Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Effective Date: February 1, 2026

Last Updated: January 31, 2026

Quick Navigation

Information We Collect Legal Basis for Processing How We Use Your Information AI and Automated Processing Data Sharing Data Location Data Retention Your Rights Information for EEA/UK Residents

1. Introduction and Data Practices

This Privacy Policy describes how Exordia Cloud LLC ("Exordia," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our B2B SaaS platform for consulting discovery workshops (the "Service").

This policy is provided in accordance with the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), and other applicable US privacy laws.

Data Practices Contact

Exordia Cloud LLC
Email: admin@exordiacloud.com

2. Information We Collect

We collect information that you provide directly to us, information collected automatically when you use the Service, and information from third-party sources. The categories of personal information we have collected in the preceding 12 months include:

2.1 Account Information

When you create an account, we collect:

Name and email address
Profile information (optional, such as profile picture)
Organization name and role
Authentication credentials (managed securely via OAuth providers)

2.2 Business Content (Customer Data)

When you use the Service, you may submit:

Workshop notes and session content
Discovery templates and questions
Requirements and user stories
Project and client information
Stakeholder details and contact information

Note: This content may contain personal data of third parties (e.g., your clients' stakeholders). You are responsible for ensuring you have appropriate consent or legal basis to share such information.

2.3 Usage and Analytics Data

We automatically collect:

Log data (IP addresses, browser type, device information, pages visited)
Usage patterns and feature interactions
Performance metrics and error reports
Session duration and navigation paths

2.4 AI Processing Data

When you use AI features, we process:

Input content you submit for AI processing
AI-generated outputs
Usage metrics (tokens consumed, operations performed)

2.5 Communications

We collect information when you:

Contact our support team
Submit feedback through the Service
Respond to surveys or communications

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contractual Necessity

To provide and maintain the Service, process your transactions, and fulfill our contractual obligations to you.

Examples: Account management, service delivery, customer support

Legitimate Business Interests

For our legitimate business interests, provided these do not override your fundamental rights.

Examples: Product improvement, security monitoring, fraud prevention, analytics

Legal Obligations

To comply with applicable laws, regulations, and legal processes.

Examples: Tax compliance, responding to lawful requests, audit requirements

Consent

Where you have given specific consent for particular processing activities.

Examples: Marketing communications, optional analytics, feedback surveys

4. How We Use Your Information

We use the information we collect to:

4.1 Provide and Improve the Service

Create and manage your account
Deliver the features and functionality you request
Process your workshop content through AI features
Provide customer support and respond to inquiries
Maintain and improve the Service's performance and security
Develop new features and services

4.2 Communications

Send service-related notifications (e.g., security alerts, updates)
Respond to your requests, comments, and questions
Send administrative information about your account

4.3 Analytics and Research

Analyze usage patterns to improve user experience
Generate aggregated, anonymized insights
Conduct research to enhance our products

4.4 Security and Compliance

Detect, prevent, and address technical issues
Protect against fraud, abuse, and security threats
Enforce our Terms of Service and policies
Comply with legal obligations

5. AI and Automated Decision-Making

The Service uses artificial intelligence and automated processing to enhance your experience. In accordance with applicable privacy laws, we provide the following disclosures:

5.1 AI Features We Use

Our AI features include:

Note Mapping: Automatically linking workshop notes to template questions
Requirements Generation: Creating user stories from workshop content
Template Enhancement: Suggesting improvements to discovery templates
Gap Analysis: Identifying missing coverage areas

5.2 Third-Party AI Providers

We use the following AI service providers:

Anthropic (Claude)

Purpose: Natural language processing for requirements generation and content analysis

Data Processed: Text content from workshops submitted by users

Location: United States

Google Cloud Vertex AI

Purpose: Machine learning models for content processing and analysis

Data Processed: Text content from workshops submitted by users

Location: United States

5.3 AI Data Handling

Important Notice

We do not use your data to train AI models. Your content is processed solely to generate outputs for your immediate use.
AI providers are contractually prohibited from using your data for model training.
AI outputs are suggestions only and require human review.
You may opt out of AI features and use the Service manually.

5.4 Your Rights Regarding Automated Processing

Under applicable privacy laws, you have the right to:

Request information about the logic involved in automated decisions
Object to automated processing in certain circumstances
Request human review of automated decisions
Opt out of AI features entirely

6. Data Sharing and Third-Party Recipients

We share your information only as described in this policy. We do not sell your personal information to third parties.

6.1 Service Providers (Subprocessors)

We engage third-party service providers to perform functions on our behalf. These providers have access to personal information only to perform their functions and are obligated to maintain confidentiality.

Provider	Purpose	Location
Google Cloud Platform	Infrastructure, hosting, database	United States
Anthropic	AI processing (Claude)	United States
Google Vertex AI	AI processing	United States
Google OAuth	Authentication	Global
SMTP Provider	Transactional email	Varies

6.2 Organization Members

If you use the Service as part of an Organization, other members of your Organization (particularly administrators) may access certain information about your account and activities.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal process (e.g., subpoenas, court orders)
Government requests that meet applicable legal requirements
Protection of our rights, privacy, safety, or property
Emergency situations involving potential threats to persons

6.4 Business Transfers

If Exordia is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

7. Data Location

All data is stored and processed in the United States. Our infrastructure, databases, and third-party service providers are located in US data centers.

7.1 Your Acknowledgment

By using the Service, you acknowledge that your information will be stored and processed in the United States. We take appropriate measures to ensure your data remains protected in accordance with this Privacy Policy.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Data Type	Retention Period	Basis
Account information	Duration of account + 30 days	Service provision
Workshop content	Duration of account + 30 days	Service provision
Usage logs	90 days	Security, debugging
AI usage records	12 months	Billing, compliance
Audit logs	90 days active; archived per legal requirements	Security, legal compliance
Backup data	30 days after deletion	Disaster recovery

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required for legal compliance or legitimate business purposes.

9. Information for EEA/UK Residents

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data. This section provides additional information required under Articles 13 and 14.

9.1 Lawful Basis for Processing

Performance of Contract (Art. 6(1)(b))

Processing necessary to provide the Service you have subscribed to.

Examples: Account creation, workshop functionality, AI processing of your content, customer support

Legitimate Interests (Art. 6(1)(f))

Processing necessary for our legitimate business interests, balanced against your rights.

Examples: Product improvement, security monitoring, fraud prevention, aggregated analytics

Legal Obligation (Art. 6(1)(c))

Processing necessary to comply with applicable laws and regulations.

Examples: Tax compliance, responding to lawful requests, audit log retention

Consent (Art. 6(1)(a))

Where you have given explicit consent for specific processing activities. You may withdraw consent at any time.

Examples: Marketing communications, optional analytics, feedback surveys

9.2 Data Protection Contact

For GDPR-related inquiries, you may contact our data protection point of contact:

Data Protection Contact
Exordia Cloud LLC
Email: admin@exordiacloud.com

9.3 Your GDPR Rights

In addition to the rights listed in Section 10, EEA/UK residents have the right to:

Right of Access

Art. 15

Obtain confirmation of whether we process your data and receive a copy of it.

Right to Rectification

Art. 16

Have inaccurate personal data corrected and incomplete data completed.

Right to Erasure

Art. 17

Request deletion of your personal data, subject to legal retention obligations.

Right to Restriction

Art. 18

Request restriction of processing in certain circumstances.

Right to Data Portability

Art. 20

Receive your data in a structured, machine-readable format.

Right to Object

Art. 21

Object to processing based on legitimate interests or for direct marketing.

9.4 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement. A list of EU Data Protection Authorities can be found on the European Data Protection Board website.

9.5 International Data Transfers

Your personal data may be transferred to and processed in the United States. For transfers of personal data from the EEA/UK to the United States, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with our subprocessors that include appropriate safeguards

You may request a copy of the safeguards in place by contacting us at the address above.

9.6 Automated Decision-Making

In accordance with GDPR Article 22, we inform you that the Service uses AI-assisted processing to generate requirements and map workshop notes. These outputs are recommendations only and are not used to make decisions that produce legal effects or similarly significantly affect you. All AI outputs require human review before use. You may opt out of AI features at any time.

9.7 Data Retention and Lawful Basis

We retain personal data only for as long as necessary for the purposes set out in this policy and as required by applicable law. When the lawful basis for processing is consent, we will delete or anonymize the data promptly upon withdrawal of consent, unless another lawful basis applies. See Section 8 for specific retention periods.

10. Your Rights

You have the following rights regarding your personal information:

10.1 Your Privacy Rights

Right to Know

Request disclosure of personal information collected, used, disclosed, or sold.

Right to Delete

Request deletion of personal information, subject to certain exceptions.

Right to Correct

Request correction of inaccurate personal information.

Right to Opt-Out

Opt out of the sale or sharing of personal information. Note: We do not sell personal information.

Right to Non-Discrimination

Not be discriminated against for exercising your privacy rights.

Right to Limit Use of Sensitive Personal Information

Limit use and disclosure of sensitive personal information.

California "Shine the Light" Law: California residents may request information regarding disclosure of personal information to third parties for direct marketing purposes.

10.2 Exercising Your Rights

To exercise any of these rights, please:

Email us at admin@exordiacloud.com
Use the account settings within the Service (for data export and deletion)

We will respond to your request within 45 days. We may need to verify your identity before processing your request.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Encryption

Data encrypted in transit (TLS 1.3) and at rest (AES-256)

Access Controls

Role-based access control and principle of least privilege

Infrastructure

Hosted on Google Cloud Platform with enterprise-grade security controls

Monitoring

Continuous security monitoring and incident response

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. For more information, please visit our Trust & Security page.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to provide functionality, analyze usage, and enhance your experience.

12.1 Types of Cookies We Use

Essential Cookies: Required for the Service to function (authentication, security, preferences). Cannot be disabled.
Analytics Cookies: Help us understand how users interact with the Service. Can be disabled in browser settings.

12.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. Note that disabling certain cookies may affect the functionality of the Service.

12.3 Do Not Track

We currently do not respond to "Do Not Track" signals. However, we honor Global Privacy Control (GPC) signals as opt-out requests where required by applicable law.

13. Children's Privacy

The Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at admin@exordiacloud.com, and we will take steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. If we make material changes, we will:

Post the updated policy on this page with a new "Last Updated" date
Notify you via email or through the Service at least 30 days before changes take effect
Obtain your consent where required by law

We encourage you to review this Privacy Policy periodically for any changes.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Exordia Cloud LLC

Privacy Inquiries: admin@exordiacloud.com

General Support: admin@exordiacloud.com

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable law.

← Back to Home

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Effective Date: February 1, 2026

Last Updated: January 31, 2026

Quick Navigation

Information We Collect Legal Basis for Processing How We Use Your Information AI and Automated Processing Data Sharing Data Location Data Retention Your Rights Information for EEA/UK Residents

1. Introduction and Data Practices

This policy is provided in accordance with the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), and other applicable US privacy laws.

Data Practices Contact

Exordia Cloud LLC
Email: admin@exordiacloud.com

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Name and email address
Profile information (optional, such as profile picture)
Organization name and role
Authentication credentials (managed securely via OAuth providers)

2.2 Business Content (Customer Data)

When you use the Service, you may submit:

Workshop notes and session content
Discovery templates and questions
Requirements and user stories
Project and client information
Stakeholder details and contact information

2.3 Usage and Analytics Data

We automatically collect:

Log data (IP addresses, browser type, device information, pages visited)
Usage patterns and feature interactions
Performance metrics and error reports
Session duration and navigation paths

2.4 AI Processing Data

When you use AI features, we process:

Input content you submit for AI processing
AI-generated outputs
Usage metrics (tokens consumed, operations performed)

2.5 Communications

We collect information when you:

Contact our support team
Submit feedback through the Service
Respond to surveys or communications

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contractual Necessity

To provide and maintain the Service, process your transactions, and fulfill our contractual obligations to you.

Examples: Account management, service delivery, customer support

Legitimate Business Interests

For our legitimate business interests, provided these do not override your fundamental rights.

Examples: Product improvement, security monitoring, fraud prevention, analytics

Legal Obligations

To comply with applicable laws, regulations, and legal processes.

Examples: Tax compliance, responding to lawful requests, audit requirements

Consent

Where you have given specific consent for particular processing activities.

Examples: Marketing communications, optional analytics, feedback surveys

4. How We Use Your Information

We use the information we collect to:

4.1 Provide and Improve the Service

Create and manage your account
Deliver the features and functionality you request
Process your workshop content through AI features
Provide customer support and respond to inquiries
Maintain and improve the Service's performance and security
Develop new features and services

4.2 Communications

Send service-related notifications (e.g., security alerts, updates)
Respond to your requests, comments, and questions
Send administrative information about your account

4.3 Analytics and Research

Analyze usage patterns to improve user experience
Generate aggregated, anonymized insights
Conduct research to enhance our products

4.4 Security and Compliance

Detect, prevent, and address technical issues
Protect against fraud, abuse, and security threats
Enforce our Terms of Service and policies
Comply with legal obligations

5. AI and Automated Decision-Making

The Service uses artificial intelligence and automated processing to enhance your experience. In accordance with applicable privacy laws, we provide the following disclosures:

5.1 AI Features We Use

Our AI features include:

Note Mapping: Automatically linking workshop notes to template questions
Requirements Generation: Creating user stories from workshop content
Template Enhancement: Suggesting improvements to discovery templates
Gap Analysis: Identifying missing coverage areas

5.2 Third-Party AI Providers

We use the following AI service providers:

Anthropic (Claude)

Purpose: Natural language processing for requirements generation and content analysis

Data Processed: Text content from workshops submitted by users

Location: United States

Google Cloud Vertex AI

Purpose: Machine learning models for content processing and analysis

Data Processed: Text content from workshops submitted by users

Location: United States

5.3 AI Data Handling

Important Notice

We do not use your data to train AI models. Your content is processed solely to generate outputs for your immediate use.
AI providers are contractually prohibited from using your data for model training.
AI outputs are suggestions only and require human review.
You may opt out of AI features and use the Service manually.

5.4 Your Rights Regarding Automated Processing

Under applicable privacy laws, you have the right to:

Request information about the logic involved in automated decisions
Object to automated processing in certain circumstances
Request human review of automated decisions
Opt out of AI features entirely

6. Data Sharing and Third-Party Recipients

We share your information only as described in this policy. We do not sell your personal information to third parties.

6.1 Service Providers (Subprocessors)

Provider	Purpose	Location
Google Cloud Platform	Infrastructure, hosting, database	United States
Anthropic	AI processing (Claude)	United States
Google Vertex AI	AI processing	United States
Google OAuth	Authentication	Global
SMTP Provider	Transactional email	Varies

6.2 Organization Members

If you use the Service as part of an Organization, other members of your Organization (particularly administrators) may access certain information about your account and activities.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal process (e.g., subpoenas, court orders)
Government requests that meet applicable legal requirements
Protection of our rights, privacy, safety, or property
Emergency situations involving potential threats to persons

6.4 Business Transfers

7. Data Location

All data is stored and processed in the United States. Our infrastructure, databases, and third-party service providers are located in US data centers.

7.1 Your Acknowledgment

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Data Type	Retention Period	Basis
Account information	Duration of account + 30 days	Service provision
Workshop content	Duration of account + 30 days	Service provision
Usage logs	90 days	Security, debugging
AI usage records	12 months	Billing, compliance
Audit logs	90 days active; archived per legal requirements	Security, legal compliance
Backup data	30 days after deletion	Disaster recovery

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required for legal compliance or legitimate business purposes.

9. Information for EEA/UK Residents

9.1 Lawful Basis for Processing

Performance of Contract (Art. 6(1)(b))

Processing necessary to provide the Service you have subscribed to.

Examples: Account creation, workshop functionality, AI processing of your content, customer support

Legitimate Interests (Art. 6(1)(f))

Processing necessary for our legitimate business interests, balanced against your rights.

Examples: Product improvement, security monitoring, fraud prevention, aggregated analytics

Legal Obligation (Art. 6(1)(c))

Processing necessary to comply with applicable laws and regulations.

Examples: Tax compliance, responding to lawful requests, audit log retention

Consent (Art. 6(1)(a))

Where you have given explicit consent for specific processing activities. You may withdraw consent at any time.

Examples: Marketing communications, optional analytics, feedback surveys

9.2 Data Protection Contact

For GDPR-related inquiries, you may contact our data protection point of contact:

Data Protection Contact
Exordia Cloud LLC
Email: admin@exordiacloud.com

9.3 Your GDPR Rights

In addition to the rights listed in Section 10, EEA/UK residents have the right to:

Right of Access

Art. 15

Obtain confirmation of whether we process your data and receive a copy of it.

Right to Rectification

Art. 16

Have inaccurate personal data corrected and incomplete data completed.

Right to Erasure

Art. 17

Request deletion of your personal data, subject to legal retention obligations.

Right to Restriction

Art. 18

Request restriction of processing in certain circumstances.

Right to Data Portability

Art. 20

Receive your data in a structured, machine-readable format.

Right to Object

Art. 21

Object to processing based on legitimate interests or for direct marketing.

9.4 Supervisory Authority

9.5 International Data Transfers

Your personal data may be transferred to and processed in the United States. For transfers of personal data from the EEA/UK to the United States, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with our subprocessors that include appropriate safeguards

You may request a copy of the safeguards in place by contacting us at the address above.

9.6 Automated Decision-Making

9.7 Data Retention and Lawful Basis

10. Your Rights

You have the following rights regarding your personal information:

10.1 Your Privacy Rights

Right to Know

Request disclosure of personal information collected, used, disclosed, or sold.

Right to Delete

Request deletion of personal information, subject to certain exceptions.

Right to Correct

Request correction of inaccurate personal information.

Right to Opt-Out

Opt out of the sale or sharing of personal information. Note: We do not sell personal information.

Right to Non-Discrimination

Not be discriminated against for exercising your privacy rights.

Right to Limit Use of Sensitive Personal Information

Limit use and disclosure of sensitive personal information.

California "Shine the Light" Law: California residents may request information regarding disclosure of personal information to third parties for direct marketing purposes.

10.2 Exercising Your Rights

To exercise any of these rights, please:

Email us at admin@exordiacloud.com
Use the account settings within the Service (for data export and deletion)

We will respond to your request within 45 days. We may need to verify your identity before processing your request.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Encryption

Data encrypted in transit (TLS 1.3) and at rest (AES-256)

Access Controls

Role-based access control and principle of least privilege

Infrastructure

Hosted on Google Cloud Platform with enterprise-grade security controls

Monitoring

Continuous security monitoring and incident response

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. For more information, please visit our Trust & Security page.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to provide functionality, analyze usage, and enhance your experience.

12.1 Types of Cookies We Use

Essential Cookies: Required for the Service to function (authentication, security, preferences). Cannot be disabled.
Analytics Cookies: Help us understand how users interact with the Service. Can be disabled in browser settings.

12.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. Note that disabling certain cookies may affect the functionality of the Service.

12.3 Do Not Track

We currently do not respond to "Do Not Track" signals. However, we honor Global Privacy Control (GPC) signals as opt-out requests where required by applicable law.

13. Children's Privacy

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. If we make material changes, we will:

Post the updated policy on this page with a new "Last Updated" date
Notify you via email or through the Service at least 30 days before changes take effect
Obtain your consent where required by law

We encourage you to review this Privacy Policy periodically for any changes.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Exordia Cloud LLC

Privacy Inquiries: admin@exordiacloud.com

General Support: admin@exordiacloud.com

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable law.

← Back to Home