SignalsβMarketsOrderbook AnalyticsBlogPricing

Privacy Notice

Last updated: June 26, 2026. This Privacy Notice is provided for purposes of the GDPR and related EEA/UK data protection laws. It describes the categories of personal data processed in connection with Ordiax, the purposes and legal bases for processing, recipients, retention, transfers, and available rights.

1. Controller and Contact

The operator of Ordiax is the controller for personal data processed in connection with the service unless a separate notice or agreement identifies another controller. Privacy questions and rights requests may be sent to contact@ordiax.com.

2. Personal Data We Process

  • Account and identity data, including email address, account identifier, role, plan, status, and entitlement metadata.
  • Authentication and security data, including session state, sign-in events, access logs, token-related events, and abuse-prevention signals.
  • Technical data, including IP address, browser and device information, timestamps, request metadata, diagnostics, and error logs.
  • Usage and preference data, including selected markets, filters, viewed product areas, AI-analysis requests, and display preferences such as qb_theme_mode.
  • Billing and subscription data, including customer, checkout, invoice, cancellation, and subscription identifiers where paid services are used.
  • Support, compliance, and rights-request records, including messages, request metadata, and verification records.

3. How We Collect Data

  • Directly from you when you create an account, authenticate, request support, manage billing, or exercise legal rights.
  • Automatically when you access the website, product, protected routes, APIs, authentication flows, or security-relevant functionality.
  • From processors and service providers supporting authentication, hosting, infrastructure, analytics requested by users, payments, email, and support operations.

4. Purposes and Legal Bases

  • Creating accounts, authenticating users, providing protected features, applying entitlements, and responding to user requests: GDPR Art. 6(1)(b).
  • Processing subscriptions, payments, invoices, cancellations, tax records, and billing disputes where paid services are used: GDPR Art. 6(1)(b) and Art. 6(1)(c).
  • Maintaining security, preventing abuse, enforcing access controls, investigating incidents, debugging errors, and preserving service reliability: GDPR Art. 6(1)(f).
  • Complying with legal, tax, accounting, regulatory, sanctions, dispute, and official-request obligations: GDPR Art. 6(1)(c).
  • Maintaining records, asserting or defending legal claims, and protecting Ordiax, users, and third parties: GDPR Art. 6(1)(f).
  • Operating non-essential analytics, advertising, or personalization technologies if introduced in the future: GDPR Art. 6(1)(a).

5. Processors and Recipients

Personal data may be disclosed to processors and recipients only as necessary for the purposes described in this Notice. Categories of recipients include authentication and database providers, cloud hosting and infrastructure providers, payment and merchant-of-record providers, email or support providers, security and logging providers, AI/report-generation infrastructure providers where user-requested reports are generated, professional advisers, public authorities where legally required, and parties involved in a corporate transaction or legal claim. Ordiax does not sell personal data.

6. International Transfers

Some recipients may process personal data outside the EEA, UK, or Switzerland. Where required, transfers are made under an adequacy decision, Standard Contractual Clauses, the UK International Data Transfer Addendum or equivalent mechanism, or another lawful transfer basis, together with supplementary safeguards where appropriate.

7. Retention

  • Account records are retained while the account remains active and thereafter as necessary for deletion handling, security, dispute resolution, legal claims, or compliance.
  • Billing, tax, invoice, and transaction records are retained for statutory accounting, tax, audit, and dispute periods.
  • Security, access, diagnostic, and incident logs are retained for limited periods determined by operational need, legal risk, and security requirements.
  • Support, compliance, and rights-request records are retained for the duration of the matter and any applicable statutory limitation period.

8. Security Measures

  • Encryption in transit and provider-supported encryption at rest where available.
  • Authentication, authorization, and access-control measures for protected routes, APIs, and operational systems.
  • Least-privilege access practices for service administration where operationally applicable.
  • Logging, monitoring, backup, and incident-handling measures designed to detect and investigate abuse, failures, and security events.

9. Your Rights

Subject to applicable conditions and exemptions, you may have the right to request access, rectification, erasure, restriction, portability, and objection. Where processing is based on consent, you may withdraw consent at any time without affecting processing already carried out before withdrawal. Requests should be sent to contact@ordiax.com. Ordiax will normally respond within one month, subject to identity verification and lawful extensions for complex or numerous requests.

10. Complaints and Supervisory Authorities

You may contact Ordiax first at contact@ordiax.com. You also have the right to lodge a complaint with a competent supervisory authority in the EEA or UK, in particular in the country where you live, work, or believe an infringement occurred.

11. Automated Decision-Making

Ordiax does not use solely automated decision-making that produces legal effects concerning users or similarly significant effects within the meaning of GDPR Art. 22. Product analytics, scoring, signals, and AI-assisted summaries are informational outputs and do not make binding decisions about users.

12. Changes to This Notice

Ordiax may update this Privacy Notice to reflect legal, technical, or operational changes. The updated version applies from the stated last-updated date unless additional notice or consent is required by law.

© 2026 Ordiax.Orderbook analytics powered by Ordiax.
TermsPrivacyCookies