Legal Document

Privacy Policy

Effective Date: May 2026 · Last Updated: May 2026
Issued by Mikestudio · ordodeskadmin@gmail.com

1

Introduction

Mikestudio ("we", "us", or "our") operates OrdoDesk, a SaaS-based Employee Management and Operational Workflow Platform (the "Platform"). We are committed to protecting the privacy and security of the personal data entrusted to us by the organisations and individuals who use our services.

This Privacy Policy explains how we collect, use, store, protect, and disclose personal data when you or your organisation accesses and uses the OrdoDesk Platform and its associated services (collectively, the "Services").

By accessing or using OrdoDesk, your organisation (and its authorised users) agrees to the practices described in this Privacy Policy. If you do not agree, you or your organisation should discontinue use of the Services.

2

Who We Are

OrdoDesk is a product of Mikestudio, incorporated and operating under the laws of India. Our Services are primarily made available to business organisations and their employees.

For privacy-related inquiries, please contact us at:

Privacy Team — OrdoDesk by Mikestudio
3

Scope of This Policy

This Privacy Policy applies to:

  • All organisational customers ("Organisations") that subscribe to OrdoDesk
  • All individual users ("Users") including Managers, Admins, and Employees, who are added to the Platform by their Organisation
  • All data processed through the OrdoDesk Platform, including tasks, meetings, Minutes of Meeting (MOM), team structures, comments, and notifications

OrdoDesk is a business-to-business (B2B) platform. Individual users do not sign up directly — access is granted by the Organisation. The Organisation is responsible for ensuring that its employees are made aware of this Privacy Policy.

4

Personal Data We Collect

We collect and process the following categories of personal data:

4.1 Account and Identity Data

When an Organisation creates an account and adds users, we collect:

  • Full name
  • Email address
  • Job title and department
  • Role within the platform (Manager / Admin or Employee)
  • Reporting relationships and organisational hierarchy

4.2 Operational and Content Data

As users interact with the Platform, the following data is created and stored:

  • Tasks — titles, descriptions, due dates, priorities, assigned personnel, subtasks, progress status, and comments
  • Meetings — titles, dates, times, durations, participant lists, meeting types (online/offline), and links
  • Minutes of Meeting (MOM) — summaries, discussion points, decisions, and action items derived from meetings
  • Team and department information — department names, codes, leads, member lists, and sub-team structures
  • Checklist items — personal to-do entries created by individual users
  • Notifications — records of alerts, reminders, and activity updates delivered to users

4.3 Technical and Usage Data

We automatically collect certain technical data to operate and improve our Services:

  • IP address and device type
  • Browser type and operating system
  • Session activity — login times, feature usage, and navigation patterns
  • System logs for error tracking and security monitoring

4.4 Communication Data

When users communicate through the Platform — via task comments or notifications — the content and metadata of those communications are stored as part of the operational record.

5

How We Use Your Personal Data

We use the personal data we collect for the following purposes:

5.1 Providing and Operating the Platform

  • Creating and managing user accounts
  • Enabling task assignment, tracking, and approval workflows
  • Facilitating meeting scheduling, MOM creation, and operational documentation
  • Managing teams, departments, and hierarchical structures
  • Delivering dashboard overviews, activity feeds, and timeline tracking

5.2 Notifications and Communications

  • Sending email and in-platform notifications for task assignments, meeting invitations, reminders, and overdue alerts
  • Delivering operational updates relevant to a user's role and responsibilities
  • Sending transactional communications necessary for service operations (e.g., account setup, password resets)

5.3 Accountability and Governance

  • Maintaining audit trails of decisions, task assignments, and execution progress
  • Supporting managerial oversight through dashboards and reporting
  • Enabling the Responsible/Accountable task model to function as designed

5.4 Platform Improvement

  • Analysing aggregated and anonymised usage data to improve features and performance
  • Identifying and resolving technical issues and security vulnerabilities

5.5 Legal and Compliance Obligations

  • Complying with applicable laws, regulations, and lawful requests from authorities
  • Defending our legal rights and the rights of our users where necessary
6

Data Storage and Hosting

OrdoDesk hosts all data on its own self-managed servers. We do not use third-party cloud hosting infrastructure (such as AWS, Google Cloud, or Azure) for primary data storage. All servers are maintained and secured directly by Mikestudio.

We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include access controls, encryption in transit (HTTPS/TLS), and internal security policies governing data handling.

In the event of a data breach that affects personal data, we will notify affected Organisations and relevant regulatory authorities as required by applicable law.

7

Third-Party Service Providers

To deliver certain features of the Platform, we engage the following third-party service providers ("Sub-Processors"):

7.1 Agora (Meeting Infrastructure)

OrdoDesk uses Agora to power real-time online meeting functionality within the Platform. When online meetings are conducted, meeting session data (such as participant identifiers and session metadata) may be processed by Agora under its own privacy policy.

7.2 Brevo (Email Delivery)

OrdoDesk uses Brevo to deliver email notifications to users — including task assignment notifications, meeting invitations, and operational reminders. Email addresses and notification content are shared with Brevo solely for the purpose of delivering these communications.

We do not currently use third-party AI service providers for any data processing. If AI features are introduced in the future, this policy will be updated accordingly, and Organisations will be notified in advance.
8

How We Share Personal Data

We do not sell, rent, or trade personal data. We share personal data only in the following limited circumstances:

8.1 Within the Organisation

Personal data is shared within the user's Organisation as required for the Platform to function. For example:

  • Managers can view task assignments, progress, and completion status of their team members
  • Meeting participants can access meeting details and MOMs for meetings they were invited to
  • Organisational administrators can view team structures, department data, and activity timelines

8.2 With Sub-Processors

As described in Section 7, we share limited data with Agora and Brevo solely for the purpose of delivering the Platform's features. These providers are contractually bound to use personal data only as instructed.

8.3 Legal Requirements

We may disclose personal data if required to do so by law or in the good-faith belief that such action is necessary to comply with a legal obligation, protect the safety of users, or investigate fraud.

8.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity. Organisations will be notified of any such change.

9

Data Access and Role-Based Visibility

  • Employees can only view tasks assigned to them, meetings they are invited to, and their own checklist items
  • Managers and Admins can view tasks, meetings, MOMs, and team data within their organisational scope
  • Meeting details and MOM content are only accessible to invited participants
  • Organisational administrators have broader visibility for operational oversight, including dashboards and activity timelines

Mikestudio personnel do not access the content of organisational data except where strictly necessary for technical support or security purposes.

10

Data Retention

We retain personal data for as long as an Organisation's account remains active. Upon account termination:

  • All organisational data — user accounts, tasks, meetings, MOMs, team data — will be permanently deleted
  • Deletion will be carried out in accordance with our internal data removal procedures
  • Residual data in encrypted backup systems will be purged in accordance with our backup rotation schedule

Users or Organisations may request data deletion at any time by contacting ordodeskadmin@gmail.com.

We do not retain personal data for marketing or commercial profiling purposes.
11

Your Rights Regarding Personal Data

  • Right of Access — request a copy of the personal data we hold about you
  • Right to Correction — request correction of inaccurate or incomplete personal data
  • Right to Deletion — request deletion of your personal data, subject to legal retention requirements
  • Right to Restriction — request that we restrict processing of your personal data in certain circumstances
  • Right to Data Portability — request a structured, machine-readable copy of your data where technically feasible

To exercise any of these rights, contact us at ordodeskadmin@gmail.com. We will respond within a reasonable timeframe as required by applicable law.

12

Children's Privacy

OrdoDesk is a professional business platform intended solely for organisations and their employees. We do not knowingly collect personal data from individuals under the age of 18. If you have knowledge of such usage, please notify us at ordodeskadmin@gmail.com.

13

Cookies and Tracking Technologies

OrdoDesk uses cookies and similar technologies to maintain user sessions, remember preferences, and analyse Platform usage. These are functional and operational cookies necessary for the Platform to work correctly.

We do not use tracking cookies for advertising, behavioural profiling, or third-party marketing purposes.

14

Artificial Intelligence Features

OrdoDesk currently offers limited AI-assisted features that operate on data already present within the Platform. We do not share organisational or personal data with external AI service providers for these features.

Where any future AI features involve sharing data with third-party providers, we will update this Privacy Policy and notify Organisations in advance with the option to enable or disable such features.

15

Data Security

  • Encrypted data transmission using HTTPS/TLS for all Platform communications
  • Access controls and role-based permissions to restrict data access to authorised users only
  • Internal security policies governing how personnel interact with organisational data
  • Regular monitoring of systems for unauthorised access or anomalous activity

We encourage Organisations to maintain strong password practices and to report any suspected security incidents to ordodeskadmin@gmail.com.

16

Third-Party Websites and Integrations

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those external sites. This Privacy Policy applies solely to data processed by OrdoDesk.

17

International Users

OrdoDesk is incorporated and operated in India and is primarily governed by applicable Indian data protection laws, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023 (DPDPA).

If your Organisation is based outside India, please be aware that your data will be processed in India. By using the Platform, your Organisation consents to such processing.

18

Organisation Responsibilities

Organisations acting as data controllers are responsible for:

  • Informing their employees about this Privacy Policy and the use of OrdoDesk
  • Ensuring they have the appropriate legal basis to provide employee data to the Platform
  • Managing user access, including adding and removing users in a timely manner
  • Complying with applicable data protection laws in their own jurisdiction
19

Changes to This Privacy Policy

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this document
  • Notify Organisations via email or a prominent notice within the Platform
  • Provide a reasonable period of advance notice before material changes take effect

Continued use of the Platform after the effective date constitutes acceptance of the revised terms.

20

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

Privacy Team — OrdoDesk by Mikestudio

This Privacy Policy is effective as of May 2026 and supersedes all prior versions.
© 2026 Mikestudio. All rights reserved. OrdoDesk is a product of Mikestudio.