PrivacyPolicy

Policy Scope

This Privacy Policy explains how OORG Systems collects, uses, stores, discloses, and protects personal data and business data when people access the OORG landing experience, create an account, join a workspace, use the OORG web application, interact with the OORG API, connect third-party integrations, or deploy OORG Desktop.

Services covered

• Public marketing and documentation pages
• Workspace onboarding, authentication, and account recovery
• CRM, organization, attendance, leave, project, notification, search, and reporting workflows
• Google, WhatsApp, Facebook, payment, storage, and messaging integrations
• OORG Desktop features that support activity visibility, screenshot policies, and workspace-authenticated sync

Controller and customer roles

OORG acts as a service provider for workspace data that customers choose to upload, organize, or process in the platform. Each workspace administrator is responsible for configuring access, determining lawful use inside the organization, and ensuring that team members are informed about business policies that apply to their use of the service.

Information OORG Collects

OORG collects information that users provide directly, information created through platform usage, and limited technical data required to secure and operate the service.

Account and identity data

• Name, email address, password credentials, profile image, and authentication records
• Organization, department, role, branch, reporting structure, and employee profile information
• OTP verification records, password reset events, session state, and security confirmations

Business and operational data

• Leads, contacts, pipeline records, notes, tasks, projects, milestones, tickets, comments, chats, notifications, attendance events, leave records, settings, and uploaded files
• Messages, templates, campaigns, inbox data, and connection details used for supported business integrations
• Billing, subscription, invoicing, and transaction metadata needed to manage commercial relationships

Device, usage, and security data

• IP address, browser type, operating system, timestamps, access logs, request metadata, and diagnostics used to keep the service available and secure
• Activity data generated inside the product, such as workflow actions, audit-related events, and synchronization history

Desktop activity visibility data

When a customer enables OORG Desktop, the service may process data such as activity levels, idle status, active window context, configured screenshot captures, session intervals, and related sync events. These features are controlled by workspace settings and are intended for legitimate employment, operations, productivity, or compliance use cases determined by the customer organization.

How OORG Uses Information

OORG uses information to deliver the service, secure accounts, support customer workflows, improve product quality, and comply with legal obligations.

Primary purposes

• Create, authenticate, and administer accounts and workspaces
• Deliver CRM, HR, project, attendance, communication, notification, and reporting capabilities
• Process customer requests, support tickets, onboarding flows, and transactional emails
• Prevent fraud, spam, abuse, unauthorized access, and service instability
• Maintain logs, backups, diagnostics, and operational security controls
• Provide billing, subscription, renewal, and payment-related administration

Product improvement and analytics

OORG may analyze aggregated or de-identified usage patterns to understand adoption, feature reliability, operational performance, and service quality. OORG does not use customer workspace content for advertising.

Google Data and Connected Integrations

OORG allows customers to connect approved third-party services when they choose to enable those workflows.

Google integrations

If a user authorizes Google access, OORG may receive profile details, email identity, tokens, scopes, and calendar-related data needed to support features such as sign-in, account linking, Google Calendar coordination, and Google Meet scheduling.

Limited use commitment

Google user data obtained through Google APIs is used only to provide or improve user-facing features requested by the customer, to maintain security, and to comply with law. OORG does not sell Google user data and does not use Google Workspace APIs to develop, improve, or train generalized artificial intelligence or machine learning models.

Other integrations

OORG may process data required to connect official providers such as Meta and WhatsApp services, payment processors, cloud storage providers, email delivery providers, notification infrastructure, and authentication or hosting partners. Each connected service remains subject to its own terms and privacy practices.

Cookies, Sessions, and Similar Technologies

OORG uses cookies, tokens, local storage, and similar technologies to keep users signed in, protect sessions, remember workspace context, maintain preferences, measure essential traffic, and support secure product operation.

Operational purposes

• Authentication and session continuity
• Security checks and abuse prevention
• Workspace routing and user preferences
• Reliability monitoring and service diagnostics

Users can manage certain browser-level controls, but blocking essential storage may reduce or prevent access to core features.

How OORG Shares Information

OORG limits disclosure of information to what is necessary for the service, customer instructions, legal compliance, and security operations.

OORG may share information with

• Service providers that support hosting, infrastructure, authentication, email, storage, customer support, analytics, payments, or security
• Workspace administrators and authorized users based on the permissions and workflows configured inside a customer account
• Integration partners when a customer explicitly connects and uses those services
• Professional advisers, auditors, or transaction counterparties under appropriate confidentiality obligations
• Government, law enforcement, or regulators when disclosure is required by law, valid legal process, or to protect rights, safety, or platform integrity

OORG does not sell personal data in the ordinary course of business.

Data Retention

OORG retains information for as long as needed to provide the service, satisfy customer instructions, maintain records, resolve disputes, enforce agreements, and meet legal, tax, accounting, or security obligations.

Retention factors

• Whether the workspace remains active
• Whether the information is needed for support, security, or audit purposes
• Whether applicable law requires longer retention
• Whether deletion would interfere with a legitimate unresolved issue

Customers may request deletion of workspace data subject to contractual, legal, operational, and backup-related limitations.

Security Measures

OORG uses administrative, technical, and organizational measures designed to protect data against unauthorized access, disclosure, alteration, and destruction.

Security controls include

• Encrypted transport for data in transit
• Access controls and role-based permissions
• Authentication safeguards, verification flows, and session controls
• Logging, monitoring, and operational review processes
• Vendor management and environment-level safeguards appropriate to the service

No platform can guarantee absolute security. Customers should also maintain strong internal password, device, and access management practices.

International Processing

OORG and its service providers may process data in jurisdictions other than the user or customer location. Where cross-border processing occurs, OORG takes commercially reasonable steps to apply appropriate safeguards consistent with the nature of the service and applicable law.

User Rights and Choices

Depending on applicable law, users may have rights to request access to, correction of, deletion of, restriction of, or objection to certain processing of their personal data.

How requests are handled

• Workspace-related requests may need to be directed through the relevant customer administrator first
• OORG may verify identity before acting on a request
• Certain requests may be limited where data must be retained for security, legal, contractual, or operational reasons

Children

OORG is designed for business and professional use and is not directed to children under 18. OORG does not knowingly collect personal data from children for consumer use of the service.

Policy Updates

OORG may update this Privacy Policy from time to time to reflect changes in the service, law, integrations, or operational practices. Material updates will be reflected through the published version of this policy and, where appropriate, through additional notice.

Contact

Questions, privacy requests, or verification inquiries may be sent to sales@oorg.io. Customers using OORG Desktop or connected integrations should include the relevant workspace name, environment, and integration details so the request can be reviewed accurately.