Welcome to OrdiExpo. This Privacy Policy explains how ArchiusComus ("we", "us", or "our") collects, uses, and protects your personal information when you use OrdiExpo (the "Service").
Our Commitment to Your Privacy: We do not share your information with anyone. Your data belongs to you, and we are committed to protecting your privacy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Name
- Password (encrypted — we never store plaintext passwords)
- Authentication tokens
1.2 Content You Create
We store the content you create while using OrdiExpo, including:
- Products and specifications
- Event configurations and QR codes
- Quote/offer records and visitor contact details
- Custom question templates and responses
- Organization branding assets (logos, colors)
- Salesperson profiles and PIN configurations
1.3 Usage Information
We automatically collect certain information when you use the Service:
- Device information (browser type, operating system)
- IP address
- Usage patterns and feature interactions
- Error logs and performance data
2. How We Use Your Information
We use your information to:
- Provide and maintain the OrdiExpo service
- Authenticate your identity and secure your account
- Store and synchronize your content across devices
- Send service-related notifications (e.g., quote confirmations, system updates)
- Improve and optimize the service
- Provide customer support
What we do NOT do with your data:
- We do NOT sell your data to third parties
- We do NOT use your data for advertising purposes
- We do NOT share your data without your explicit consent
- We do NOT mine your data for any purpose beyond providing the service
3. Data Encryption and Security
We take the security of your data seriously and implement multiple layers of protection:
- Encryption at Rest: ALL data is encrypted at rest using AWS-managed encryption for both DynamoDB and S3 storage
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
- Authentication: We use JWT (JSON Web Token) based authentication to secure access to your account
- Infrastructure: Our service runs on AWS infrastructure with industry-leading security practices
- Security Audits: We conduct regular security audits to identify and address potential vulnerabilities
4. GDPR Compliance
OrdiExpo is fully GDPR compliant for ALL users, regardless of subscription tier or plan. Under the GDPR, you have the following rights:
- Right of Access: You can request a copy of the personal data we hold about you
- Right to Rectification: You can request correction of inaccurate or incomplete personal data
- Right to Erasure: You can request deletion of your personal data
- Right to Data Portability: You can request your data in a machine-readable format
- Right to Restriction: You can request that we limit the processing of your personal data
- Right to Object: You can object to the processing of your personal data
Data Location: All data is stored in the AWS eu-north-1 region (Stockholm, Sweden), ensuring your data remains within the European Union.
Data Isolation: Each organization's data is stored in a separate DynamoDB table, providing complete data isolation between organizations.
Data Retention: We retain your data for as long as your account remains active. Upon account deletion, all associated data is permanently deleted within 30 days.
5. Data Ownership
You own your content. All products, quotes, leads, and organization data you create within OrdiExpo remain your property. We do not claim any ownership rights over your content.
We are granted only limited rights to your content, solely for the purposes of storing, displaying, and creating backups of your data as part of providing the Service.
6. Third-Party Services
We use the following third-party services to operate OrdiExpo:
- AWS DynamoDB: Database storage with per-organization table isolation
- AWS S3: File storage for product images, QR codes, and generated PDFs
- AWS SES: Transactional email delivery for quotes and notifications
- AWS Lambda: Serverless compute for API and PDF generation
- Anthropic Claude: AI-powered product extraction from PDF brochures and auto-translation
These services are used solely to provide and improve OrdiExpo. We do not share your data with any third parties for marketing or advertising purposes.
7. Cookies and Tracking
OrdiExpo uses minimal cookies strictly necessary for the operation of the Service:
- Authentication cookies: JWT tokens to keep you signed in
- Session management: To maintain your session state
- User preferences: To remember your language and display settings
We do NOT use advertising cookies or any third-party tracking technologies.
8. Children's Privacy
OrdiExpo is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.
9. International Data Transfers
All data is processed and stored within the European Union, specifically in the AWS eu-north-1 region located in Stockholm, Sweden. We do not transfer your personal data outside the EU/EEA.
10. Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we will:
- Notify you via email within 72 hours of becoming aware of the breach
- Describe the nature and scope of the breach
- Outline the steps we have taken to address the breach
- Provide guidance on steps you can take to protect yourself
11. Your Data Rights and Requests
To exercise any of your data rights, please contact us at privacy.ordiexpo@archiuscomus.com. We will respond to all data requests within 30 days.
Data Deletion Process
To request deletion of your data:
- Send an email to privacy.ordiexpo@archiuscomus.com requesting data deletion
- We will verify your identity to protect your account
- Upon verification, all your data will be permanently deleted within 30 days
Data Export
You can request an export of your data in JSON format by contacting us at privacy.ordiexpo@archiuscomus.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. For material changes that significantly affect how we handle your personal data, we will notify you via email.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: