Privacy Policy

Effective date: April 27, 2026

Ordyn+ ("we", "our", "us") is committed to protecting the privacy of families using our platform. This policy explains what data we collect, why we collect it, and how you can control it.

1. Data We Collect

Data typePurposeRequired?
Phone numberAccount authentication via OTPYes
Email addressAccount verification & email notificationsYes
Full nameUser identification within family groupYes
Date of birthProfile — not shared externallyOptional
AddressProfile — not shared externallyOptional
Children's names & datesFamily management featuresYes
Custody schedulesCalendar & transfer remindersYes
Health & medication dataHealth tracking featuresOptional
Contacts (name, phone, email)Family contact directoryOptional
Push notification tokensDevice push notificationsOptional
Device fingerprintSecurity — detecting new devicesYes
WebAuthn credential IDBiometric app lock (stored locally)Optional

We do not sell your data to third parties. We do not use it for advertising.

2. How We Use Your Data

  • Provide and operate the Ordyn+ service
  • Send authentication codes via SMS and email
  • Deliver in-app, push, and email notifications you configure
  • Generate custody reminders, medication alerts, and task notifications
  • Sync data between co-parents within the same family group
  • Detect new devices and protect your account security

3. Data Sharing

Your data is shared only with:

  • Co-parents in your family group — family data is visible to all members you invite
  • Twilio — SMS OTP delivery (phone number only)
  • Firebase (Google) — push notification delivery (token only, no message content stored)
  • Your email provider — notification emails delivered via SMTP
  • Vercel / PostgreSQL hosting — infrastructure providers under strict data-processing agreements

We never share data with data brokers, advertisers, or any party outside those listed above.

4. Passkey & Biometric Security

4.1 Why We Recommend Passkeys

Ordyn+ uses WebAuthn / FIDO2 passkeys for app locking. A passkey provides device-bound authentication using your fingerprint, Face ID, or device PIN — no password to forget or leak, and bank-level security for your family data.

4.2 Risks of Not Using a Passkey

Without a passkey, your app is protected only by your device's screen lock. Anyone who gains access to your unlocked phone can view all family data, modify custody schedules, and access health information. We strongly recommend enabling passkey protection.

4.3 Your Choice

Passkey setup is optional. Users who choose not to set up a passkey acknowledge the security risks. The WebAuthn credential ID is stored locally on your device only — it is never transmitted to our servers.

5. Children's Privacy (COPPA)

Ordyn+ is designed for parents and guardians, not for use by children. We do not knowingly collect personal information directly from children under 13. Data about children (names, dates of birth, health information) is entered by parents/guardians and used solely to provide family management features.

If you believe a child under 13 has directly created an account, please contact us at support@ordynplus.com and we will delete the account promptly.

6. Your Rights Under GDPR (EU Users)

If you are in the European Union, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and all associated data
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — at any time, without affecting prior lawful processing

Legal basis for processing: contract performance (Art. 6(1)(b) GDPR) for core features; consent (Art. 6(1)(a)) for optional notifications.

To exercise any right, email our Data Protection Officer: dpo@ordynplus.com

7. Your Rights Under LGPD (Brazil — Lei 13,709/2018)

If you are in Brazil, you have the right to:

  • Confirmação — confirm whether your data is processed
  • Acesso — access your personal data
  • Correção — correct incomplete or inaccurate data
  • Anonimização / Bloqueio / Eliminação — anonymise, block, or delete unnecessary data
  • Portabilidade — receive your data in an interoperable format
  • Informação sobre compartilhamento — know with whom your data is shared
  • Revogação do consentimento — withdraw consent at any time

Legal basis: consent (Art. 7, I) and contract execution (Art. 7, V).

Contact our Data Protection Officer (Encarregado): dpo@ordynplus.com

8. Data Retention

  • Account data is retained while your account is active
  • Notification logs are retained for 90 days then auto-deleted
  • Session tokens expire automatically (15 min access tokens; refresh tokens per device type)
  • On account deletion, all personal data is erased within 30 days

9. International Data Transfers

Your data may be processed outside your country of residence (e.g. on servers in the United States). Where required, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and equivalent mechanisms under LGPD, to lawfully transfer data internationally.

10. Security Measures

  • All data transmitted over HTTPS / TLS 1.3
  • Passwords are never stored — authentication is OTP-only
  • WebAuthn / FIDO2 passkeys for local biometric app lock
  • Short-lived JWT access tokens (15 min) with per-device refresh tokens
  • New device alerts sent automatically to the account owner
  • Remote session revocation available from Settings → Privacy & Security

11. Contact Information

Support: support@ordynplus.com

Data Protection Officer (DPO / Encarregado): dpo@ordynplus.com

12. Changes to This Policy

We may update this policy as the app evolves. When we make material changes we will update the effective date above and notify users via in-app notification. Continued use of Ordyn+ after the effective date constitutes acceptance of the updated policy.

Ordyn+ · April 27, 2026 · ← Back