CoordOS CoordOSConstruction Office

Legal

Privacy Policy

Effective May 7, 2026 · Version 0.1

1. Who we are

This policy is provided by CoordOS, Inc. ("CoordOS," "we," "us," or "our"), a Delaware corporation. You can reach our privacy team at privacy@coordos.ai or by mail at the address in Section 15.

2. What this policy covers

This policy applies when you use:

  • The CoordOS website at coordos.ai
  • The CoordOS portal at app.coordos.ai
  • Our APIs at api.coordos.ai
  • The dedicated WhatsApp / SMS number we provision for your tenant via Twilio
  • The agents that, with your authorization, act inside your QuickBooks Online, Google Workspace, and (if you separately authorize) Gmail

This policy does NOT apply to third-party services we link to or services you connect (Intuit, Google, Microsoft, Twilio, Stripe, etc.). Each has its own privacy policy.

3. What information we collect

3.1 Information you give us directly

  • Account info: name, email, company name, role at signup
  • Payment info: processed by Stripe; we never store card numbers
  • Phonebook: contact entries you add for crew, vendors, customers, homeowners
  • Approval decisions: which proposed actions you approve, modify, or reject
  • Configuration: workflow template, vendor rules, approver routing, copy preferences
  • Communications: if you contact us by email, chat, or phone

3.2 Information from connected services (only with your consent)

  • QuickBooks Online: customers, vendors, accounts, items, classes, departments, bills, invoices, purchases, payments, time activities, financial reports. We read; we never write without your explicit signed approval.
  • Google Drive: files in folders you authorize CoordOS to access via the drive.file scope. We cannot see Drive content outside those folders.
  • Gmail (only if you separately grant the scope): message metadata and content of email threads in inboxes you authorize.
  • WhatsApp / SMS (Twilio): inbound and outbound messages on the CoordOS number provisioned for your tenant.

3.3 Information we generate

  • Bill triage extractions (vendor, amount, date, line items, project mapping)
  • Approval batch records (NL summary, structured operations, before/after diff, KMS signature)
  • Address Learning Board mappings (bill-text address → QBO customer/project)
  • Vendor rule learnings
  • Activity logs of agent actions
  • Calibration data (anonymized; see Section 8)

3.4 Technical information we collect automatically

  • IP address, browser type, OS, device identifiers (for fraud prevention and diagnostics only)
  • Pages visited, features used, error events (essential to operate the service)
  • We do NOT use third-party advertising trackers, behavioral pixels, or web beacons.

4. How we use it

  • Operate the service you signed up for
  • Authenticate you and authorize agents to act on your behalf within scopes you granted
  • Improve our agents' accuracy via per-tenant learning (saved as files in your Drive that you can edit)
  • Generate cross-tenant anonymous patterns (Section 8)
  • Monitor for security incidents and abuse
  • Comply with legal obligations and respect lawful requests
  • Communicate with you about service changes, security incidents, billing, or support

We do not use your data to train AI models for other customers' benefit beyond the anonymous pattern library described in Section 8. Your bills, your customers, your project P&Ls never enter a model that benefits another tenant directly.

5. Where it lives

  • Customer-facing artifacts (extractions, approvals, reports, learnings) live in your Google Drive in your account.
  • Operational state (sessions, cache, search index, approval queue pointers) lives in our Google Firestore in the GCP region you select (default: us-central1; Canadian customers default to northamerica-northeast2 / Toronto; EU customers default to europe-west1 / Belgium).
  • Audit ledger lives in our Google BigQuery, append-only, retained 7 years.
  • OAuth refresh tokens live in our Google Secret Manager, encrypted with a Customer-Managed Encryption Key unique to your tenant.

6. Who we share it with

See our Sub-Processor List for the complete current list of vendors that process your data on our behalf.

We share information only with:

  1. Sub-processors operating the service (Google Cloud, Anthropic, OpenAI, Twilio, Stripe, Intuit, Sendgrid, Cloudflare, etc.). Each is bound by data processing agreements meeting GDPR Article 28 standards or equivalent.
  2. Law enforcement or governmental authorities under valid legal process. We notify the affected customer unless legally prohibited.
  3. Your authorized service providers when you direct us to share.
  4. A successor entity in the event of merger, acquisition, asset sale, or bankruptcy, bound to honor this Privacy Policy or provide equivalent or stronger protection. We notify you 30 days before any such transfer.

We do not sell your personal information. We have not sold personal information in the previous 12 months.

7. How long we keep it

  • Active tenant: for as long as you remain a customer.
  • Day 0 of cancellation: OAuth tokens revoked immediately at the third-party provider; agent activity stops in your tenant.
  • Days 0–30 after cancellation: read-only access to app.coordos.ai/admin/export for self-service data export.
  • Days 30–90: operational data hard-deleted within 30 days. Cold-storage backups expire on standard rotation (max 30 days).
  • Audit ledger: 7 years total retention. Contains event metadata only — no document content. Tenant identifier is hashed.
  • Anonymous pattern library contributions: remain aggregated under k-anonymity ≥10, in non-identifiable form.
  • Your Google Drive contents: you keep them. We never delete or modify them on cancellation.

8. Anonymous pattern library

We aggregate vendor-name-to-category mappings, common workflow patterns, and similar non-identifying patterns across all customers. Strict rules:

  • K-anonymity ≥10: a pattern enters the library only if 10+ tenants share it.
  • No customer content: vendor names yes; bill amounts, addresses, customer names, project names — no.
  • No personal information: ever.
  • Opt-out anytime: at app.coordos.ai/settings/privacy. Default is on; off for tenants in regulated industries.

9. Your rights

Depending on your jurisdiction, you may have these rights:

  • Access: Download all your operational data via app.coordos.ai/admin/export. Your Drive data is already in your Drive.
  • Correction: Edit your phonebook + learnings directly in your Drive _system/ folder. For account info, edit at app.coordos.ai/settings.
  • Deletion: Cancel your account or email privacy@coordos.ai with subject GDPR Right to Erasure (or CCPA Delete Request). We respond within 30 days.
  • Portability: Operational data export is human-readable JSON + CSV.
  • Objection / Restrict processing: Opt out of the pattern library above; restrict processing for legitimate-interest grounds by emailing privacy@coordos.ai.
  • Lodge a complaint: with your local data protection authority.

California residents (CCPA / CPRA): you also have the right to know what personal information we collect, the right to non-discrimination, and the right to limit use of sensitive personal information. Email privacy@coordos.ai with subject CCPA Request.

EU / UK / Swiss residents: see Section 12 for international transfer protections; we appoint an EU representative once we sign our first EU customer.

10. Cookies and tracking

  • coordos.ai (marketing site) uses essential cookies for session preferences. No analytics or advertising cookies.
  • app.coordos.ai (the portal) uses Identity Platform auth cookies. No third-party tracking.
  • We do not use Google Analytics, Facebook Pixel, or similar third-party trackers.
  • Cookie consent banner appears for EU / UK / Swiss visitors per ePrivacy Directive requirements.

11. Security

See our Security overview for technical detail. Summary: TLS 1.3 in transit; AES-256 at rest with per-tenant CMEK; OAuth refresh tokens isolated in a dedicated Token Broker (not exposed to LLMs or staff); every QBO/Drive/Gmail write requires a KMS-signed approval batch; audit-logged actions, append-only, 7-year retention; SOC 2 Type II in progress (expected 2027).

12. International transfers

If you are in the EU, UK, or Switzerland and your data is processed in the United States or another country lacking an adequacy decision:

  • We rely on Standard Contractual Clauses (SCCs) as the lawful transfer mechanism, including the EU 2021 SCCs and the UK International Data Transfer Addendum where applicable.
  • We have signed Data Processing Agreements with each sub-processor that includes SCCs where the sub-processor is outside the EEA.
  • For US transfers specifically, our sub-processors that participate in the EU–US Data Privacy Framework (DPF) rely on it as an additional safeguard.
  • You may request a copy of our SCC arrangements with any specific sub-processor by emailing privacy@coordos.ai.

13. Children

CoordOS is not intended for or marketed to children under 16 (under 13 in the United States). We do not knowingly collect personal information from children. If you believe we have, email privacy@coordos.ai and we will delete it.

14. Changes to this policy

We may update this policy from time to time. For material changes we will:

  • Notify you via email + portal banner at least 30 days before the change takes effect
  • Update the Effective date at the top
  • Keep the prior version accessible at coordos.ai/privacy/v/<date> for buyer audit purposes

For non-material changes (typos, formatting, link updates), we may update without notice.

15. Contact us

  • Privacy questions or requests: privacy@coordos.ai
  • Data Protection Officer: to be appointed before our first EU customer signs; contact in the meantime via privacy@coordos.ai
  • Postal address: CoordOS, Inc., Wilmington, DE, USA (updated to registered office at incorporation)
  • EU representative: appointed under GDPR Article 27 before we sign our first EU customer