Privacy Policy

Last updated: April 12, 2026

Orqida ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

Orqida is the data controller responsible for your personal data. For questions about this policy or your data, contact us at hello@example.com.

2. Information We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide

  • Account Information: Name, email address, password (hashed), timezone preference
  • Organization Data: Organization name, billing information, team member details
  • Support Communications: Content of support tickets and feedback you submit
  • Profile Information: Optional profile details such as phone number and job title

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions performed within the Service
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Log Data: Server logs, error reports, access timestamps
  • Cookies: See Section 7 for our cookie policy

2.3 Third-Party Data

  • Microsoft Entra ID Data: Directory synchronization metadata accessed through authorized service principals (tenant IDs, sync job statuses, configuration schemas). We do not access or store user passwords or authentication credentials from your directory.

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve our cloud sync management platform
  • Account Management: To create and manage your account, process subscriptions, and handle billing
  • Communication: To send transactional emails, security alerts, and service notifications
  • Support: To respond to your requests, troubleshoot issues, and provide customer service
  • Security: To detect, prevent, and address fraud, abuse, and security incidents
  • Analytics: To understand usage patterns and improve the Service (with your consent where required)
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to fulfill our service agreement with you
  • Legitimate Interests: Processing for our legitimate business interests, such as security and service improvement, where those interests are not overridden by your rights
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, analytics cookies)
  • Legal Obligation: Processing required to comply with applicable laws

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and sensitive data at rest
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Database backups with secure storage
  • Employee access restricted on a need-to-know basis

Your data is stored on secure servers. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

6. Data Sharing and Transfers

We do not sell your personal data. We may share your data with:

  • Service Providers: Third-party vendors who assist in operating the Service (hosting, payment processing, email delivery), bound by data processing agreements
  • Microsoft: To facilitate Entra ID Cloud Sync operations as authorized by you
  • Legal Requirements: When required by law, regulation, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

7. Cookies

We use cookies and similar technologies to operate the Service and enhance your experience. Our cookies fall into the following categories:

  • Essential Cookies: Required for the Service to function (session management, CSRF protection, authentication). These cannot be disabled.
  • Analytics Cookies: Help us understand how you use the Service to improve it (opt-in only)
  • Marketing Cookies: Used to deliver relevant content and measure campaign effectiveness (opt-in only)

You can manage your cookie preferences at any time through our Cookie Policy page or the cookie consent banner displayed when you first visit the site.

8. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@example.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the Service. After account termination:

  • Account data is retained for 30 days for data export, then soft-deleted
  • Audit logs are retained for compliance purposes as required by law
  • Anonymized analytics data may be retained indefinitely
  • Backup data is purged according to our backup retention schedule

10. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

hello@example.com