabase — database, auth, and real-time infrastructure (supabase.com)
  • Vercel — hosting and edge network (vercel.com)
  • Telegram — only if you connect the optional Telegram bot integration

No other third parties receive your data.

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Correction — update your name and email in Settings → Profile.
  • Deletion — delete your account and all data permanently via Settings → Danger Zone → Delete Account.
  • Portability — request an export of your data by contacting us.
  • Objection — contact us to raise any concerns.

We will respond to all requests within 30 days.

7. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all personal data is permanently removed within 30 days. Backups are purged within 90 days.

8. Children

Ordesa is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the app. Continued use of the Service after changes are posted constitutes acceptance.

10. Contact

For any privacy-related questions or requests, contact us at privacy@ordesa.app.