Last updated: 11 June 2026 · Applicable to all Ordops users
🔒 Ordops only processes personal data that is necessary for the provision of the service. We never sell your data to third parties and do not use it for third-party marketing purposes.
Data controller:
Ordops (trade name)
Sole proprietorship registered with the Chamber of Commerce, the Netherlands
Chamber of Commerce (KvK): 42078127
VAT number: NL005488124B36
Email: privacy@ordops.com
Website: ordops.com
Ordops is a Software-as-a-Service platform for contractors in Europe. As data controller, we determine the purpose and means of processing your personal data.
For the personal data of third parties that you enter into Ordops (your employees, clients, subcontractors), you are yourself the data controller and we act as processor. A data processing agreement (DPA) is available on request.
Payments are processed by Mollie B.V. We do not store complete payment details. We only receive a payment status and a payment reference from Mollie.
| Purpose | Description |
|---|---|
| Service delivery | Creating account, granting access, storing and displaying data |
| Communication | Confirmation emails, team member invitations, quote emails |
| Payment | Processing subscription, invoice administration |
| Security | Preventing fraud, detecting unauthorised access |
| Improvement | Anonymous usage statistics via Google Analytics 4 and behaviour analytics on public website pages via Microsoft Clarity, only with analytics consent, for product and conversion improvement |
| Legal obligations | Fiscal retention requirements, GDPR requirements |
| Category | Retention period | Reason |
|---|---|---|
| Account data | Up to 90 days after account deletion | Recovery option |
| Projects, tasks, quotes | Up to 90 days after account deletion | Usage data |
| Invoice data | 7 years | Fiscal retention requirement |
| Technical logs | 90 days | Security and debugging |
| Emails sent from platform | 30 days (logs) | Error handling |
We share your data exclusively with the following categories of processors and only to the extent necessary:
| Party | Purpose | Country |
|---|---|---|
| One.com | Application and data hosting | EU (DK) |
| Mollie B.V. | Payment processing | Netherlands |
| Cloudflare | DNS, SSL, DDoS protection | EU proxy |
| Microsoft Clarity | Behaviour analytics, heatmaps and session recordings on public website pages, only after analytics consent | EU / US with appropriate safeguards |
We never sell your personal data to third parties. We do not share your data with advertisers or other commercial parties.
Data processing agreements compliant with GDPR requirements have been concluded with all processors.
Ordops allows users to optionally connect their Google Calendar or Microsoft Outlook Calendar to improve project planning and prevent scheduling conflicts. If you choose to authorise this connection, Ordops requests read-only access (such as calendar.readonly for Google or Calendars.Read for Microsoft) to your selected calendar.
| Aspect | Detail |
|---|---|
| Use | We use this read-only access strictly to align your personal availability with the Ordops project calendar. We only read availability data to prevent double-booking. We cannot edit, create, or delete your personal events. |
| Storage & sharing | Your calendar data is securely processed solely to determine availability. It is never shared with, sold to, or transferred to any third-party services, data brokers, or advertising platforms. |
| Limited use compliance | Ordops's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Similarly, data obtained via Microsoft Graph APIs complies with Microsoft Entra ID privacy policies and is restricted to the minimum scopes necessary for synchronisation. |
Cookies are small text files stored on your device when you visit our website.
Ordops uses Google Analytics 4 and Google Tag Manager from Google LLC (US), and may use Microsoft Clarity from Microsoft Corporation for heatmaps and session recordings on public website pages. Analytics data is used to understand website conversion and improve the service. Clarity is configured with masking and is not used to record authenticated app pages in this first setup. More info: Google Privacy Policy and Microsoft Privacy Statement.
| Cookie | Type | Purpose | Retention |
|---|---|---|---|
| ordops_session | Functional (necessary) | Stay logged in | Session |
| ordops_lang | Functional (necessary) | Remember language preference | 1 year |
| ordops_cookie_consent | Functional (necessary) | Store cookie consent | 1 year |
| _ga | Analytical | Distinguish unique visitors (anonymised) | 2 years |
| _ga_* | Analytical | Track session status | 2 years |
| _gtm | Functional | Tag management for analytics | Session |
| _clck | Analytical | Microsoft Clarity visitor and heatmap analytics on public pages | Up to 1 year |
| _clsk | Analytical | Microsoft Clarity session analytics on public pages | Up to 1 day |
Google Analytics is configured with IP anonymisation. Microsoft Clarity is used only for analytics such as heatmaps and session recordings on public website pages and is configured to mask sensitive content. No personal data is shared with Google or Microsoft for advertising purposes. You can refuse analytics cookies via the cookie banner on your first visit.
You can refuse or delete cookies via your browser settings. Functional cookies are required for the correct functioning of the service.
Your data is stored on servers within the European Economic Area (EEA). We do not transfer your personal data to countries outside the EEA without appropriate safeguards.
Cloudflare processes traffic data via servers worldwide but does not store personal data outside the EEA. Cloudflare is certified under the EU-US Data Privacy Framework.
We take appropriate technical and organisational measures to secure your personal data:
In the event of a data breach that poses risks to data subjects, we will notify the Dutch Data Protection Authority within 72 hours and data subjects as soon as possible.
You have the right to access the personal data we process about you.
You can request correction of inaccurate or incomplete data.
You can request deletion of your data ("right to be forgotten").
You can request restriction of the processing of your data.
You can request your data in a machine-readable format.
You can object to processing based on legitimate interest.
To exercise your rights, please send a request to privacy@ordops.com. We will respond within 30 days. We may ask you to verify your identity.
If you believe that we are not processing your personal data correctly, we ask you to first contact us via privacy@ordops.com.
You also have the right to lodge a complaint with the supervisory authority. In the Netherlands this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority):
Autoriteit Persoonsgegevens
PO Box 93374, 2509 AJ The Hague, Netherlands
autoriteitpersoonsgegevens.nl
Tel: +31 88 1805 250
We reserve the right to amend this Privacy Policy. In the event of material changes, we will inform you by email at least 30 days before the effective date.
The most recent version is always available at ordops.com/privacy.html.